A"Silent Runners.vbs", revision 64,
http://www.silentrunners.org/
Operating System: Microsoft Windows 7 Home Premium Service Pack 1 (64-bit)
Output of all locations checked and all values found.
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Google Update = "C:\Users\Sad0r\AppData\Local\Google\Update\GoogleUpdate.exe" /c [Google Inc.]
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
ASUSPRP = "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [ASUSTek Computer Inc.]
ASUSWebStorage = C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S [null data]
USB3MON = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [Intel Corporation]
Wireless Console 3 = C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [ASUSTeK Computer Inc.]
ATKOSD2 = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [ASUSTek Computer Inc.]
ATKMEDIA = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [ASUSTek Computer Inc.]
HControlUser = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [ASUS]
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = Microsoft Windows Media Player
\StubPath = C:\Windows\system32\unregmp2.exe /ShowWMP [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = Microsoft Windows Media Player
\StubPath = C:\Windows\system32\unregmp2.exe /ShowWMP [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM…Wow…CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Norton Identity Protection
-> {HKLM…Wow…CLSID} = Norton Identity Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\coIEPlg.dll [Symantec Corporation]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = Norton Vulnerability Protection
-> {HKLM…Wow…CLSID} = Norton Vulnerability Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\IPS\IPSBHO.DLL [Symantec Corporation]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Bing Bar Helper
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" [Microsoft Corporation.]
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
AsusWSShellExt_B\(Default) = {6D4133E5-0742-4ADC-8A8C-9303440F7190}
-> {HKLM…CLSID} = AsusWSShellExt_B64 Class
\InProcServer32\(Default) = C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [eCareme Technologies, Inc.]
AsusWSShellExt_O\(Default) = {64174815-8D98-4CE6-8646-4C039977D808}
-> {HKLM…CLSID} = AsusWSShellExt_O64 Class
\InProcServer32\(Default) = C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [eCareme Technologies, Inc.]
EnhancedStorageShell\(Default) = {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}
-> {HKLM…CLSID} = Enhanced Storage Icon Overlay Handler Class
\InProcServer32\(Default) = C:\Windows\system32\EhStorShell.dll [MS]
OverlayExcluded\(Default) = {4433A54A-1AC8-432F-90FC-85F045CF383C}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\buShell.dll [Symantec Corporation]
OverlayPending\(Default) = {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\buShell.dll [Symantec Corporation]
OverlayProtected\(Default) = {476D0EA3-80F9-48B5-B70B-05E677C9C148}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\buShell.dll [Symantec Corporation]
SharingPrivate\(Default) = {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
-> {HKLM…CLSID} = Sharing Overlay (Private)
\InProcServer32\(Default) = C:\Windows\system32\ntshrui.dll [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
EnhancedStorageShell\(Default) = {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}
-> {HKLM…Wow…CLSID} = Enhanced Storage Icon Overlay Handler Class
\InProcServer32\(Default) = C:\Windows\system32\EhStorShell.dll [MS]
SharingPrivate\(Default) = {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
-> {HKLM…Wow…CLSID} = Sharing Overlay (Private)
\InProcServer32\(Default) = C:\Windows\system32\ntshrui.dll [MS]
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{00C6D95F-329C-409a-81D7-C46C66EA7F33} = (no title provided)
-> {HKLM…CLSID} = DefaultLocation
\InProcServer32\(Default) = C:\Windows\System32\shdocvw.dll [MS]
{80009818-f38f-4af1-87b5-eadab9433e58} = MF ADTS Property Handler
