مشكلة ملفات الوورد الموجودة على سطح المكتب لاتفتح معاي !

و

ولد الناس

زيزوومي نشيط
إنضم
22 أغسطس 2009
المشاركات
148
مستوى التفاعل
42
النقاط
180
غير متصل
الأساتذة الأكارم خبراء زيزووم الموقرين
السلام عليكم ورحمة الله وبركاته
أحفظ العديد من ملفات الوورد على سطح المكتب
وعندما أريد الرجوع لتلك الملفات وأرغب في فتحها لاتفتح معاي
إلا كما في الصورة المرفقة


# المشكلة الأخرى :
التحديثات لايتم تثبيتها ففي كل مرة أغلق الجهاز يتم تثبيت التحديثات
وعند إعادة التشغيل تظهر نفس التحديثات من جديد .
آمل منكم التكرم مشكورين بمساعدتي في حل هذه المشكلة
ولكم مني جزيل الشكر وعظيم التقدير وصادق الدعاء
 

المرفقات

  • 457.webp
    457.webp
    20.1 KB · المشاهدات: 10
ترتيب حسب التاريخ ترتيب حسب الأصوات
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:47:58 م, on 19/11/15
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18098)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
C:\Program Files (x86)\DFX\DFX.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: مساعد تسجيل الدخول إلى معرف Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [ZALFree] "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
O4 - HKLM\..\Run: [DFX] C:\Program Files (x86)\DFX\DFX.exe -startup
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~2\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{961F4BC7-5969-41B6-A4D9-AC38A5172A95}: NameServer = 87.216.170.8,185.16.40.143
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: خدمة Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13027 bytes
 
