"Silent Runners.vbs", revision 64, http://www.silentrunners.org/ Operating System: Microsoft Windows 7 Ultimate Service Pack 1 (32-bit) Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Gadwin PrintScreen = C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash [Gadwin Systems, Inc] Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} PWRISOVM.EXE = C:\Program Files\PowerISO\PWRISOVM.EXE [PowerISO Computing, Inc.] SysTrayApp = C:\Program Files\IDT\WDM\sttray.exe SSBkgdUpdate = "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [Nuance Communications, Inc.] OpwareSE4 = "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [Nuance Communications, Inc.] egui = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [ESET] IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation] HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation] Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation] SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe NSU_agent = "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [null data] Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [Adobe Systems Incorporated] Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Sun Microsystems, Inc.] GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM…CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM…CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM…CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM…CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [Sun Microsystems, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [null data] {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = PowerISO -> {HKLM…CLSID} = PowerISO \InProcServer32\(Default) = C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO Computing, Inc.] {23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension -> {HKLM…CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] {B089FE88-FB52-11D3-BDF1-0050DA34150D} = ESET Smart Security - Context Menu Shell Extension -> {HKLM…CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [ESET] {2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Incorporated] {59A3380E-5305-4cea-BD99-4F2FF510C91F} = FineReader9ContextMenu -> {HKLM…CLSID} = FineReader9.FRContextMenu.1 \InProcServer32\(Default) = C:\Program Files\ABBYY FineReader 9.0\FRIntegration.dll [ABBYY Software Ltd] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM…CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM…CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM…CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM…CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM…CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler -> {HKLM…CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler -> {HKLM…CLSID} = Microsoft Office Outlook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL [MS] {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search -> {HKLM…CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM…CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM…CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM…CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945} -> {HKLM…CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> grooveLocalGWS\CLSID = {88FED34C-F0CA-4636-A375-3CB6248B04CD} -> {HKLM…CLSID} = Local Groove Web Services Protocol \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [MS] <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM…CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8} -> {HKLM…CLSID} = Skype IE add-on Pluggable Protocol \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.] <> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -> {HKLM…CLSID} = IEProtocolHandler Class \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [Skype Technologies] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM…CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] ESET Smart Security - Context Menu Shell Extension\(Default) = {B089FE88-FB52-11D3-BDF1-0050DA34150D} -> {HKLM…CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [ESET] FineReader9ContextMenu\(Default) = {59A3380E-5305-4cea-BD99-4F2FF510C91F} -> {HKLM…CLSID} = FineReader9.FRContextMenu.1 \InProcServer32\(Default) = C:\Program Files\ABBYY FineReader 9.0\FRIntegration.dll [ABBYY Software Ltd] Notepad++\(Default) = {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} -> {HKLM…CLSID} = Notepad++ \InProcServer32\(Default) = C:\Program Files\Notepad++\NppShell_04.dll [null data] PowerISO\(Default) = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} -> {HKLM…CLSID} = PowerISO \InProcServer32\(Default) = C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO Computing, Inc.] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM…CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] PowerISO\(Default) = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} -> {HKLM…CLSID} = PowerISO \InProcServer32\(Default) = C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO Computing, Inc.] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM…CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [null data] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} -> {HKLM…CLSID} = GraphicsShellExt Class \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM…CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ ESET Smart Security - Context Menu Shell Extension\(Default) = {B089FE88-FB52-11D3-BDF1-0050DA34150D} -> {HKLM…CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [ESET] PowerISO\(Default) = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} -> {HKLM…CLSID} = PowerISO \InProcServer32\(Default) = C:\Program Files\PowerISO\PWRISOSH.DLL [PowerISO Computing, Inc.] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [null data] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM…CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\alex\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ ACDSeeAcquirePicturesOnArrival\ Provider = ACDSee InvokeProgID = ACDSee.AutoPlayHandlerAcquire InvokeVerb = Acquire HKLM\SOFTWARE\Classes\ACDSee.AutoPlayHandlerAcquire\shell\Acquire\command\(Default) = "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" /detect:%1 [ACD Systems Ltd.] ACDSeeShowPicturesOnArrival\ Provider = ACDSee InvokeProgID = ACDSee.AutoPlayHandler InvokeVerb = Open HKLM\SOFTWARE\Classes\ACDSee.AutoPlayHandler\shell\Open\command\(Default) = "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" [ACD Systems Ltd.] BSplayerCDDA\ Provider = BS.Player multimedia player InvokeProgID = BSP.plist InvokeVerb = play HKCU\Software\Classes\BSP.plist\shell\play\command\(Default) = C:\Program Files\Webteh\BSplayer\bsplayer.exe "%L" [AB Team] BSplayerMusic\ Provider = BS.Player multimedia player InvokeProgID = BSP.plist InvokeVerb = play HKCU\Software\Classes\BSP.plist\shell\play\command\(Default) = C:\Program Files\Webteh\BSplayer\bsplayer.exe "%L" [AB Team] BSplayerVideo\ Provider = BS.Player multimedia player InvokeProgID = BSP.plist InvokeVerb = play HKCU\Software\Classes\BSP.plist\shell\play\command\(Default) = C:\Program Files\Webteh\BSplayer\bsplayer.exe "%L" [AB Team] GOMPlayDVDOnArrival\ Provider = GOM Player InvokeProgID = GomPlayer.DVD InvokeVerb = open HKLM\SOFTWARE\Classes\GomPlayer.DVD\shell\open\command\(Default) = "C:\Program Files\GRETECH\GomPlayer\GOM.EXE" /open "%1" [Gretech Corp.] GOMPlayMediaOnArrival\ Provider = GOM Player InvokeProgID = GomPlayer.MediaFile InvokeVerb = open HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\command\(Default) = "C:\Program Files\GRETECH\GomPlayer\GOM.EXE" /open "%1" [Gretech Corp.] HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\DropTarget\CLSID = {D0F0AD6B-ECCC-401E-8E71-C4363D41399C} -> {HKLM…CLSID} = (no title provided) \LocalServer32\(Default) = "C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.EXE" [Gretech Corp.] NokiaMusicBurnCD\ Provider = Nokia Music InvokeProgID = NokiaMusic.Autoplay InvokeVerb = BurnCD HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\shell\BurnCD\command\(Default) = "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:Burn %L /device:CD %L [null data] NokiaMusicPlayCD\ Provider = Nokia Music InvokeProgID = NokiaMusic.Autoplay InvokeVerb = PlayCD HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\shell\PlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:PlayCD %L /device:CD %L [null data] NokiaMusicRipCD\ Provider = Nokia Music InvokeProgID = NokiaMusic.Autoplay InvokeVerb = RipCD HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\shell\RipCD\command\(Default) = "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:Rip %L /device:CD %L [null data] NokiaMusicViewCD\ Provider = Nokia Music InvokeProgID = NokiaMusic.Autoplay InvokeVerb = ViewCD HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\shell\ViewCD\command\(Default) = "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /device:CD %L [null data] NokiaMusicViewDevice\ Provider = Nokia Music ProgID = NokiaMusic.Autoplay HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\CLSID\(Default) = {546811A4-510D-4E15-9679-DD6A27C5CCB3} -> {HKLM…CLSID} = Nokia.Multimedia.Euphoria.UI.CommandLineHandling.Launcher \LocalServer32\(Default) = C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe [null data] NPAutoPlayHandler\ Provider = Nokia Photos InvokeProgID = NPAutoPlay InvokeVerb = import HKLM\SOFTWARE\Classes\NPAutoPlay\shell\import\command\(Default) = C:\Program Files\Nokia\Nokia Photos\NokiaPhotos2.exe -import %1 [null data] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1 [the VideoLAN Team] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1 [the VideoLAN Team] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1 [the VideoLAN Team] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1 [the VideoLAN Team] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team] WIA_{09F0733C-429B-400E-B9C9-61152B8EA904}\ Provider = ABBYY FineReader 9.0 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\ABBYY FineReader 9.0\AbbyySti.exe /clsid {E4393000-DA9E-4C40-BBB8-00C66A95623D} /StiDevice:%1 /StiEvent:%2; -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{8B2F926D-E7F8-4493-94FF-DAACEA6825D5}\ Provider = ACDSee 9.0 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;start ACDSeeQV.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{A275856F-F280-44A8-86BE-90283761CA07}\ Provider = OmniPage SE 4 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\ScanSoft\OmniPageSE4\omnipage.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM…CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WinampMTPHandler\ Provider = Winamp ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\Program Files\Winamp\winamp.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM…CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] WinampPlayMediaOnArrival\ Provider = Winamp InvokeProgID = Winamp.File InvokeVerb = Play HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = "C:\Program Files\Winamp\winamp.exe" "%1" [Nullsoft, Inc.] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = {46986115-84D6-459c-8F95-52DD653E532E} -> {HKLM…CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\Winamp\winamp.exe" [Nullsoft, Inc.] Startup items in "alex" & "All Users" startup folders: ------------------------------------------------------ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma Loader -> shortcut to: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [Adobe Systems, Inc.] Windows Sidebar Gadgets: ------------------------ C:\Users\alex\AppData\Local\Microsoft\Windows Sidebar\Settings.ini "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CWeather.Gadget" Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 30 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Send to OneNote MenuText = S&end to OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM…CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [MS] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call MenuText = Skype Click to Call CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM…CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Research Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> _Tabs = res://ieframe.dll/tabswelcome.htm [MS] HOSTS file ---------- C:\Windows\System32\drivers\etc\HOSTS maps: 3 domain names to IP addresses, 2 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ABBYY FineReader 9.0 PE Licensing Service, ABBYY.Licensing.FineReader.Professional.9.0, "C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service [ABBYY (BIT Software)] Andrea ST Filters Service, AESTFilters, C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [Andrea Electronics Corporation] Audio Service, STacSV, C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [IDT, Inc.] ESET Service, ekrn, "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [ESET] HWDeviceService.exe, HWDeviceService.exe, "C:\ProgramData\DatacardService\HWDeviceService.exe" -/service [null data] Lookout Citadel Server, LkCitadelServer, C:\Windows\system32\lkcitdl.exe [National Instruments, Inc.] Machine Debug Manager, MDM, "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [MS] National Instruments Domain Service, NIDomainService, "C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe" [National Instruments, Inc.] National Instruments PSP Server Locator, lkClassAds, C:\Windows\system32\lkads.exe [National Instruments, Inc.] National Instruments Time Synchronization, lkTimeSync, C:\Windows\system32\lktsrv.exe [National Instruments, Inc.] NI Service Locator, niSvcLoc, C:\Windows\system32\nisvcloc.exe -s [National Instruments Corp.] Yahoo! Updater, YahooAUService, "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" [Yahoo! Inc.] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor MP210 series\Driver = CNMLM8S.DLL [CANON INC.] PCL hpz3lw71\Driver = hpz3lw71.dll [Hewlett-Packard Corporation] Send To Microsoft OneNote Monitor\Driver = msonpmon.dll [MS] ---------- (launch time: 2012-09-16 21:02:07) <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 704 seconds. ---------- (total run time: 799 seconds)