-> {HKLM…CLSID} = MF ADTS Property Handler
\InProcServer32\(Default) = C:\Windows\System32\mf.dll [MS]
{08165EA0-E946-11CF-9C87-00AA005127ED} = WebCheckWebCrawler
-> {HKLM…CLSID} = WebCheckWebCrawler
\InProcServer32\(Default) = C:\Windows\System32\webcheck.dll [MS]
{F5175861-2688-11d0-9C5E-00AA00A45957} = Subscription Folder
-> {HKLM…CLSID} = Subscription Folder
\InProcServer32\(Default) = C:\Windows\System32\webcheck.dll [MS]
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} = Code Download Agent
-> {HKLM…CLSID} = Code Download Agent
\InProcServer32\(Default) = C:\Windows\System32\webcheck.dll [MS]
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} = Subscription Mgr
-> {HKLM…CLSID} = Subscription Mgr
\InProcServer32\(Default) = C:\Windows\System32\webcheck.dll [MS]
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} = WebCheck SyncMgr Handler
-> {HKLM…CLSID} = WebCheck SyncMgr Handler
\InProcServer32\(Default) = C:\Windows\System32\webcheck.dll [MS]
{d6044399-0b9e-4084-a9ac-c4b7c7800fcf} = FolderItem
-> {HKLM…CLSID} = ASUS WebStorage Drive
\InProcServer32\(Default) = mscoree.dll [MS]
{b1b96b20-da1d-4a3c-92c1-7229b32f2325} = BackupContextMenuExtension
-> {HKLM…CLSID} = XPClient.FileSystemBrowser.BackupContextMenuExtension.BackupContextMenuExtension
\InProcServer32\(Default) = mscoree.dll [MS]
{0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} = ELAN Control Panel
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Elantech\ETDMcpl.dll [ELAN Microelectronics Corp.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{00C6D95F-329C-409a-81D7-C46C66EA7F33} = (no title provided)
-> {HKLM…Wow…CLSID} = DefaultLocation
\InProcServer32\(Default) = C:\Windows\System32\shdocvw.dll [MS]
{80009818-f38f-4af1-87b5-eadab9433e58} = MF ADTS Property Handler
-> {HKLM…Wow…CLSID} = MF ADTS Property Handler
\InProcServer32\(Default) = C:\Windows\System32\mf.dll [MS]
{08165EA0-E946-11CF-9C87-00AA005127ED} = WebCheckWebCrawler
-> {HKLM…Wow…CLSID} = WebCheckWebCrawler
\InProcServer32\(Default) = C:\Windows\SysWOW64\webcheck.dll [MS]
{F5175861-2688-11d0-9C5E-00AA00A45957} = Subscription Folder
-> {HKLM…Wow…CLSID} = Subscription Folder
\InProcServer32\(Default) = C:\Windows\SysWOW64\webcheck.dll [MS]
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} = Code Download Agent
-> {HKLM…Wow…CLSID} = Code Download Agent
\InProcServer32\(Default) = C:\Windows\SysWOW64\webcheck.dll [MS]
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} = Subscription Mgr
-> {HKLM…Wow…CLSID} = Subscription Mgr
\InProcServer32\(Default) = C:\Windows\SysWOW64\webcheck.dll [MS]
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} = WebCheck SyncMgr Handler
-> {HKLM…Wow…CLSID} = WebCheck SyncMgr Handler
\InProcServer32\(Default) = C:\Windows\SysWOW64\webcheck.dll [MS]
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DeviceNotificationCallbacks\
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\DeviceNotificationCallbacks\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
HKCU\Software\Microsoft\Command Processor\
AutoRun = (name not found)
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
Shell = (name not found)
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Shell = (name not found)
HKLM\SOFTWARE\Microsoft\Command Processor\
AutoRun = (name not found)
HKLM\Wow6432Node\Software\Microsoft\Command Processor\
AutoRun = (name not found)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
AppInit_DLLs = (empty string)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\
AppInit_DLLs = (empty string)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
IconServiceLib = IconCodecService.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
GinaDLL = (name not found)
Shell = explorer.exe [MS]
System = (name not found)
Taskman = (name not found)
Userinit = C:\Windows\system32\userinit.exe, [MS]
VmApplet = SystemPropertiesPerformance.exe /pagefile
HKLM\SYSTEM\CurrentControlSet\Control\ServiceControlManagerExtension