تأييد 0
"Silent Runners.vbs", revision 61,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Operating System: Windows 7 SP1
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Update Service" = "C:\PROGRA~2\COMMON~1\TEKNUM~1\update.exe /startup" ["Teknum Systems AS"]
"SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware"]
"Device Detector" = "DevDetect.exe -autorun" ["ACD Systems"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MDS_Menu" = ""C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"" ["CyberLink Corp."]
"RemoteControl9" = ""C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"" ["CyberLink Corp."]
"PDVD9LanguageShortcut" = ""C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"" ["CyberLink Corp."]
"UpdateLBPShortCut" = ""C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"" ["CyberLink Corp."]
"UpdateP2GoShortCut" = ""C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"" ["CyberLink Corp."]
"StartCCC" = ""C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun" ["Advanced Micro Devices, Inc."]
"NUSB3MON" = ""C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"" ["NEC Electronics Corporation"]
"HControlUser" = "C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe" ["ASUS"]
"ATKOSD2" = "C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" ["ASUS"]
"ATKMEDIA" = "C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe" ["ASUS"]
"Adobe ARM" = ""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"]
"ASUSWebStorage" = "C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S" [null data]
"ZALFree" = ""C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED" ["Zemana Ltd."]
"DFX" = "C:\Program Files (x86)\DFX\DFX.exe -startup" [null data]
"AvastUI.exe" = ""C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui" ["AVAST Software"]
"KeyScrambler" = "C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a" ["QFX Software Corporation"]
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{8A69D345-D564-463c-AFF1-A69D9E530F96}\(Default) = "Google Chrome"
\StubPath = ""C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome" ["Google Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = "avast! Online Security"
-> {HKLM...CLSID} = "avast! Online Security"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll" ["AVAST Software"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "مساعد تسجيل الدخول إلى معرف Windows Live"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Messenger Companion Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Companion\companioncore.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" ["Alexander Roshal"]
"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{A0752120-6D75-D111-B5B1-0800095A2318}" = "HandyBits EasyCrypto Shell Extensions"
-> {HKLM...CLSID} = "EasyCrypto Shell Extension"
\InProcServer32\(Default) = "C:\Windows\SysWow64\tsseCryp.dll" [null data]
"{0C0F74CC-F421-48E5-8C6F-BCD0D7CA141D}" = "Androsa FileProtector"
-> {HKLM...CLSID} = "Androsa FileProtector"
\InProcServer32\(Default) = "C:\PROGRA~2\ANDROS~1\ANDROS~1\tools\ShExt.dll" ["AndrosaSoft©"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShell.dll" ["AVAST Software"]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL" ["Zemana Ltd."]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Userinit" = "userinit.exe," [MS]
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> ("livessp" [MS]) "Security Packages" = "kerberos"|"msv1_0"|"schannel"|"wdigest"|"tspkg"|"pku2u"|"livessp"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{503739d0-4c5e-4cfd-b3ba-d881334f0df2}\(Default) = "VaultCredProvider"
-> {HKLM...CLSID} = "VaultCredProvider"
\InProcServer32\(Default) = "C:\Windows\System32\VaultCredProvider.dll" [file not found]
{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = "WLIDCredentialProvider"
-> {HKLM...CLSID} = "WLIDCredentialProvider"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDCredProv.DLL" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<<!>> about\CLSID = "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML About Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
<<!>> cdl\CLSID = "{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
-> {HKLM...CLSID} = "CDL: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> dvd\CLSID = "{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
-> {HKLM...CLSID} = "DVD: Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\msvidctl.dll" [MS]
<<!>> file\CLSID = "{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "file:, local: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> ftp\CLSID = "{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "ftp: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> http\CLSID = "{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "http: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> https\CLSID = "{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "https: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> javascript\CLSID = "{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Javascript Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
<<!>> local\CLSID = "{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "file:, local: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> mailto\CLSID = "{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Mailto Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
<<!>> mk\CLSID = "{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "mk: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll" [MS]
<<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1}"
-> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS]
<<!>> mso-offdap11\CLSID = "{32505114-5902-49B2-880A-1F7738E5A384}"
-> {HKLM...CLSID} = "Data Page Plugable Protocal mso-offdap11 Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL" [MS]
<<!>> res\CLSID = "{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Resource Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
<<!>> tv\CLSID = "{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
-> {HKLM...CLSID} = "TV: Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\msvidctl.dll" [MS]
<<!>> vbscript\CLSID = "{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Javascript Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
<<!>> wlmailhtml\CLSID = "{03C514A3-1EFB-4856-9F99-10D7BE1653C0}"
-> {HKLM...CLSID} = "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll" [MS]
<<!>> wlpg\CLSID = "{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}"
-> {HKLM...CLSID} = "Album Download IE Asynchronous Pluggable Protocol Interface"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll" [MS]
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
DropboxExt\(Default) = "{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}"
-> {HKCU...CLSID} = "ContextMenuHandler Class"
\InProcServer32\(Default) = "C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll" ["Dropbox, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Androsa FileProtector\(Default) = "{0C0F74CC-F421-48E5-8C6F-BCD0D7CA141D}"
-> {HKLM...CLSID} = "Androsa FileProtector"
\InProcServer32\(Default) = "C:\PROGRA~2\ANDROS~1\ANDROS~1\tools\ShExt.dll" ["AndrosaSoft©"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShell.dll" ["AVAST Software"]
EasyCryptoMenu\(Default) = "{A0752120-6D75-D111-B5B1-0800095A2318}"
-> {HKLM...CLSID} = "EasyCrypto Shell Extension"
\InProcServer32\(Default) = "C:\Windows\SysWow64\tsseCryp.dll" [null data]
SharedMenuHandler\(Default) = "{916F1ADF-2F02-46C2-B7D2-310468390750}"
-> {HKLM...CLSID} = "Shared Shell Menu Handler"
\InProcServer32\(Default) = "ssmenu.dll" [** WMI GetObject error **]
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
00avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShell.dll" ["AVAST Software"]
HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\
DropboxExt\(Default) = "{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}"
-> {HKCU...CLSID} = "ContextMenuHandler Class"
\InProcServer32\(Default) = "C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll" ["Dropbox, Inc."]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
Androsa FileProtector\(Default) = "{0C0F74CC-F421-48E5-8C6F-BCD0D7CA141D}"
-> {HKLM...CLSID} = "Androsa FileProtector"
\InProcServer32\(Default) = "C:\PROGRA~2\ANDROS~1\ANDROS~1\tools\ShExt.dll" ["AndrosaSoft©"]
EasyCryptoMenu\(Default) = "{A0752120-6D75-D111-B5B1-0800095A2318}"
-> {HKLM...CLSID} = "EasyCrypto Shell Extension"
\InProcServer32\(Default) = "C:\Windows\SysWow64\tsseCryp.dll" [null data]
SharedMenuHandler\(Default) = "{916F1ADF-2F02-46C2-B7D2-310468390750}"
-> {HKLM...CLSID} = "Shared Shell Menu Handler"
\InProcServer32\(Default) = "ssmenu.dll" [** WMI GetObject error **]
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" ["Alexander Roshal"]
HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
DropboxExt\(Default) = "{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}"
-> {HKCU...CLSID} = "ContextMenuHandler Class"
\InProcServer32\(Default) = "C:\Users\x\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll" ["Dropbox, Inc."]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShell.dll" ["AVAST Software"]
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" ["Alexander Roshal"]

