"Silent Runners.vbs", revision 64, http://www.silentrunners.org/ Operating System: Microsoft Windows 7 Ultimate (64-bit) Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} swg = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.] ISUSPM Startup = C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [InstallShield Software Corporation] Google Update = "C:\Users\DOOMinik\AppData\Local\Google\Update\GoogleUpdate.exe" /c [Google Inc.] DAEMON Tools Lite = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [DT Soft Ltd] Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [Skype Technologies S.A.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} Kernel and Hardware Abstraction Layer = KHALMNPR.EXE [Logitech, Inc.] SigmatelSysTrayApp = C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe AdobeAAMUpdater-1.0 = "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [Adobe Systems Incorporated] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} OEM02Mon.exe = C:\Windows\OEM02Mon.exe [Creative Technology Ltd.] VolPanel = "C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r [Creative Technology Ltd] SwitchBoard = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [Adobe Systems Incorporated] Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.] G Data AntiVirus Tray Application = C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [G Data Software AG] O2DA = "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA [SupportSoft, Inc.] ISUSScheduler = "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [InstallShield Software Corporation] TkBellExe = "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [RealNetworks, Inc.] SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Sun Microsystems, Inc.] SSDMonitor = C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [PC Tools] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0124123D-61B4-456f-AF86-78C53A0790C5}\(Default) = G Data WebFilter Class -> {HKLM…CLSID} = G Data WebFilter \InProcServer32\(Default) = C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIEx64.dll [G Data Software AG] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM…CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM…CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM…CLSID} = Skype add-on for Internet Explorer \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Skype Technologies S.A.] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM…CLSID} = Google Toolbar Notifier BHO \InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll [Google Inc.] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM…CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0124123D-61B4-456f-AF86-78C53A0790C5}\(Default) = G Data WebFilter Class -> {HKLM…Wow…CLSID} = G Data WebFilter \InProcServer32\(Default) = C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIE.dll [G Data Software AG] {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM…Wow…CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated] {3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = RealPlayer Download and Record Plugin for Internet Explorer \InProcServer32\(Default) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre6\bin\ssv.dll [Sun Microsystems, Inc.] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM…Wow…CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = Google Toolbar Notifier BHO \InProcServer32\(Default) = C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll [Google Inc.] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM…Wow…CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [MS] {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = G Data BankGuard \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll [G Data Software AG] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Sun Microsystems, Inc.] {FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\(Default) = Yontoo Layers -> {HKLM…Wow…CLSID} = Yontoo \InProcServer32\(Default) = C:\Program Files (x86)\Yontoo\YontooIEClient.dll [Yontoo LLC] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM…CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM…CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} = Logitech Setpoint Extension -> {HKLM…CLSID} = KbLogiExt Class \InProcServer32\(Default) = C:\Program Files\Logitech\SetPoint\kbcplext.dll [Logitech, Inc.] {B9B9F083-2B04-452A-8691-83694AC1037B} = Logitech Setpoint Extension -> {HKLM…CLSID} = LogiExt Class \InProcServer32\(Default) = C:\Program Files\Logitech\SetPoint\mcplext.dll [Logitech, Inc.] {B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} = ReflectShellExt extension -> {HKCU…CLSID} = ReflectShellExt Class \InProcServer32\(Default) = C:\Program Files\Macrium\Reflect\RShellExt.dll [Paramount Software UK Ltd] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM…CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM…CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM…CLSID} = Obszary robocze \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM…CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM…CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM…CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM…CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM…CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM…CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM…CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext -> {HKLM…CLSID} = Projekty w przedsiębiorstwie \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM…Wow…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM…Wow…CLSID} = Obszary robocze \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM…Wow…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM…Wow…CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM…Wow…CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM…Wow…CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM…Wow…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM…Wow…CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM…Wow…CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM…Wow…CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM…Wow…CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler -> {HKLM…Wow…CLSID} = Microsoft Outlook \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\MLSHEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM…Wow…CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS] {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player -> {HKLM…Wow…CLSID} = RealOne Player Context Menu Class \InProcServer32\(Default) = c:\program files (x86)\real\realplayer\rpshell.dll [RealNetworks, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM…CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM…CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945} -> {HKLM…CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8} -> {HKLM…CLSID} = Skype IE add-on Pluggable Protocol \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Skype Technologies S.A.] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ AVK9CM\(Default) = {CAF4C320-32F5-11D3-A222-004095200FF2} -> {HKLM…CLSID} = AVK9ContextMenue \InProcServer32\(Default) = C:\Program Files (x86)\G Data\AntiVirus\AVK\ShellExt64.dll [G Data Software AG] Notepad++64\(Default) = {B298D29A-A6ED-11DE-BA8C-A68E55D89593} -> {HKLM…CLSID} = Notepad++64 \InProcServer32\(Default) = C:\Program Files (x86)\Notepad++\NppShell_04.dll [null data] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ FileZilla3CopyHook\(Default) = {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} -> {HKLM…CLSID} = FileZilla 3 Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll [null data] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM…CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AVK9CM\(Default) = {CAF4C320-32F5-11D3-A222-004095200FF2} -> {HKLM…CLSID} = AVK9ContextMenue \InProcServer32\(Default) = C:\Program Files (x86)\G Data\AntiVirus\AVK\ShellExt64.dll [G Data Software AG] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] Default executables: -------------------- HKLM\SOFTWARE\Classes\.hta\(Default) = htafile <> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "%1" %* [file not found] HKLM\SOFTWARE\Classes\.scr\(Default) = scrfile <> HKLM\SOFTWARE\Classes\scrfile\shell\open\command\(Default) = NOTEPAD.EXE %1 [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoInstrumentation = (REG_SZ) 1 {unrecognized setting} NoLowDiskSpaceChecks = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\DOOMinik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Windows\syswow64\GdScrSv.scr [G Data Software AG] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ BridgeCS5ImportMediaOnArrival\ Provider = Adobe Bridge CS5 InvokeProgID = Adobe.adobebridgeCS5 InvokeVerb = launch HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS5\shell\launch\command\(Default) = C:\Program Files (x86)\Adobe\Adobe Bridge CS5\bridgeproxy.exe -v %1 [Adobe Systems, Inc.] CTPlayAudioOnArrivalu\ Provider = Creative MediaSource 5 Player InvokeProgID = CTAutoPLu.AudioCDPlayer.1 InvokeVerb = open HKLM\SOFTWARE\Classes\CTAutoPLu.AudioCDPlayer.1\shell\open\command\(Default) = "C:\Program Files (x86)\Creative\MediaSource5\CTCMSu.exe" /T=CLASSKEY_AudioCD IN %L PlayNow [Creative Technology Ltd] CTPlayMusicFilesOnArrivalu\ Provider = Creative MediaSource 5 Player InvokeProgID = CTAutoPLu.MusicFilesPlayer.1 InvokeVerb = open HKLM\SOFTWARE\Classes\CTAutoPLu.MusicFilesPlayer.1\shell\open\command\(Default) = "C:\Program Files (x86)\Creative\MediaSource5\CTCMSu.exe" /PlayNow "%L" [Creative Technology Ltd] MPCPlayCDAudioOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayCDAudio HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" %1 /cd [MPC-HC Team] MPCPlayDVDMovieOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayDVDMovie HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" %1 /dvd [MPC-HC Team] MPCPlayMusicFilesOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayMusicFiles HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" %1 [MPC-HC Team] MPCPlayVideoFilesOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayVideoFiles HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" %1 [MPC-HC Team] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] Picasa2ImportPicturesOnArrival\ Provider = Picasa3 InvokeProgID = picasa2.autoplay InvokeVerb = import HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "%1" [Google Inc.] RPCDBurningOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.CDBurn.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe" /burn "%1" [RealNetworks, Inc.] RPDVDBurningOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.DVDBurn.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe" /burndvd "%1" [RealNetworks, Inc.] RPPlayCDAudioOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.AudioCD.6 InvokeVerb = play HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe" /play %1 [RealNetworks, Inc.] RPPlayDVDMovieOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.DVD.6 InvokeVerb = play HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe" /dvd %1 [RealNetworks, Inc.] RPPlayMediaOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.AutoPlay.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "c:\program files (x86)\real\realplayer\\RealPlay.exe" /autoplay "%1" [RealNetworks, Inc.] WIA_{1006D637-008C-45C3-BB74-CF124B8527E0}\ Provider = Picasa3 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\Google\Picasa3\Picasa3.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{1ECAA3F6-F8FA-4BB3-AEE3-4CDB8E9F40E5}\ Provider = MP Navigator Ver3.1 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\Canon\MP Navigator 3.1\mpn31.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WinampPlayMediaOnArrival\ Provider = Winamp InvokeProgID = Winamp.File InvokeVerb = Play HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = "C:\Program Files (x86)\Winamp\winamp.exe" "%1" [Nullsoft, Inc.] Startup items in "DOOMinik" & "All Users" startup folders: ---------------------------------------------------------- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Logitech SetPoint -> shortcut to: C:\Program Files\Logitech\SetPoint\SetPoint.exe [Logitech, Inc.] McAfee Security Scan Plus -> shortcut to: C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [McAfee, Inc.] Non-disabled Scheduled Tasks: ----------------------------- C:\Users\DOOMinik\AppData\Local\Microsoft\Windows Sidebar\Settings.ini C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] At1 -> launches: C:\Program Files (x86)\pandora_agent\scripts\restart_pandora_agent.bat [null data] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] GoogleUpdateTaskUserS-1-5-21-2714504972-3378950609-2257419889-1001Core -> launches: C:\Users\DOOMinik\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskUserS-1-5-21-2714504972-3378950609-2257419889-1001UA -> launches: C:\Users\DOOMinik\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] RealUpgradeLogonTaskS-1-5-21-2714504972-3378950609-2257419889-1001 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck [RealNetworks, Inc.] RealUpgradeScheduledTaskS-1-5-21-2714504972-3378950609-2257419889-1001 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck [RealNetworks, Inc.] ReclaimerUpdateFiles_DOOMinik -> launches: C:\Users\DOOMinik\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe /UpdateFiles [RealNetworks, Inc.] ReclaimerUpdateXML_DOOMinik -> launches: C:\Users\DOOMinik\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe /UpdateXML [RealNetworks, Inc.] RMAutoUpdate -> launches: C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [PC Tools] RNUpgradeHelperLogonPrompt_DOOMinik -> launches: C:\Users\DOOMinik\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe /prompt os_boot [RealNetworks, Inc.] RNUpgradeHelperResumePrompt_DOOMinik -> launches: C:\Users\DOOMinik\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe /prompt os_resume [RealNetworks, Inc.] SidebarExecute -> launches: C:\Program Files (x86)\Windows Sidebar\sidebar.exe /addGadget [MS] {5D28DD81-7EDE-4371-9A62-8E3922D88FAC} -> launches: C:\Windows\system32\pcalua.exe -a F:\Msetup4.exe -d F:\ [MS] {AD37F0F5-572E-463C-B170-14F363744DA7} -> launches: C:\Program Files (x86)\Skype\\Phone\Skype.exe [Skype Technologies S.A.] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] C:\Windows\System32\Tasks\DOOMinik-kom DOOMinik - Start WLAN Tray Applet -> launches: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE [file not found] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM…CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM…CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM…CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM…CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM…Wow…CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM…CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM…Wow…CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM…CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM…CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM…CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM…CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM…CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM…CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM…Wow…CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM…CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM…Wow…CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows Defender MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-2714504972-3378950609-2257419889-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000003\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000006\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} -> {HKLM…CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {0124123D-61B4-456F-AF86-78C53A0790C5} = G Data WebFilter -> {HKLM…CLSID} = G Data WebFilter \InProcServer32\(Default) = C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIEx64.dll [G Data Software AG] {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM…CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {0124123D-61B4-456F-AF86-78C53A0790C5} = G Data WebFilter -> {HKLM…Wow…CLSID} = G Data WebFilter \InProcServer32\(Default) = C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AVKWebIE.dll [G Data Software AG] {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM…Wow…CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Wyślij do programu OneNote MenuText = Wyślij &do programu OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM…CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Notatki połączone programu OneNote MenuText = &Notatki połączone programu OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM…CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM…CLSID} = Skype add-on for Internet Explorer (toolbar button) \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [Skype Technologies S.A.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Wyślij do programu OneNote MenuText = Wyślij &do programu OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM…Wow…CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Notatki połączone programu OneNote MenuText = &Notatki połączone programu OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM…Wow…CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM…Wow…CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Andrea ST Filters Service, AESTFilters, C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [Andrea Electronics Corporation] ArcSoft Exchange Service, ADExchange, C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [ArcSoft Inc.] Creative Audio Service, CTAudSvcService, C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [Creative Technology Ltd] DokanMounter, DokanMounter, C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [null data] G Data AntiVirus Proxy, AVKProxy, "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe" [G Data Software AG] G Data Scanner, GDScan, "C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe" [G Data Software AG] G Data Scheduler, AVKService, "C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe" [G Data Software AG] G Data Strażnik systemu plików, AVKWCtl, "C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe" [G Data Software AG] HWDeviceService64.exe, HWDeviceService64.exe, "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [null data] Macrium Reflect Image Mounting Service, ReflectService, "C:\Program Files\Macrium\Reflect\ReflectService.exe" [null data] NVIDIA Display Driver Service, NVSvc, C:\Windows\system32\nvvsvc.exe [NVIDIA Corporation] NVIDIA Stereoscopic 3D Driver Service, Stereo Service, C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [NVIDIA Corporation] NVIDIA Update Service Daemon, nvUpdatusService, C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [NVIDIA Corporation] Pandora FMS agent, PandoraFMSAgent, C:\Program Files (x86)\pandora_agent\PandoraAgent.exe [Artica ST] PC Tools Startup and Shutdown Monitor service, PCToolsSSDMonitorSvc, C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [PC Tools] PnkBstrA, PnkBstrA, C:\Windows\system32\PnkBstrA.exe [file not found] SigmaTel Audio Service, STacSV, C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe [IDT, Inc.] Skype C2C Service, Skype C2C Service, "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [Skype Technologies S.A.] SupportSoft Repair Service (O2DA), tgsrvc_O2DA, "C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe" /p O2DA [SupportSoft, Inc.] SupportSoft Sprocket Service (O2DA), sprtsvc_O2DA, "C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe" /service /P O2DA [SupportSoft, Inc.] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> SprtListen, Service <> SprtListenPush, Service <> SupportSoft RemoteAssist, Service <> vsmon, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor MP140 series\Driver = CNMLM8R.DLL [CANON INC.] ---------- (launch time: 2012-10-30 16:32:48) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 152 seconds)