ServiceControlManagerExtension = C:\Windows\system32\scext.dll [MS]
HKLM\SYSTEM\CurrentControlSet\Control\BootVerificationProgram\
ImagePath = (name not found)
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
Authentication Packages = msv1_0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
Notification Packages = scecli
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> (livessp [MS]) Security Packages = kerberos|msv1_0|schannel|wdigest|tspkg|pku2u|livessp
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option\
UseAlternateShell = (name not found)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\
AlternateShell = cmd.exe [MS]
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\
SecurityProviders = credssp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
BootExecute = autocheck autochk *
Execute = (name not found)
SetupExecute = (value not set)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\
{DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}\(Default) = GenericFilter
-> {HKLM…CLSID} = GenericFilter
\InProcServer32\(Default) = C:\Windows\system32\authui.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{06FE45A8-6D92-44ba-A0F1-9A9BCDC8F5A7}\(Default) = FaceCredentialProvider64
-> {HKLM…CLSID} = FaceCredentialProvider64
\InProcServer32\(Default) = C:\Program Files (x86)\ASUS\FaceLogon\system\FaceCredentialProvider64.dll [ASUS]
{25CBB996-92ED-457e-B28C-4774084BD562}\(Default) = GenericProvider
-> {HKLM…CLSID} = GenericProvider
\InProcServer32\(Default) = C:\Windows\system32\authui.dll [MS]
{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}\(Default) = NPProvider
-> {HKLM…CLSID} = NPProvider
\InProcServer32\(Default) = C:\Windows\system32\authui.dll [MS]
{503739d0-4c5e-4cfd-b3ba-d881334f0df2}\(Default) = VaultCredProvider
-> {HKLM…CLSID} = VaultCredProvider
\InProcServer32\(Default) = C:\Windows\System32\VaultCredProvider.dll [MS]
{6f45dc1e-5384-457a-bc13-2cd81b0d28ed}\(Default) = PasswordProvider
-> {HKLM…CLSID} = PasswordProvider
\InProcServer32\(Default) = C:\Windows\system32\authui.dll [MS]
{8bf9a910-a8ff-457f-999f-a5ca10b4a885}\(Default) = Smartcard Credential Provider
-> {HKLM…CLSID} = Smartcard Credential Provider
\InProcServer32\(Default) = SmartcardCredentialProvider.dll [MS]
{94596c7e-3744-41ce-893e-bbf09122f76a}\(Default) = Smartcard Pin Provider
-> {HKLM…CLSID} = Smartcard Pin Provider
\InProcServer32\(Default) = SmartcardCredentialProvider.dll [MS]
{AC3AC249-E820-4343-A65B-377AC634DC09}\(Default) = WinBio Credential Provider
-> {HKLM…CLSID} = WinBio Credential Provider
\InProcServer32\(Default) = C:\Windows\System32\BioCredProv.dll [MS]
{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}\(Default) = CertCredProvider
-> {HKLM…CLSID} = CCertProvider
\InProcServer32\(Default) = C:\Windows\system32\certCredProvider.dll [MS]
{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = WLIDCredentialProvider
-> {HKLM…CLSID} = WLIDCredentialProvider
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers\
{5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}\(Default) = RasProvider
-> {HKLM…CLSID} = CRasProvider
\InProcServer32\(Default) = C:\Windows\system32\rasplap.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logon\
HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown\
HKCU\Software\Classes\PROTOCOLS\Filter\
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
application/octet-stream\CLSID = {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
-> {HKLM…CLSID} = Cor MIME Filter, CorFltr, CorFltr 1
\InProcServer32\(Default) = mscoree.dll [MS]
application/x-complus\CLSID = {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
-> {HKLM…CLSID} = Cor MIME Filter, CorFltr, CorFltr 1
\InProcServer32\(Default) = mscoree.dll [MS]
application/x-msdownload\CLSID = {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
-> {HKLM…CLSID} = Cor MIME Filter, CorFltr, CorFltr 1
\InProcServer32\(Default) = mscoree.dll [MS]
HKCU\Software\Classes\PROTOCOLS\Handler\