Default executables:
--------------------
HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"
<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoActiveDesktop" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"SoftwareSASGeneration" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
ACDSee110ImportPicturesOnArrival\
"Provider" = "ACDSee Photo Manager 2009"
"InvokeProgID" = "ACDSee 11.0.AutoPlayHandlerImport"
"InvokeVerb" = "Import"
HKLM\SOFTWARE\Classes\ACDSee 11.0.AutoPlayHandlerImport\shell\Import\command\(Default) = ""C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" /detect:%1" ["ACD Systems"]
ACDSee110ImportVideoFilesOnArrival\
"Provider" = "ACDSee Photo Manager 2009"
"InvokeProgID" = "ACDSee 11.0.AutoPlayHandlerImport"
"InvokeVerb" = "Import"
HKLM\SOFTWARE\Classes\ACDSee 11.0.AutoPlayHandlerImport\shell\Import\command\(Default) = ""C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" /detect:%1" ["ACD Systems"]
ACDSee110PlayVideoFilesOnArrival\
"Provider" = "ACDSee Photo Manager 2009"
"InvokeProgID" = "ACDSee 11.0.AutoPlayHandler"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\ACDSee 11.0.AutoPlayHandler\shell\Open\command\(Default) = ""C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1"" ["ACD Systems"]
ACDSee110ShowPicturesOnArrival\
"Provider" = "ACDSee Photo Manager 2009"
"InvokeProgID" = "ACDSee 11.0.AutoPlayHandler"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\ACDSee 11.0.AutoPlayHandler\shell\Open\command\(Default) = ""C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1"" ["ACD Systems"]
ASHAshampoo_Burning_Studio_FREEBURNONARRIVAL\
"Provider" = "Ashampoo Burning Studio FREE"
"InvokeProgID" = "Ashampoo.BurningStudio.FREE"
"InvokeVerb" = "autoplay-burn"
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio.FREE\shell\autoplay-burn\Command\(Default) = ""C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio FREE\burningstudio.exe" -autoplay -selectdrive "%l"" ["Ashampoo"]
ASHAshampoo_Burning_Studio_FREECOPYONARRIVAL\
"Provider" = "Ashampoo Burning Studio FREE"
"InvokeProgID" = "Ashampoo.BurningStudio.FREE"
"InvokeVerb" = "autoplay-copy"
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio.FREE\shell\autoplay-copy\Command\(Default) = ""C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio FREE\burningstudio.exe" -autoplay -selectdrive "%l" -copy" ["Ashampoo"]
ASHAshampoo_Burning_Studio_FREERIPONARRIVAL\
"Provider" = "Ashampoo Burning Studio FREE"
"InvokeProgID" = "Ashampoo.BurningStudio.FREE"
"InvokeVerb" = "autoplay-rip"
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio.FREE\shell\autoplay-rip\Command\(Default) = ""C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio FREE\burningstudio.exe" -autoplay -selectdrive "%l" -rip" ["Ashampoo"]
MPCPlayBluRayOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayBlurayMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = ""C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %L\BDMV\INDEX.BDMV" ["MPC-HC Team"]
MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd" ["MPC-HC Team"]
MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd" ["MPC-HC Team"]
MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["MPC-HC Team"]
MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["MPC-HC Team"]
MSLivePhotoAcqHWEventHandler\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]
MSLivePhotoAcquireDropHandler\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
MSLiveShowPicturesOnArrival\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
MSLiveVideoCameraArrivalCaptureWizard\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler"
"InitCmdLine" = "WLXVideoAcquireWizard"
HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}"
-> {HKLM...CLSID} = "WLXWEventHandler Class"
\LocalServer32\(Default) = ""C:\Program Files (x86)\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]
P2GCDBurningOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "BlankCD"
"InvokeVerb" = "OpenWithPower2Go"
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L"" ["CyberLink Corp."]
P2GDVDBurningOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "BlankDVD"
"InvokeVerb" = "OpenWithPower2Go"
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L"" ["CyberLink Corp."]
PDVD9PlayCDAudioOnArrival\
"Provider" = "PowerDVD 9"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPowerDVD9"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD9\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]
PDVD9PlayDVDMovieOnArrival\
"Provider" = "PowerDVD 9"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD9"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD9\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]
PDVD9PlaySVCDOnArrival\
"Provider" = "PowerDVD 9"
"InvokeProgID" = "SVCD"
"InvokeVerb" = "PlayWithPowerDVD9"
HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD9\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]
PDVD9PlayVCDMovieOnArrival\
"Provider" = "PowerDVD 9"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithPowerDVD9"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD9\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]
Power2GoPlayCDAudioOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPower2Go"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = ""C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L"" ["CyberLink Corp."]
PStarterBlankCDArrival\
"Provider" = "ASUS Video Magic"
"InvokeProgID" = "BlankCD"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]
PStarterDVDBurningOnArrival\
"Provider" = "ASUS Video Magic"
"InvokeProgID" = "BlankDVD"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]
PStarterMixedCDArrival\
"Provider" = "ASUS Video Magic"
"InvokeProgID" = "MixedContent"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]
PStarterMusicFilesArrival\
"Provider" = "ASUS Video Magic"
"InvokeProgID" = "MusicFiles"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]
PStarterPicturesArrival\
"Provider" = "ASUS Video Magic"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]
PStarterVideoFilesArrival\
"Provider" = "ASUS Video Magic"
"InvokeProgID" = "VideoFiles"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]
WIA_{6F7E27F4-ACE5-4337-BC7A-38E47773C0E1}\
"Provider" = "Photoshop"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Users\x\AppData\Local\Temp\RarSFX2\Adobe Photoshop CS4\Photoshop.exe /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]
WIA_{CCED93E6-5C79-4F54-9B8B-786B2BC1EF70}\
"Provider" = "ACDSee Photo Manager 2009"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;start ACDSeeQV11.exe /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

