Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Here is a little code I use to check to see if there is spyware in the startup folders of registry. - Kent Ruddick
REGQUICKCHECK.WBT
;Allow menu on Dialog IntControl (49, 1, 0, 0, 0) ;List box variables listHKCURun = "" listHKLMRun = "" listHKLMBro = "" ;Dialog Constants DINIT = 0 DPUSH = 2 ;Enumerate Items #DefineSubRoutine RegCurrentRun() listHKCURun = "" delim = Num2Char(255) items = RegQueryItem(@REGCURRENT, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run") count = ItemCount(items, @TAB) If count > 0 then For X = 1 to count item = ItemExtract(X, items, @TAB) type=RegEntryType(@REGCURRENT,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run[%item%]") value=RegQueryEx(@REGCURRENT,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run[%item%]",delim,type) listHKCURun = strCat(listHKCURun, item, ":", value, @TAB) Next End if #ENDSUBROUTINE ;Enumerate Items #DefineSubRoutine ReglistHKLMRun () listHKLMRun = "" delim = Num2Char(255) items = RegQueryItem(@RegMachine, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run") count = ItemCount(Items, @TAB) If count > 0 then For X = 1 to count item = ItemExtract(X, items, @TAB) type=RegEntryType(@RegMachine,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run[%item%]") value=RegQueryEx(@RegMachine,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run[%item%]",delim,type) listHKLMRun = strCat(listHKLMRun, Item, ":", value, @TAB) Next End if #ENDSUBROUTINE ;Enumerate Items #DefineSubRoutine ReglistHKLMBro () listHKLMBro = "" delim = Num2Char(255) key=RegOpenkey(@RegMachine, "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects") items = RegQueryKeys(Key) RegCloseKey(Key) count = ItemCount(items, @TAB) If count > 0 then For X = 1 to count item = ItemExtract(X, items, @TAB) keyexist = RegExistValue(@RegClasses,"CLSID\%item%\InprocServer32[]") If keyexist == 0 then listHKLMBro = strCat(listHKLMBro, "No Entry", ":", item, @TAB) Else type = RegEntryType(@RegClasses,"CLSID\%item%\InprocServer32[]") value = RegQueryEx(@RegClasses,"CLSID\%item%\InprocServer32[]", delim, type) listHKLMBro = strCat(listHKLMBro, value, ":", item, @TAB) Endif Next End if #ENDSUBROUTINE ;Dialog CallBack Procedure #DEFINESUBROUTINE MyDialogProc(DialogHandle, EventCode, ControlNum, Res4, Res5) switch( EventCode) case DINIT DialogProcOptions(DialogHandle, DPUSH, 1) break case DPUSH if ControlNum == 9 ; Back up the Registry Path=AskFileName("Registry Backup File", "C:\", "Reg Files|*.reg|", "Backup.reg", 0) If Path <> "" then Path = strCat("/E ", Path) Display(1,"Registry Backup","Please Wait") RunWait("regedit", Path) Display(2,"Registry Backup", "Registry Backup Complete") Else Message("Error", "Please enter a path") Endif return -2 endif if ControlNum == 10 ; Current User Run Key CurrentUserDelete = DialogControlGet(DialogHandle, 3, 6) ; Grab Items in Item Box If CurrentUserDelete <> "" then ; If no selection or blank then give an error DeleteCount = ItemCount(CurrentUserDelete, @TAB) ; Count how many items to delete If DeleteCount > 1 then ; Proper checking q = AskYesNo("Confirm Delete", "Are you sure you wish to delete these %DeleteCount% items?") Else q = AskYesNo("Confirm Delete", "Are you sure you wish to delete this item?") Endif If q == @YES Then ; OK Delete the keys For X = 1 to DeleteCount DeleteKey = ItemExtract(1,ItemExtract(X, CurrentUserDelete, @TAB),":") ErrorMode(@off) RegDelValue(@REGCURRENT,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run[%DeleteKey%]") ErrorMode(@cancel) Next RegCurrentRun() ; Update the list box to reflect changes DialogControlSet(DialogHandle, 3, 5, listHKCURun) Endif Else Message("Error", "Please select an item") ; Give 'em hell Endif return -2 endif if ControlNum == 11 ; HKLM Run Key RegMachineDelete = DialogControlGet(DialogHandle, 5, 6) If RegMachineDelete <> "" then DeleteCount = ItemCount(RegMachineDelete, @TAB) If DeleteCount > 1 then q = AskYesNo("Confirm Delete", "Are you sure you wish to delete these %DeleteCount% items?") Else q = AskYesNo("Confirm Delete", "Are you sure you wish to delete this item?") Endif If q == @YES Then For X = 1 to DeleteCount DeleteKey = ItemExtract(1,ItemExtract(X, RegMachineDelete, @TAB),":") ErrorMode(@off) RegDelValue(@RegMachine,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run[%DeleteKey%]") ErrorMode(@cancel) Next RegListHKLMRun() DialogControlSet(DialogHandle, 5, 5, listHKLMRun) Endif Else Message("Error", "Please select an item") Endif return -2 endif if ControlNum == 12 ; HKLM Browser Object BrowserObjectDelete= DialogControlGet(DialogHandle, 7, 6) If BrowserObjectDelete <> "" then DeleteCount = ItemCount(BrowserObjectDelete, @TAB) If DeleteCount > 1 then q = AskYesNo("Confirm Delete", "Are you sure you wish to delete these %DeleteCount% items?") Else q = AskYesNo("Confirm Delete", "Are you sure you wish to delete this item?") Endif If q == @YES Then For X = 1 to DeleteCount DeleteKey = ItemExtract(2,ItemExtract(X, BrowserObjectDelete, @TAB),":") ErrorMode(@off) RegDeleteKey(@RegMachine, "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\%DeleteKey%") ErrorMode(@cancel) Next RegListHKLMBro() DialogControlSet(DialogHandle, 7, 5, listHKLMBro) Endif Else Message("Error", "Please select an item") Endif return -2 endif if ControlNum == 13 ;Refresh the itemboxes RegCurrentRun() DialogControlSet(DialogHandle, 3, 5, listHKCURun) ReglistHKLMRun() DialogControlSet(DialogHandle, 5, 5, listHKLMRun) ReglistHKLMBro() DialogControlSet(DialogHandle, 7, 5, listHKLMBro) return -2 endif endswitch return -1 #ENDSUBROUTINE ;Get initial values of lists RegCurrentRun() ReglistHKLMRun() ReglistHKLMBro() MyDialogFormat=`WWWDLGED,6.1` MyDialogCaption=`Reg Quick Check` MyDialogX=-1 MyDialogY=-1 MyDialogWidth=324 MyDialogHeight=205 MyDialogNumControls=013 MyDialogProcedure=`MyDialogProc` MyDialogFont=`DEFAULT` MyDialogTextColor=`DEFAULT` MyDialogBackground=`DEFAULT,DEFAULT` MyDialogConfig=0 MyDialog001=`287,179,028,018,PUSHBUTTON,DEFAULT,"Close",0,13,DEFAULT,DEFAULT,DEFAULT,DEFAULT` MyDialog002=`007,007,230,008,STATICTEXT,DEFAULT,"HKCU\Software\Microsoft\Windows\CurrentVersion\Run",DEFAULT,1,DEFAULT,DEFAULT,DEFAULT,DEFAULT` MyDialog003=`005,017,276,044,ITEMBOX,listHKCURun,DEFAULT,DEFAULT,2,DEFAULT,DEFAULT,DEFAULT,DEFAULT` MyDialog004=`007,063,230,008,STATICTEXT,DEFAULT,"HKLM\Software\Microsoft\Windows\CurrentVersion\Run",DEFAULT,4,DEFAULT,DEFAULT,DEFAULT,DEFAULT` MyDialog005=`005,073,276,044,ITEMBOX,listHKLMRun,DEFAULT,DEFAULT,5,DEFAULT,DEFAULT,DEFAULT,DEFAULT` MyDialog006=`007,119,256,008,STATICTEXT,DEFAULT,"HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects",DEFAULT,7,DEFAULT,DEFAULT,DEFAULT,DEFAULT` MyDialog007=`005,129,276,044,ITEMBOX,listHKLMBro,DEFAULT,DEFAULT,8,DEFAULT,DEFAULT,DEFAULT,DEFAULT` MyDialog008=`007,179,098,008,STATICTEXT,DEFAULT,"Req Quick Check by Kent Ruddick.",DEFAULT,10,DEFAULT,DEFAULT,DEFAULT,DEFAULT` MyDialog009=`165,179,054,018,PUSHBUTTON,DEFAULT,"Back Up Registry",104,11,DEFAULT,DEFAULT,DEFAULT,DEFAULT` MyDialog010=`287,019,028,024,PUSHBUTTON,DEFAULT,"Delete",11,3,DEFAULT,DEFAULT,DEFAULT,DEFAULT` MyDialog011=`287,075,028,024,PUSHBUTTON,DEFAULT,"Delete",12,6,DEFAULT,DEFAULT,DEFAULT,DEFAULT` MyDialog012=`287,131,028,024,PUSHBUTTON,DEFAULT,"Delete",13,9,DEFAULT,DEFAULT,DEFAULT,DEFAULT` MyDialog013=`225,179,054,018,PUSHBUTTON,DEFAULT,"Refresh",105,12,DEFAULT,DEFAULT,DEFAULT,DEFAULT` ButtonPushed=Dialog("MyDialog",1)
Article ID: W16706
File Created: 2005:02:18:12:21:54
Last Updated: 2005:02:18:12:21:54