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
about\CLSID = {3050F406-98B5-11CF-BB82-00AA00BDCE0B}
-> {HKLM…CLSID} = Microsoft HTML About Pluggable Protocol
\InProcServer32\(Default) = C:\Windows\System32\mshtml.dll [MS]
cdl\CLSID = {3dd53d40-7b8b-11D0-b013-00aa0059ce02}
-> {HKLM…CLSID} = CDL: Asychronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\urlmon.dll [MS]
dvd\CLSID = {12D51199-0DB5-46FE-A120-47A3D7D937CC}
-> {HKLM…CLSID} = DVD: Pluggable Protocol
\InProcServer32\(Default) = C:\Windows\System32\msvidctl.dll [MS]
file\CLSID = {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
-> {HKLM…CLSID} = file:, local: Asychronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\urlmon.dll [MS]
ftp\CLSID = {79eac9e3-baf9-11ce-8c82-00aa004ba90b}
-> {HKLM…CLSID} = ftp: Asychronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\urlmon.dll [MS]
http\CLSID = {79eac9e2-baf9-11ce-8c82-00aa004ba90b}
-> {HKLM…CLSID} = http: Asychronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\urlmon.dll [MS]
https\CLSID = {79eac9e5-baf9-11ce-8c82-00aa004ba90b}
-> {HKLM…CLSID} = https: Asychronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\urlmon.dll [MS]
its\CLSID = {9D148291-B9C8-11D0-A4CC-0000F80149F6}
-> {HKLM…CLSID} = Microsoft InfoTech Protocols for IE 4.0
\InProcServer32\(Default) = C:\Windows\System32\itss.dll [MS]
javascript\CLSID = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
-> {HKLM…CLSID} = Microsoft HTML Javascript Pluggable Protocol
\InProcServer32\(Default) = C:\Windows\System32\mshtml.dll [MS]
local\CLSID = {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
-> {HKLM…CLSID} = file:, local: Asychronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\urlmon.dll [MS]
mailto\CLSID = {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}
-> {HKLM…CLSID} = Microsoft HTML Mailto Pluggable Protocol
\InProcServer32\(Default) = C:\Windows\System32\mshtml.dll [MS]
mhtml\CLSID = {05300401-BCBC-11d0-85E3-00C04FD85AB4}
-> {HKLM…CLSID} = MHTML Asynchronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\inetcomm.dll [MS]
mk\CLSID = {79eac9e6-baf9-11ce-8c82-00aa004ba90b}
-> {HKLM…CLSID} = mk: Asychronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\urlmon.dll [MS]
ms-its\CLSID = {9D148291-B9C8-11D0-A4CC-0000F80149F6}
-> {HKLM…CLSID} = Microsoft InfoTech Protocols for IE 4.0
\InProcServer32\(Default) = C:\Windows\System32\itss.dll [MS]
res\CLSID = {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
-> {HKLM…CLSID} = Microsoft HTML Resource Pluggable Protocol
\InProcServer32\(Default) = C:\Windows\System32\mshtml.dll [MS]
tv\CLSID = {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
-> {HKLM…CLSID} = TV: Pluggable Protocol
\InProcServer32\(Default) = C:\Windows\System32\msvidctl.dll [MS]
vbscript\CLSID = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
-> {HKLM…CLSID} = Microsoft HTML Javascript Pluggable Protocol
\InProcServer32\(Default) = C:\Windows\System32\mshtml.dll [MS]
HKCU\Software\Classes\*\shellex\ColumnHandlers\
HKLM\SOFTWARE\Classes\*\shellex\ColumnHandlers\
HKLM\Wow3264Node\Software\Classes\*\shellex\ColumnHandlers\
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
BriefcaseMenu\(Default) = {85BBD920-42A0-1069-A2E4-08002B30309D}
-> {HKLM…CLSID} = Briefcase
\InProcServer32\(Default) = C:\Windows\system32\syncui.dll [MS]
BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\buShell.dll [Symantec Corporation]
FormatFactoryShell\(Default) = {A3777921-CFD3-4A6B-89BF-08E6B95716E8}
-> {HKLM…CLSID} = FormatFactoryShell
\InProcServer32\(Default) = C:\Program Files (x86)\FreeTime\FormatFactory\ShellEx64_100.dll [Free Time]
Open With\(Default) = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
-> {HKLM…CLSID} = Open With Context Menu Handler
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
Open With EncryptionMenu\(Default) = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
-> {HKLM…CLSID} = Encryption Context Menu
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