Startup items in "x" & "All Users" startup folders:
---------------------------------------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Bluetooth" -> shortcut to: "C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe" [file not found]
"McAfee Security Scan Plus" -> shortcut to: "C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe" ["McAfee, Inc."]
"SRS Premium Sound" -> shortcut to: "C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h" ["Acresso Software Inc."]

Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]
000000000008\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000009\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&بحث"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{0000036B-C524-4050-81A0-243669A86B9F}\
"ButtonText" = "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600"
"CLSIDExtension" = "{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3}"
-> {HKLM...CLSID} = "Windows Live Messenger Companion Command Bar Button"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Companion\companioncore.dll" [MS]
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
"ButtonText" = "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004"
"MenuText" = "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003"
"CLSIDExtension" = "{5F7B1267-94A9-47F5-98DB-E99415F33AEC}"
-> {HKLM...CLSID} = "BlogThisToolbarButton Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll" [MS]
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "إرسال إلى OneNote"
"MenuText" = "إر&سال إلى OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
"ButtonText" = "ملاحظات OneNote الم&رتبطة"
"MenuText" = "ملاحظات OneNote الم&رتبطة"
"CLSIDExtension" = "{FFFDC614-B694-4AE6-AB38-5D6374584B52}"
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "بحث"

Miscellaneous IE Hijack Points
------------------------------
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "InPrivate" = "res://ieframe.dll/inprivate_win7.htm" [MS]
<<H>> "Tabs" = "about:newtab" [file not found]

HOSTS file
----------
C:\Windows\System32\drivers\etc\HOSTS
maps: 1 domain name to an IP address,
1 of the IP addresses is *not* localhost!

