"Silent Runners.vbs", revision 69, http://www.silentrunners.org/ Operating System: Microsoft Windows 7 Ultimate (64-bit) Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS] swg = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} Linksys Wireless Manager = "C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033 [Cisco Systems, Inc.] egui = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [ESET] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} RegRun WinBait = C:\Windows\winbait.exe [null data] @RegRunOnSecure = C:\PROGRA~2\Greatis\REGRUN~1\OnSecure.exe [Greatis Software] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM…CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation] -> {HKLM…Wow…CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM…CLSID} = \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM…CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] -> {HKLM…Wow…CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM…CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS] -> {HKLM…Wow…CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM…CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] -> {HKLM…Wow…CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM…Wow…CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated] {3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = RealNetworks Download and Record Plugin for Internet Explorer \InProcServer32\(Default) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [RealDownloader] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = Spybot-S&D IE Protection \InProcServer32\(Default) = C:\PROGRA~2\SPYBOT~1\SDHelper.dll [Safer Networking Limited] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM…CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation] -> {HKLM…Wow…CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM…CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] -> {HKLM…Wow…CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM…CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS] -> {HKLM…Wow…CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM…CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] -> {HKLM…Wow…CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM…CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM…CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM…CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM…CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext -> {HKLM…CLSID} = Enterprise Projects \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS] {B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = PowerISO -> {HKLM…CLSID} = PowerISO \InProcServer32\(Default) = C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [Power Software Ltd] {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} = Revo Uninstaller Pro Extension -> {HKLM…CLSID} = RUShellExt Class \InProcServer32\(Default) = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [VS Revo Group] {B98A2BEA-7D42-4558-8BD1-832F41BAC6FD} = (no title provided) -> {HKLM…CLSID} = Backup And Restore \InProcServer32\(Default) = C:\Windows\System32\shdocvw.dll [MS] {F3F5824C-AD58-4728-AF59-A1EBE3392799} = StickyNotes Namespace -> {HKLM…CLSID} = Sticky Notes Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Windows\system32\SNTSearch.dll [MS] {23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM…CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM…CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {B089FE88-FB52-11D3-BDF1-0050DA34150D} = ESET Smart Security - Context Menu Shell Extension -> {HKLM…CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\shellExt.dll [ESET] {5F327514-6C5E-4d60-8F16-D07FA08A78ED} = Auto Update Property Sheet Extension -> {HKLM…CLSID} = Auto Update Property Sheet Extension \InProcServer32\(Default) = C:\Windows\system32\wuaucpl.cpl [file not found] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM…Wow…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM…Wow…CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM…Wow…CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM…Wow…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler -> {HKLM…Wow…CLSID} = Microsoft Outlook \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\Office14\MLSHEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM…Wow…CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS] {72923739-5A47-40A3-9895-25AF0DFBB9E4} = Glary Utilities Context Menu Shell Extension -> {HKLM…Wow…CLSID} = Glary Utilities Context Menu Shell Extension \InProcServer32\(Default) = C:\PROGRA~2\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd] {B089FE88-FB52-11D3-BDF1-0050DA34150D} = ESET Smart Security - Context Menu Shell Extension -> {HKLM…Wow…CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\x86\shellExt.dll [ESET] {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player -> {HKLM…Wow…CLSID} = RealOne Player Context Menu Class \InProcServer32\(Default) = C:\Program Files (x86)\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <> BootExecute = autocheck autochk *|Partizan [Greatis Software] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945} -> {HKLM…CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> pure-go\CLSID = {4746C79A-2042-4332-8650-48966E44ABA8} -> {HKLM…CLSID} = CPureGoProtoInfo Object \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [Cisco Systems, Inc.] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] ESET Smart Security - Context Menu Shell Extension\(Default) = {B089FE88-FB52-11D3-BDF1-0050DA34150D} -> {HKLM…CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\shellExt.dll [ESET] -> {HKLM…Wow…CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\x86\shellExt.dll [ESET] Glary Utilities\(Default) = {72923739-5A47-40A3-9895-25AF0DFBB9E4} -> {HKLM…Wow…CLSID} = Glary Utilities Context Menu Shell Extension \InProcServer32\(Default) = C:\PROGRA~2\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd] PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE} -> {HKLM…CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [null data] -> {HKLM…Wow…CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.dll [Apple Inc.] PowerISO\(Default) = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} -> {HKLM…CLSID} = PowerISO \InProcServer32\(Default) = C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [Power Software Ltd] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…Wow…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu -> {HKLM…CLSID} = SASContextMenu Class \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL [SUPERAntiSpyware.com] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM…CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] PowerISO\(Default) = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} -> {HKLM…CLSID} = PowerISO \InProcServer32\(Default) = C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [Power Software Ltd] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…Wow…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu -> {HKLM…CLSID} = SASContextMenu Class \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL [SUPERAntiSpyware.com] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…Wow…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM…CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] Windows Switcher\(Default) = {3080F90E-D7AD-11D9-BD98-0000947B0257} -> {HKLM…CLSID} = Window Switcher \InProcServer32\(Default) = C:\Windows\System32\shdocvw.dll [MS] -> {HKLM…Wow…CLSID} = Window Switcher \InProcServer32\(Default) = C:\Windows\System32\shdocvw.dll [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM…Wow…CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ ESET Smart Security - Context Menu Shell Extension\(Default) = {B089FE88-FB52-11D3-BDF1-0050DA34150D} -> {HKLM…CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\shellExt.dll [ESET] -> {HKLM…Wow…CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\x86\shellExt.dll [ESET] Glary Utilities\(Default) = {72923739-5A47-40A3-9895-25AF0DFBB9E4} -> {HKLM…Wow…CLSID} = Glary Utilities Context Menu Shell Extension \InProcServer32\(Default) = C:\PROGRA~2\GLARYU~1\CONTEX~1.DLL [Glarysoft Ltd] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM…CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] PowerISO\(Default) = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} -> {HKLM…CLSID} = PowerISO \InProcServer32\(Default) = C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [Power Software Ltd] RUShellExt\(Default) = {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} -> {HKLM…CLSID} = RUShellExt Class \InProcServer32\(Default) = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [VS Revo Group] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…Wow…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…Wow…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ ClassicShell = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Enable Classic Shell / Turn on Classic Shell} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000002 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\WayneAdams\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Windows\system32\Bubbles.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MSEnhancedStorageHandler\ Provider = Authorize to the disk access ProgID = EhStorShell.AutoplayHandler InitCmdLine = Authorize HKLM\SOFTWARE\Classes\EhStorShell.AutoplayHandler\CLSID\(Default) = {36F54939-CD3B-4C73-92D5-F9A389ED631C} -> {HKLM…CLSID} = Enhanced Storage Autoplay Handler Class \InProcServer32\(Default) = C:\Windows\system32\EhStorShell.dll [MS] MSPlayBluRayOnArrival\ Provider = Windows Media Player InvokeProgID = WMP.BD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.BD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:12 /Play "%L\BDMV\index.bdmv" [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] MSWPDShellNamespaceHandler\ Provider = @%SystemRoot%\system32\wpdshext.dll,-501 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] RPCDBurningOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.CDBurn.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /burn "%1" [RealNetworks, Inc.] RPDVDBurningOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.DVDBurn.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /burndvd "%1" [RealNetworks, Inc.] RPPlayCDAudioOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.AudioCD.6 InvokeVerb = play HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /play %1 [RealNetworks, Inc.] RPPlayDVDMovieOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.DVD.6 InvokeVerb = play HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /dvd %1 [RealNetworks, Inc.] RPPlayMediaOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.AutoPlay.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" /autoplay "%1" [RealNetworks, Inc.] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] WIA_{DE9DA069-B433-4BF6-B62A-29FA75994B72}\ Provider = Microsoft Word CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE /IMG_WIA; -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]