Sharing\(Default) = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
-> {HKLM…CLSID} = Shell extensions for sharing
\InProcServer32\(Default) = C:\Windows\system32\ntshrui.dll [MS]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
-> {HKLM…CLSID} = IEContextMenu Class
\InProcServer32\(Default) = "C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\NavShExt.dll" [Symantec Corporation]
{90AA3A4E-1CBA-4233-B8BB-535773D48449}\(Default) = Taskband Pin
-> {HKLM…CLSID} = Taskband Pin
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\(Default) = Start Menu Pin
-> {HKLM…CLSID} = Start Menu Pin
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
HKLM\Wow3264Node\Software\Classes\*\shellex\ContextMenuHandlers\
HKCU\Software\Classes\*\shellex\CopyHookHandlers\
HKLM\SOFTWARE\Classes\*\shellex\CopyHookHandlers\
HKLM\Wow3264Node\Software\Classes\*\shellex\CopyHookHandlers\
HKCU\Software\Classes\*\shellex\DragDropHandlers\
HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\
HKLM\Wow3264Node\Software\Classes\*\shellex\DragDropHandlers\
HKCU\Software\Classes\*\shellex\PropertySheetHandlers\
HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\
BriefcasePage\(Default) = {85BBD920-42A0-1069-A2E4-08002B30309D}
-> {HKLM…CLSID} = Briefcase
\InProcServer32\(Default) = C:\Windows\system32\syncui.dll [MS]
BuPropertySheet\(Default) = {B59987EA-25FE-44B4-8802-E4DE67073D8C}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\buShell.dll [Symantec Corporation]
CryptoSignMenu\(Default) = {7444C719-39BF-11D1-8CD9-00C04FC29D45}
-> {HKLM…CLSID} = CryptSig Class
\InProcServer32\(Default) = C:\Windows\system32\cryptext.dll [MS]
{1f2e5c40-9550-11ce-99d2-00aa006e086c}\(Default) = (no title provided)
-> {HKLM…CLSID} = Security Shell Extension
\InProcServer32\(Default) = C:\Windows\system32\rshx32.dll [MS]
{3EA48300-8CF6-101B-84FB-666CCB9BCD32}\(Default) = OLE DocFile Property Page
-> {HKLM…CLSID} = OLE Docfile Property Page
\InProcServer32\(Default) = C:\Windows\system32\docprop.dll [MS]
{883373C3-BF89-11D1-BE35-080036B11A03}\(Default) = Summary Properties Page
-> {HKLM…CLSID} = Summary Properties Page
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
HKLM\Wow3264Node\Software\Classes\*\shellex\PropertySheetHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\ColumnHandlers\
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ColumnHandlers\
HKLM\Wow3264Node\Software\Classes\AllFilesystemObjects\shellex\ColumnHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
BackupContextMenuExtension\(Default) = {b1b96b20-da1d-4a3c-92c1-7229b32f2325}
-> {HKLM…CLSID} = XPClient.FileSystemBrowser.BackupContextMenuExtension.BackupContextMenuExtension
\InProcServer32\(Default) = mscoree.dll [MS]
CopyAsPathMenu\(Default) = {f3d06e7c-1e45-4a26-847e-f9fcdee59be0}
-> {HKLM…CLSID} = Copy as Path Menu
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
SendTo\(Default) = {7BA4C740-9E81-11CF-99D3-00AA004AE837}
-> {HKLM…CLSID} = Microsoft SendTo Service
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
{596AB062-B4D2-4215-9F74-E9109B0A8153}\(Default) = (no title provided)
-> {HKLM…CLSID} = Previous Versions Property Page
\InProcServer32\(Default) = C:\Windows\system32\twext.dll [MS]
HKLM\Wow3264Node\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\CopyHookHandlers\
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\CopyHookHandlers\
HKLM\Wow3264Node\Software\Classes\AllFilesystemObjects\shellex\CopyHookHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\DragDropHandlers\
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\DragDropHandlers\
HKLM\Wow3264Node\Software\Classes\AllFilesystemObjects\shellex\DragDropHandlers\
HKCU\Software\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\
PropertySheetExtension1\(Default) = {506d8021-4fcf-446f-bf22-2ad5c3c28109}
-> {HKLM…CLSID} = XPClient.FileSystemBrowser.PropertySheetExtension.PropertySheetExtension1
\InProcServer32\(Default) = mscoree.dll [MS]