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Adobe Acrobat Update Service, AdobeARMservice, ""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"" ["Adobe Systems Incorporated"]
AFBAgent, AFBAgent, ""C:\Windows\system32\FBAgent.exe"" [file not found]
AMD External Events Utility, AMD External Events Utility, "C:\Windows\system32\atiesrxx.exe" [file not found]
Application Experience, AeLookupSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\aelupsvc.dll" [file not found]}
Application Information, Appinfo, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\appinfo.dll" [file not found]}
ASLDR Service, ASLDRService, "C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe" ["ASUS"]
ATKGFNEX Service, ATKGFNEXSrv, "C:\Program Files\ATKGFNEX\GFNEXSrv.exe" [null data]
Avast Antivirus, avast! Antivirus, ""C:\Program Files\AVAST Software\Avast\AvastSvc.exe"" ["AVAST Software"]
Avast Firewall, avast! Firewall, ""C:\Program Files\AVAST Software\Avast\afwServ.exe"" ["AVAST Software"]
Background Intelligent Transfer Service, BITS, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\qmgr.dll" [file not found]}
Base Filtering Engine, BFE, "C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\System32\bfe.dll" [file not found]}
Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe" ["Broadcom Corporation."]
Bluetooth Support Service, bthserv, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\system32\bthserv.dll" [file not found]}
Canon Inkjet Printer/Scanner/Fax Extended Survey Program, IJPLMSVC, "C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE" [null data]
CNG Key Isolation, KeyIso, "C:\Windows\system32\lsass.exe" [file not found]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"" [empty string]
DCOM Server Process Launcher, DcomLaunch, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\rpcss.dll" [file not found]}
Desktop Window Manager Session Manager, UxSms, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\uxsms.dll" [file not found]}
Diagnostic Policy Service, DPS, "C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\system32\dps.dll" [file not found]}
Diagnostics Tracking Service, DiagTrack, "C:\Windows\System32\svchost.exe -k utcsvc" {"C:\Windows\system32\diagtrack.dll" [file not found]}
Distributed Link Tracking Client, TrkWks, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\trkwks.dll" [file not found]}
Extensible Authentication Protocol, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [file not found]}
Group Policy Client, gpsvc, "C:\Windows\system32\svchost.exe -k GPSvcGroup" {"C:\Windows\System32\gpsvc.dll" [file not found]}
IP Helper, iphlpsvc, "C:\Windows\System32\svchost.exe -k NetSvcs" {"C:\Windows\System32\iphlpsvc.dll" [file not found]}
MBAMScheduler, MBAMScheduler, ""C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"" ["Malwarebytes"]
MBAMService, MBAMService, ""C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"" ["Malwarebytes"]
Multimedia Class Scheduler, MMCSS, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\mmcss.dll" [file not found]}
Network Connections, Netman, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\netman.dll" [file not found]}
Network Location Awareness, NlaSvc, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\System32\nlasvc.dll" [file not found]}
Network Store Interface Service, nsi, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\nsisvc.dll" [file not found]}
Plug and Play, PlugPlay, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\umpnpmgr.dll" [file not found]}
Portable Device Enumerator Service, WPDBusEnum, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\wpdbusenum.dll" [file not found]}
Power, Power, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\umpo.dll" [file not found]}
Print Spooler, Spooler, "C:\Windows\System32\spoolsv.exe" [file not found]
Program Compatibility Assistant Service, PcaSvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\pcasvc.dll" [file not found]}
Remote Access Connection Manager, RasMan, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\rasmans.dll" [file not found]}
Remote Procedure Call (RPC), RpcSs, "C:\Windows\system32\svchost.exe -k rpcss" {"C:\Windows\system32\rpcss.dll" [file not found]}
RPC Endpoint Mapper, RpcEptMapper, "C:\Windows\system32\svchost.exe -k RPCSS" {"C:\Windows\System32\RpcEpMap.dll" [file not found]}
SAS Core Service, !SASCORE, ""C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"" ["SUPERAntiSpyware.com"]
Secure Socket Tunneling Protocol Service, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [file not found]}
Security Accounts Manager, SamSs, "C:\Windows\system32\lsass.exe" [file not found]
Security Center, wscsvc, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wscsvc.dll" [file not found]}
Superfetch, SysMain, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\sysmain.dll" [file not found]}
Task Scheduler, Schedule, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\schedsvc.dll" [file not found]}
TCP/IP NetBIOS Helper, lmhosts, "C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\lmhsvc.dll" [file not found]}
Themes, Themes, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\system32\themeservice.dll" [file not found]}
User Profile Service, ProfSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\profsvc.dll" [file not found]}
Windows Audio, AudioSrv, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\Audiosrv.dll" [file not found]}
Windows Audio Endpoint Builder, AudioEndpointBuilder, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\Audiosrv.dll" [file not found]}
Windows Defender, WinDefend, "C:\Windows\System32\svchost.exe -k secsvcs" {"C:\Program Files (x86)\Windows Defender\mpsvc.dll" [file not found]}
Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [file not found]}
Windows Event Log, eventlog, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wevtsvc.dll" [file not found]}
Windows Firewall, MpsSvc, "C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\system32\mpssvc.dll" [file not found]}
Windows Font Cache Service, FontCache, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\FntCache.dll" [file not found]}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [file not found]}
Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS]
Windows Management Instrumentation, Winmgmt, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\wbem\WMIsvc.dll" [file not found]}
Windows Update, wuauserv, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\wuaueng.dll" [file not found]}
WLAN AutoConfig, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [file not found]}
Workstation, LanmanWorkstation, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\System32\wkssvc.dll" [file not found]}

Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
<<!>> !SASCORE, (null value)
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> !SASCORE, (null value)

Keyboard Driver Filters:
------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<<!>> "UpperFilters" = <<!>> "keyscrambler" [file not found],<<!>> "keycrypt" [file not found],<<!>> "aswKbd" [file not found],<<!>> "kbdclass" [file not found]

Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor4\Driver = "CNBLM4.DLL" [file not found]
Canon BJ Language Monitor iP2700 series\Driver = "CNMLMA4.DLL" [file not found]
Canon BJ Language Monitor iP2800 series\Driver = "CNMLMC1.DLL" [file not found]
Local Port\Driver = "localspl.dll" [file not found]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [file not found]
Standard TCP/IP Port\Driver = "tcpmon.dll" [file not found]
USB Monitor\Driver = "usbmon.dll" [file not found]
WSD Port\Driver = "WSDMon.dll" [file not found]

---------- (launch time: 2015-11-19 18:52:55)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 46 seconds, including 9 seconds for message boxes)
 
تأييد 0
وعليكم السلام ورحمة الله هل عندك برنامج قارئ ملفات وورد ؟
جرب هذه الطريقة
وورد.webp


ربما كان الاصدار عندك قديم
لذي اوفيس 2012 حصلت عليه مرخص من الشركة مدى الحياة بسيريال أصلي لعلك تجربه هذا أولاً
-ثانيا ربما كنت معدل (افاست على الوضع المتشدد ! ) ان كان كذالك فعدله على الوضع الطبيعي
مع اني لا أحب "افاست" فهو متشدد وموسوس يسيئ الظن في برامج عديدة فيمنع فتحها حتى ان هذا البرنامج منعني فتح برامج تحويل ملفات PDF الى WORD حتى حذفته من جدوره
فأنصح بإزالته نهائياً وليس بتعطيله لمدة ساعة فقط بل ازالته وابدال آخر افضل منه افاست ويوجد افضل منه بكثير
وثالثا ليش مركب اكثر من برنامج مضاد سباي وير وتروجون مثل (Malwarebytes Anti-Malware) و (SUPERAntiSpyware) ! خلك على واحد من الاثنين واستعمل مضاد فيروسات واحد فقط وليكن غير هذا المضاد وجدار ناري واحد انت مشغل جدارين ! جدار ويندوز وجدار افاست اوقف احدهما
 
التعديل الأخير:
تأييد 0
koora قال:
وعليكم السلام ورحمة الله هل عندك برنامج قارئ ملفات وورد ؟
جرب هذه الطريقة
مشاهدة المرفق 102277

ربما كان الاصدار عندك قديم
لذي اوفيس 2012 حصلت عليه مرخص من الشركة مدى الحياة بسيريال أصلي لعلك تجربه هذا أولاً
-ثانيا ربما كنت معدل (افاست على الوضع المتشدد ! ) ان كان كذالك فعدله على الوضع الطبيعي
مع اني لا أحب "افاست" فهو متشدد وموسوس يسيئ الظن في برامج عديدة فيمنع فتحها حتى ان هذا البرنامج منعني فتح برامج تحويل ملفات PDF الى WORD حتى حذفته من جدوره
فأنصح بإزالته نهائياً وليس بتعطيله لمدة ساعة فقط بل ازالته وابدال آخر افضل منه افاست ويوجد افضل منه بكثير
وثالثا ليش مركب اكثر من برنامج مضاد سباي وير وتروجون مثل (Malwarebytes Anti-Malware) و (SUPERAntiSpyware) ! خلك على واحد من الاثنين واستعمل مضاد فيروسات واحد فقط وليكن غير هذا المضاد وجدار ناري واحد انت مشغل جدارين ! جدار ويندوز وجدار افاست اوقف احدهما
أنقر للتوسيع...


