"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Operating System: Microsoft® Windows Vista™ Home Basic Service Pack 2 (32-bit) Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} QPrinter 2.0 monitor = C:\Program Files\QPrinter Bookmaker\qprintmon --server [null data] COMODO Internet Security = "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [COMODO] SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [Synaptics, Inc.] Windows Mobile-based device management = C:\Windows\WindowsMobile\wmdSync.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ "DropboxExt1"\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt2"\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt3"\(Default) = {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt4"\(Default) = {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt5"\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt6"\(Default) = {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt7"\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] "DropboxExt8"\(Default) = {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] GDriveBlacklistedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google] GDriveSharedEditOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google] GDriveSharedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google] GDriveSharedViewOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google] GDriveSyncedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google] GDriveSyncingOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files\Google\Drive\googledrivesync32.dll [Google] HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {7F67036B-66F1-411A-AD85-759FB9C5B0DB} = SampleView -> {HKLM...CLSID} = SampleView \InProcServer32\(Default) = C:\Windows\System32\ShellvRTF.dll [XSS] {2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics, Inc.] {4255A182-CAD9-4214-A19B-7BA7FB633BBD} = Comodo Antivirus -> {HKLM...CLSID} = Comodo AntiVirus \InProcServer32\(Default) = C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [COMODO] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll [MS] {c5aec3ec-e812-4677-a9a7-4fee1f9aa000} = Icaros Thumbnail Provider -> {HKLM...CLSID} = Icaros Thumbnail Provider \InProcServer32\(Default) = C:\Program Files\K-Lite Codec Pack\Icaros\IcarosThumbnailProvider.dll [Tabibito Technology] {0c08e2bb-d10b-4cc9-b1b3-701f5be9d6ec} = IcarosPropertyHandler -> {HKLM...CLSID} = IcarosPropertyHandler.IcarosPropertyHandler \InProcServer32\(Default) = mscoree.dll [MS] {23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} = Nokia Phone Browser -> {HKLM...CLSID} = Nokia Phone Browser \InProcServer32\(Default) = C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll [Nokia] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <> BootExecute = autocheck autochk *| [file not found]|sdnclean.exe [Safer Networking Limited] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> mso-offdap11\CLSID = {32505114-5902-49B2-880A-1F7738E5A384} -> {HKLM...CLSID} = Data Page Plugable Protocal mso-offdap11 Handler \InProcServer32\(Default) = c:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL [MS] <> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -> {HKLM...CLSID} = IEProtocolHandler Class \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [Skype Technologies] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] Comodo Antivirus\(Default) = {4255A182-CAD9-4214-A19B-7BA7FB633BBD} -> {HKLM...CLSID} = Comodo AntiVirus \InProcServer32\(Default) = C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [COMODO] GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6} -> {HKLM...CLSID} = GDContextMenu Class \InProcServer32\(Default) = C:\Program Files\Google\Drive\contextmenu32.dll [Google] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6} -> {HKLM...CLSID} = GDContextMenu Class \InProcServer32\(Default) = C:\Program Files\Google\Drive\contextmenu32.dll [Google] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ Nokia\(Default) = {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} -> {HKLM...CLSID} = Nokia Phone Browser \InProcServer32\(Default) = C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll [Nokia] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} -> {HKLM...CLSID} = GraphicsShellExt Class \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Comodo Antivirus\(Default) = {4255A182-CAD9-4214-A19B-7BA7FB633BBD} -> {HKLM...CLSID} = Comodo AntiVirus \InProcServer32\(Default) = C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [COMODO] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [Malwarebytes Corporation] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ Wallpaper = C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\CONSTANSGC\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Windows\system32\logon.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ DropboxAutoplayProxy\ Provider = Dropbox InvokeProgID = Dropbox.AutoplayEventHandlerProxy InvokeVerb = import HKLM\SOFTWARE\Classes\Dropbox.AutoplayEventHandlerProxy\shell\import\DropTarget\CLSID = {F38F335B-BC2E-450E-8FC6-0E13E17FC8FE} -> {HKLM...CLSID} = Dropbox Autoplay Proxy COM Server \LocalServer32\(Default) = C:\Program Files\Dropbox\DropboxProxy.exe /autoplayproxy [Dropbox, Inc.] IviDVDEventHandler\ Provider = InterVideo WinDVD InvokeProgID = Ivi.MediaFile InvokeVerb = play HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = "C:\Program Files\InterVideo\WinDVD\WinDVD.exe" %1 [InterVideo Inc.] IviVideoCDHandler\ Provider = InterVideo WinDVD InvokeProgID = Ivi.MediaFile InvokeVerb = play HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = "C:\Program Files\InterVideo\WinDVD\WinDVD.exe" %1 [InterVideo Inc.] Lexmark_2500_Series\ Provider = Lexmark Imaging Studio-Lexmark 2500 Series InvokeProgID = Lexmark_2500_Series InvokeVerb = Play HKLM\SOFTWARE\Classes\Lexmark_2500_Series\shell\Play\DropTarget\CLSID = {4D36E979-E325-11CE-BFC1-08002BE10318} -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\Lexmark 2500 Series\lxddamon.exe [null data] MPCPlayBluRayOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayBlurayMovie HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %L\BDMV\INDEX.BDMV [MPC-HC Team] MPCPlayCDAudioOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayCDAudio HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd [MPC-HC Team] MPCPlayDVDMovieOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayDVDMovie HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd [MPC-HC Team] MPCPlayMusicFilesOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayMusicFiles HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team] MPCPlayVideoFilesOnArrival\ Provider = Media Player Classic InvokeProgID = MediaPlayerClassic.Autorun InvokeVerb = PlayVideoFiles HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team] RoxioSCAudioCDTask33\ Provider = Roxio Creator Audio InvokeProgID = Roxio.RoxioCentral33 InvokeVerb = AudioCDTask HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\AudioCDTask\Command\(Default) = "c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {8E376824-EA6C-4CB7-AA05-A30CB84D359B} [null data] RoxioSCCopyCD33\ Provider = Roxio Creator Copy InvokeProgID = Roxio.RoxioCentral33 InvokeVerb = ExactCopyJob HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = "c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA} [null data] RoxioSCCopyDisc33\ Provider = Roxio Creator Copy InvokeProgID = Roxio.RoxioCentral33 InvokeVerb = ExactCopyJob HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = "c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA} [null data] RoxioSCDataProject33\ Provider = Roxio Creator Data InvokeProgID = Roxio.RoxioCentral33 InvokeVerb = DataGuide HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataGuide\Command\(Default) = "c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch Data [null data] RoxioSCDataTask33\ Provider = Roxio Creator Data InvokeProgID = Roxio.RoxioCentral33 InvokeVerb = DataTask HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataTask\Command\(Default) = "c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {D085B12D-4D9B-49C2-8323-5053831CBD54} [null data] WIA_{4863E453-780D-401D-90FD-97EE6AAA8499}\ Provider = Microsoft Office Word CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /IMG_WIA; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{E97D3921-5CB1-4DF2-B488-303849E78285}\ Provider = Microsoft Office Word CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\Office12\WINWORD.EXE /IMG_WIA; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Startup items in "CONSTANSGC" & "All Users" startup folders: ------------------------------------------------------------ C:\Users\CONSTANSGC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} Dropbox -> shortcut to: C:\Users\CONSTANSGC\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [Dropbox, Inc.] Windows Sidebar Gadgets: {++} ------------------------ C:\Users\CONSTANSGC\AppData\Local\Microsoft\Windows Sidebar\Settings.ini %PROGRAMFILES%\windows sidebar\gadgets\Clock.gadget %PROGRAMFILES%\windows sidebar\gadgets\SlideShow.Gadget %PROGRAMFILES%\windows sidebar\gadgets\RSSFeeds.Gadget Non-disabled Scheduled Tasks: {++} ----------------------------- C:\WINDOWS\System32\Tasks CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] C:\WINDOWS\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask-Roam -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] OptinNotification -> launches: %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0 [MS] VistaSP1CEIP -> (HIDDEN!) launches: %systemroot%\servicing\vsp1ceip.exe /delete /tn "\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP" /f [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -i [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] TMM -> launches: {35EF4182-F900-4632-B072-8639E4478A61} -> {HKLM...CLSID} = Transient Multi-Monitor Manager \InProcServer32\(Default) = C:\Windows\System32\TMM.dll [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\NetworkAccessProtection NAPStatus UI -> launches: {f09878a1-4652-4292-aa63-8c7d4fd7648f} -> {HKLM...CLSID} = Nap ITask Handler Implementation \InProcServer32\(Default) = C:\Windows\System32\QAgent.dll [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\PLA\System ConvertLogEntries -> (HIDDEN!) launches: %windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\RAC RACAgent -> (HIDDEN!) launches: %windir%\system32\RacAgent.exe [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell CrawlStartPages -> launches: {51653423-e62d-4ff7-894a-dabb2b8e21e2} -> {HKLM...CLSID} = CrawlStartPages Task Handler \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] WSHReset -> (HIDDEN!) launches: %systemroot%\system32\netsh.exe interface tcp set heuristic wsh=default [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\WINDOWS\System32\Tasks\Microsoft\Windows\Wired GatherWiredInfo -> launches: %windir%\system32\gatherWiredInfo.vbs [null data] C:\WINDOWS\System32\Tasks\Microsoft\Windows\Wireless GatherWirelessInfo -> launches: %windir%\system32\gatherWirelessInfo.vbs [null data] C:\WINDOWS\System32\Tasks\WPD SqmUpload_S-1-5-21-1175997802-332614115-1566058861-1006 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000007\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 45 