{596AB062-B4D2-4215-9F74-E9109B0A8153}\(Default) = (no title provided)
-> {HKLM…CLSID} = Previous Versions Property Page
\InProcServer32\(Default) = C:\Windows\system32\twext.dll [MS]
HKLM\Wow3264Node\Software\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\
HKCU\Software\Classes\Directory\shellex\ColumnHandlers\
HKLM\SOFTWARE\Classes\Directory\shellex\ColumnHandlers\
HKLM\Wow3264Node\Software\Classes\Directory\shellex\ColumnHandlers\
HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
EncryptionMenu\(Default) = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
-> {HKLM…CLSID} = Encryption Context Menu
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
FormatFactoryShell\(Default) = {A3777921-CFD3-4A6B-89BF-08E6B95716E8}
-> {HKLM…CLSID} = FormatFactoryShell
\InProcServer32\(Default) = C:\Program Files (x86)\FreeTime\FormatFactory\ShellEx64_100.dll [Free Time]
Sharing\(Default) = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
-> {HKLM…CLSID} = Shell extensions for sharing
\InProcServer32\(Default) = C:\Windows\system32\ntshrui.dll [MS]
{596AB062-B4D2-4215-9F74-E9109B0A8153}\(Default) = (no title provided)
-> {HKLM…CLSID} = Previous Versions Property Page
\InProcServer32\(Default) = C:\Windows\system32\twext.dll [MS]
HKLM\Wow3264Node\Software\Classes\Directory\shellex\ContextMenuHandlers\
HKCU\Software\Classes\Directory\shellex\CopyHookHandlers\
HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
FileSystem\(Default) = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
-> {HKLM…CLSID} = Shell Copy Hook
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
Sharing\(Default) = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
-> {HKLM…CLSID} = Shell extensions for sharing
\InProcServer32\(Default) = C:\Windows\system32\ntshrui.dll [MS]
HKLM\Wow3264Node\Software\Classes\Directory\shellex\CopyHookHandlers\
HKCU\Software\Classes\Directory\shellex\DragDropHandlers\
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
HKLM\Wow3264Node\Software\Classes\Directory\shellex\DragDropHandlers\
HKCU\Software\Classes\Directory\shellex\PropertySheetHandlers\
HKLM\SOFTWARE\Classes\Directory\shellex\PropertySheetHandlers\
Sharing\(Default) = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
-> {HKLM…CLSID} = Shell extensions for sharing
\InProcServer32\(Default) = C:\Windows\system32\ntshrui.dll [MS]
{1f2e5c40-9550-11ce-99d2-00aa006e086c}\(Default) = (no title provided)
-> {HKLM…CLSID} = Security Shell Extension
\InProcServer32\(Default) = C:\Windows\system32\rshx32.dll [MS]
{4a7ded0a-ad25-11d0-98a8-0800361b1103}\(Default) = (no title provided)
-> {HKLM…CLSID} = MyFolder menu and properties
\InProcServer32\(Default) = C:\Windows\system32\mydocs.dll [MS]
{596AB062-B4D2-4215-9F74-E9109B0A8153}\(Default) = (no title provided)
-> {HKLM…CLSID} = Previous Versions Property Page
\InProcServer32\(Default) = C:\Windows\system32\twext.dll [MS]
{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}\(Default) = (no title provided)
-> {HKLM…CLSID} = DfsShell Class
\InProcServer32\(Default) = C:\Windows\system32\DfsShlEx.dll [MS]
{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\(Default) = (no title provided)
-> {HKLM…CLSID} = Folder Customization Tab
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
HKLM\Wow3264Node\Software\Classes\Directory\shellex\PropertySheetHandlers\
HKCU\Software\Classes\Directory\Background\shellex\ColumnHandlers\
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ColumnHandlers\
HKLM\Wow3264Node\Software\Classes\Directory\Background\shellex\ColumnHandlers\
HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
Gadgets\(Default) = {6B9228DA-9C15-419e-856C-19E768A13BDC}
-> {HKLM…CLSID} = Windows Desktop Gadgets
\InProcServer32\(Default) = C:\Program Files\Windows Sidebar\sbdrop.dll [MS]
igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM…CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]
New\(Default) = {D969A300-E7FF-11d0-A93B-00A0C90F2719}
-> {HKLM…CLSID} = New Menu Handler
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
Sharing\(Default) = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
-> {HKLM…CLSID} = Shell extensions for sharing
\InProcServer32\(Default) = C:\Windows\system32\ntshrui.dll [MS]
HKLM\Wow3264Node\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
HKCU\Software\Classes\Directory\Background\shellex\CopyHookHandlers\
HKLM\SOFTWARE\Classes\Directory\Background\shellex\CopyHookHandlers\
HKLM\Wow3264Node\Software\Classes\Directory\Background\shellex\CopyHookHandlers\
HKCU\Software\Classes\Directory\Background\shellex\DragDropHandlers\
HKLM\SOFTWARE\Classes\Directory\Background\shellex\DragDropHandlers\
HKLM\Wow3264Node\Software\Classes\Directory\Background\shellex\DragDropHandlers\
HKCU\Software\Classes\Directory\Background\shellex\PropertySheetHandlers\
HKLM\SOFTWARE\Classes\Directory\Background\shellex\PropertySheetHandlers\
HKLM\Wow3264Node\Software\Classes\Directory\Background\shellex\PropertySheetHandlers\
HKCU\Software\Classes\Folder\shellex\ColumnHandlers\
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
HKLM\Wow3264Node\Software\Classes\Folder\shellex\ColumnHandlers\
HKCU\Software\Classes\Folder\shellex\ContextMenuHandlers\
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
BriefcaseMenu\(Default) = {85BBD920-42A0-1069-A2E4-08002B30309D}
-> {HKLM…CLSID} = Briefcase
\InProcServer32\(Default) = C:\Windows\system32\syncui.dll [MS]
BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\buShell.dll [Symantec Corporation]
Library Location\(Default) = {3dad6c5d-2167-4cae-9914-f99e41c12cfa}
-> {HKLM…CLSID} = Include In Library Sub Context Menu
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
-> {HKLM…CLSID} = IEContextMenu Class
\InProcServer32\(Default) = "C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\NavShExt.dll" [Symantec Corporation]
HKLM\Wow3264Node\Software\Classes\Folder\shellex\ContextMenuHandlers\
HKCU\Software\Classes\Folder\shellex\CopyHookHandlers\
HKLM\SOFTWARE\Classes\Folder\shellex\CopyHookHandlers\
HKLM\Wow3264Node\Software\Classes\Folder\shellex\CopyHookHandlers\
HKCU\Software\Classes\Folder\shellex\DragDropHandlers\
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
{BD472F60-27FA-11cf-B8B4-444553540000}\(Default) = (no title provided)
-> {HKLM…CLSID} = Compressed (zipped) Folder Right Drag Handler
\InProcServer32\(Default) = C:\Windows\system32\zipfldr.dll [MS]
HKLM\Wow3264Node\Software\Classes\Folder\shellex\DragDropHandlers\
HKCU\Software\Classes\Folder\shellex\PropertySheetHandlers\
HKLM\SOFTWARE\Classes\Folder\shellex\PropertySheetHandlers\
BriefcasePage\(Default) = {85BBD920-42A0-1069-A2E4-08002B30309D}
-> {HKLM…CLSID} = Briefcase
\InProcServer32\(Default) = C:\Windows\system32\syncui.dll [MS]
HKLM\Wow3264Node\Software\Classes\Folder\shellex\PropertySheetHandlers\
Default executables:
--------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\UserChoice\
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\UserChoice\
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\UserChoice\
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice\
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\UserChoice\
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pif\UserChoice\
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice\
HKLM\SOFTWARE\Classes\.bat\(Default) = batfile
HKLM\SOFTWARE\Classes\batfile\shell\open\command\(Default) = "%1" %*
HKLM\SOFTWARE\Classes\.cmd\(Default) = cmdfile
HKLM\SOFTWARE\Classes\cmdfile\shell\open\command\(Default) = "%1" %*
HKLM\SOFTWARE\Classes\.com\(Default) = comfile
HKLM\SOFTWARE\Classes\comfile\shell\open\command\(Default) = "%1" %*
HKLM\SOFTWARE\Classes\.exe\(Default) = exefile
HKLM\SOFTWARE\Classes\exefile\shell\open\command\(Default) = "%1" %*
HKLM\SOFTWARE\Classes\.hta\(Default) = htafile
HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*
HKLM\SOFTWARE\Classes\.pif\(Default) = piffile
HKLM\SOFTWARE\Classes\piffile\shell\open\command\(Default) = "%1" %*