أخي الفاضل الأستاذ

بداية أتوجه لك بجزيل الشكر وعظيم التقدير وصادق الدعاء


على تكرمك وتفضلك بالرد


حملت برنامج قارئ الوورد لكنه لم يتنصب عندي


بالنسبة للورد عندي فهو فعلاً الإصدار القديم 2003 لأني استخدم معه

برنامج ماث تايب الخاص بالرموز الرياضية .


بالنسبة لأفاست لم أعمل أي تعديل عليه أستاذي الفاضل .


حاولت أحذف أحد البرنامجين المضادة :

(Malwarebytes Anti-Malware) و (SUPERAntiSpyware) !


لكني لم أعرف الوصول لهما .
 
تأييد 0
بارك الله فيك أخي ..لم افهم قصدك لاتستطيع الوصول اليهما هل تستطيع ازالة احدهما عن طريق لوحة التحكم ثم ازلة تثبيت البرامج ؟
ان كنت لاتستطيع سأرفع لك برنامج حدف البرامج من الجدور iobit uninstaller
 
تأييد 0
koora قال:
بارك الله فيك أخي ..لم افهم قصدك لاتستطيع الوصول اليهما هل تستطيع ازالة احدهما عن طريق لوحة التحكم ثم ازلة تثبيت البرامج ؟
ان كنت لاتستطيع سأرفع لك برنامج حدف البرامج من الجدور iobit uninstaller
أنقر للتوسيع...


شكر الله لك اهتماك أيها الفاضل الموقر

لقد تمت إزالة البرنامج SUPERAntiSpyware

رحم الله والديك وشرفك بمرافقتهم في الجنه
 
  • Like
التفاعلات: koora
تأييد 0
مشكلة فتح الوورد أستاذي الكريم لازالت قائمة

تحياتي وتقديري واحترامي وصادق امتناني لك
 
تأييد 0
طيب بارك الله فيك قم بإزالة مضاد الفيروسات AVAST
لان هذا البرنامج كما ذكرت لك موسوس ومسيئ للظن في البرامج فيمنع فتح عدة برامج ولاتنسى ايضاً
تحديث برامج التشغيل لديك عن طريق اداة تحديث البرامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

تحديث برامج التشغيل ضرورة لتحسين الجهاز
 
تأييد 0
ولد الناس قال:
مشكلة فتح الوورد أستاذي الكريم لازالت قائمة

تحياتي وتقديري واحترامي وصادق امتناني لك
أنقر للتوسيع...


افتح نافدة run

و اكتب الامر sfc /scannow

بالنسبة للتحديثات
Start / Control Panel / Security / Enable

ضع علامة Install updates automatically


و ستظهر نافذة بجانب الساعة تخبرك بوجود تحديثات جديد
اظغط عليها و تابع عملية تنصيب التحديثات

او مباشرة بعد غلاق الحاسوب سيقوم بتنصيب التحديثات
 
توقيع : الهمشري
تأييد 0
قم بإزالة اوفيس 2003 ونصب اوفيس 2012 لانه بسيريال أصلي موجود عندي وان كنت تريد اوفيس بإصدار آخر فلك ذالك والذي عندي مفتاح التسجيل له
اوفيس 2012 وهذا السيريال الى الابد من الشركة :-
office 2012
2W9NL-2PRRN-ZV5PY-QYFFA-AJJJJ
 
التعديل الأخير:
تأييد 0
koora قال:
طيب بارك الله فيك قم بإزالة مضاد الفيروسات AVAST
لان هذا البرنامج كما ذكرت لك موسوس ومسيئ للظن في البرامج فيمنع فتح عدة برامج ولاتنسى ايضاً
تحديث برامج التشغيل لديك عن طريق اداة تحديث البرامج
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

تحديث برامج التشغيل ضرورة لتحسين الجهاز
أنقر للتوسيع...