All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}): --------------------------------------------------------------------------- Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Adobe Flash Player Update Service, AdobeFlashPlayerUpdateSvc, C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] Aplikacja systemowa modelu COM+, COMSysApp, C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [MS] Com4QLBEx, Com4QLBEx, "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [Hewlett-Packard Development Company, L.P.] COMODO Internet Security Helper Service, cmdAgent, "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [COMODO] COMODO livePCsupport Service, CLPSLS, C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [COMODO] CoreScanner, CoreScanner, "C:\Program Files\Motorola Scanner\Common\CoreScanner.exe" [Motorola Solutions, Inc.] HP Health Check Service, HP Health Check Service, "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [null data] hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" [Hewlett-Packard Development Company, L.P.] Instalator Windows, msiserver, C:\Windows\system32\msiexec /V [MS] InstallDriver Table Manager, IDriverT, "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [Macrovision Corporation] IviRegMgr, IviRegMgr, C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [InterVideo] lxdd_device, lxdd_device, C:\Windows\system32\lxddcoms.exe -service [ ] lxddCATSCustConnectService, lxddCATSCustConnectService, C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [Lexmark International, Inc.] McAfee Security Scan Component Host Service, McComponentHostService, "C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe" [McAfee, Inc.] Microsoft .NET Framework NGEN v2.0.50727_X86, clr_optimization_v2.0.50727_32, C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [MS] Microsoft .NET Framework NGEN v4.0.30319_X86, clr_optimization_v4.0.30319_32, C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [MS] Mozilla Maintenance Service, MozillaMaintenance, "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [Mozilla Foundation] Net Driver HPZ12, Net Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZinw12.dll [Hewlett-Packard]} Office Source Engine, ose, "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [MS] Pml Driver HPZ12, Pml Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZipm12.dll [Hewlett-Packard]} RSM Driver Provider Service, rsmdriverproviderservice, C:\Program Files\Motorola Scanner\Common\RSMDriverProviderService.exe [Motorola Solutions, Inc.] ServiceLayer, ServiceLayer, "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" [Nokia] Skype Updater, SkypeUpdate, "C:\Program Files\Skype\Updater\Updater.exe" [Skype Technologies] Spybot-S&D 2 Scanner Service, SDScannerService, "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" [Safer-Networking Ltd.] Spybot-S&D 2 Security Center Service, SDWSCService, C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [Safer-Networking Ltd.] Spybot-S&D 2 Updating Service, SDUpdateService, "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" [Safer-Networking Ltd.] SQL Server (MSSMLBIZ), MSSQL$MSSMLBIZ, "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [MS] SQL Server (TITUSPLUSSQL), MSSQL$TITUSPLUSSQL, "c:\Program Files\Microsoft SQL Server\MSSQL10_50.TITUSPLUSSQL\MSSQL\Binn\sqlservr.exe" -sTITUSPLUSSQL [MS] SQL Server Browser, SQLBrowser, "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [MS] SQL Server VSS Writer, SQLWriter, "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [MS] stllssvr, stllssvr, "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [MicroVision Development, Inc.] Symbol Scanner Management, ScnSrvc, C:\Program Files\Motorola Scanner\Common\ScannerService.exe [Motorola Solutions, Inc.] TeamViewer 9, TeamViewer9, "C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe" [TeamViewer GmbH] Udostępnianie połączenia internetowego (ICS), SharedAccess, C:\Windows\System32\svchost.exe -k netsvcs {C:\Windows\System32\ipnathlp.dll [MS]} Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0, FontCache3.0.0.0, C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [MS] Usługa Google Update (gupdate), gupdate, "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [Google Inc.] Usługa Google Update (gupdatem), gupdatem, "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [Google Inc.] Vodafone Mobile Broadband Service, VmbService, "C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe" [null data] Windows Presentation Foundation Font Cache 4.0.0.0, WPFFontCache_v0400, C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [MS] XAudioService, XAudioService, C:\Windows\system32\DRIVERS\xaudio.exe [Conexant Systems, Inc.] Łączność urządzeń z systemem Windows Mobile, RapiMgr, C:\Windows\system32\svchost.exe -k WindowsMobile {C:\Windows\WindowsMobile\rapimgr.dll [MS]} „Usługa stanu ASP.NET, aspnet_state, C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> CLPSLS, Service <> mbamchameleon, Driver HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> CLPSLS, Service <> mbamchameleon, Driver Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ 2500 Series Port\Driver = lxddlmpm.dll [ ] EPSON Stylus DX7400 Series 32MonitorBE\Driver = E_FLBCDE.DLL [SEIKO EPSON CORPORATION] HP Universal Print Monitor\Driver = HPMPW081.DLL [Hewlett-Packard] HPLJ1018LM\Driver = ZLhp1018.DLL [Zenographics, Inc.] HPLJ1020LM\Driver = zlhp1020.dll [null data] HPPMOPJL\Driver = hppmopjl.dll [Hewlett-Packard Company] Microsoft Document Imaging Writer Monitor\Driver = mdimon.dll [MS] Redirected Port\Driver = redmonnt.dll [null data] ---------- (launch time: 2014-09-18 19:36:29) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 66 seconds, including 16 seconds for message boxes)