HKLM\SOFTWARE\Classes\.scr\(Default) = scrfile
HKLM\SOFTWARE\Classes\scrfile\shell\open\command\(Default) = "%1" /S
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveAutoRun = (REG_DWORD) dword:0x00000020
{Turn off autoplay for drive letter}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoActiveDesktop = (REG_DWORD) dword:0x00000001
{not in GPedit.msc under Computer Configuration|
Disable Active Desktop and prevent users from enabling it}
ForceActiveDesktopOn = (REG_DWORD) dword:0x00000000
{not in GPedit.msc under Computer Configuration|
Enable Active Desktop and prevent users from disabling it}
NoDriveTypeAutoRun = (REG_DWORD) dword:0x000000FF
{Computer Configuration|Administrative Templates|Windows Components|AutoPlay Policies|
Turn off Autoplay}
NoDriveAutoRun = (REG_DWORD) dword:0x03FFFFFF
{Turn off autoplay for drive letter}
HonorAutorunSetting = (REG_DWORD) dword:0x00000001
{not in GPedit.msc|
Per MSKB 967715, enable Autorun settings in Hotfixes 950582, 967715, and 953252}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\
HKCU\Software\Policies\Microsoft\Internet Explorer\Download\
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Download\
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter\
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy\
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Privacy\
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\
HKCU\Software\Policies\Microsoft\Internet Explorer\Security\
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Security\
HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar\
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Toolbar\
HKCU\Software\Policies\Microsoft\MMC\{0E752416-F29E-4195-A9DD-7F0D4D5A9D71}\
HKCU\Software\Policies\Microsoft\MMC\{0F3621F1-23C6-11D1-AD97-00AA00B88E5A}\
HKCU\Software\Policies\Microsoft\MMC\{0F6B957D-509E-11D1-A7CC-0000F87571E3}\
HKCU\Software\Policies\Microsoft\MMC\{0F6B957E-509E-11D1-A7CC-0000F87571E3}\
HKCU\Software\Policies\Microsoft\MMC\{394C052E-B830-11D0-9A86-00C04FD8DBF7}\
HKCU\Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-ADCF-00AA00A80033}\
HKCU\Software\Policies\Microsoft\MMC\{58221C67-EA27-11CF-ADCF-00AA00A80033}\
HKCU\Software\Policies\Microsoft\MMC\{5D6179C8-17EC-11D1-9AA9-00C04FD8FE93}\
HKCU\Software\Policies\Microsoft\MMC\{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}\
HKCU\Software\Policies\Microsoft\MMC\{84DE202D-5D95-4764-9014-A46F994CE856}\
HKCU\Software\Policies\Microsoft\MMC\{84DE202E-5D95-4764-9014-A46F994CE856}\
HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}\
HKCU\Software\Policies\Microsoft\MMC\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}\
HKCU\Software\Policies\Microsoft\MMC\{D02B1F72-3407-48ae-BA88-E8213C6761F1}\
HKCU\Software\Policies\Microsoft\MMC\{D02B1F73-3407-48ae-BA88-E8213C6761F1}\
HKCU\Software\Policies\Microsoft\MMC\{E12BBB5D-D59D-4E61-947A-301D25AE8C23}\
HKCU\Software\Policies\Microsoft\MMC\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}\
HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ac-fe9c-4368-be02-7a4cbb7cbe11}\
HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}\
HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ae-fe9c-4363-be05-7a4cbb7cb510}\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\
HKCU\Software\Policies\Microsoft\Windows\Network Connections\
HKCU\Software\Policies\Microsoft\Windows\System\
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0\
HKLM\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0\
HKCU\Software\Policies\Microsoft\Windows Defender\
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\
HKCU\Software\Policies\Microsoft\Windows Defender\Real-time Protection\
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-time Protection\
HKCU\Software\Policies\Microsoft\Windows\Windows Error Reporting\
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
ConsentPromptBehaviorUser = (REG_DWORD) dword:0x00000003
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}