شكر الله لك جهودك واهتمامك أستاذي

قمت بحذف الأوفيس استاذي الفاضل

والمشكلة لازالت موجودة
 
تأييد 0
hamhariygood قال:
افتح نافدة run

و اكتب الامر sfc /scannow

بالنسبة للتحديثات
Start / Control Panel / Security / Enable

ضع علامة Install updates automatically


و ستظهر نافذة بجانب الساعة تخبرك بوجود تحديثات جديد
اظغط عليها و تابع عملية تنصيب التحديثات

او مباشرة بعد غلاق الحاسوب سيقوم بتنصيب التحديثات
أنقر للتوسيع...


أسأل الله في هذه الساعة المباركة

أن يرحم والديك وأن يكرمك بمرافقتهم في الجنة

قمت بعمل ماورد في مشاركتكم استاذي الفاضل

تحياتي وتقديري واحترامي لك
 
تأييد 0
koora قال:
قم بإزالة اوفيس 2003 ونصب اوفيس 2012 لانه بسيريال أصلي موجود عندي وان كنت تريد اوفيس بإصدار آخر فلك ذالك والذي عندي مفتاح التسجيل له
اوفيس 2012 وهذا السيريال :-
office 2012
2W9NL-2PRRN-ZV5PY-QYFFA-AJJJJ
أنقر للتوسيع...


الله يسعدك ويرحم والديك

ممكن تتكرم علي بوضع رابط التحميل

وسامحني لأن اتعبتك معاي
 
تأييد 0
وما هي الاخبار اخي هل تم الحل أم لا
 
توقيع : الهمشري
تأييد 0
الحمد لله وجدته أخيراً للتحميل
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

2W9NL-2PRRN-ZV5PY-QYFFA-AJJJJ
 
تأييد 0
ولد الناس قال:
الله يسعدك ويرحم والديك

ممكن تتكرم علي بوضع رابط التحميل

وسامحني لأن اتعبتك معاي
أنقر للتوسيع...

حصل معك شيئ مفيد أخي تم رفع اوفيس 2012
 
تأييد 0
الأساتذة الأفاضل


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



hamhariygood

أشكر لكم كريم اهتمامكم وجميل حرصكم على نفع إخوانكم


أبشركم والفضل لله أولاً ثم لكم بدون شك


فقد قمت بحذف الأوفيس 2003


ثم قمت بإعادة تنصيبه من جديد


وانتهت المشكلة ولله الحمد


اساتذتي الموقرين


مهما شكرتكم وأثنيت عليكم فلن أوفيكم حقكم


ولكني أسأل الله العظيم أن يبارك فيكم وأن يجزيكم عني خير الجزاء


وأن يوفقكم ويسدد على طريق الخير خطاكم


وأن يزيدكم من واسع فضله وعلمهوأن يحفظكم من كل سوء ومكروه

وتقبلوا صادق تحياتي وعظيم امتناني وشكري وتقديري
 
  • Like
التفاعلات: koora
تأييد 0
ولد الناس قال:
الأساتذة الأفاضل


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



hamhariygood

أشكر لكم كريم اهتمامكم وجميل حرصكم على نفع إخوانكم


أبشركم والفضل لله أولاً ثم لكم بدون شك


فقد قمت بحذف الأوفيس 2003


ثم قمت بإعادة تنصيبه من جديد


وانتهت المشكلة ولله الحمد


اساتذتي الموقرين


مهما شكرتكم وأثنيت عليكم فلن أوفيكم حقكم


ولكني أسأل الله العظيم أن يبارك فيكم وأن يجزيكم عني خير الجزاء


وأن يوفقكم ويسدد على طريق الخير خطاكم


وأن يزيدكم من واسع فضله وعلمهوأن يحفظكم من كل سوء ومكروه

وتقبلوا صادق تحياتي وعظيم امتناني وشكري وتقديري
أنقر للتوسيع...

الحمد لله ..لكن اليس اوفيس 2003 قديم جداً .
 
تأييد 0
لاتنسى استعمال هذه الأداة الرائعة
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
ستكشف لك برامج التشغيل القديمة بجهازك وتقدم لك الأحدث
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى