Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

dllhost.exe COM surrogate problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 31st, 2014, 1:42 pm

Result of Systemlook.

SystemLook 30.07.11 by jpshortstuff
Log created at 12:18 on 31/10/2014 by Dworaks
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
C:\Users\Dworaks\AppData\Local\Microsoft\Internet Explorer\DOMStore\MO3T9C6Q\cdn.adbabylon[1].xml --a---- 13 bytes [13:30 30/10/2014] [13:30 30/10/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

Searching for "*Conduit*"
No files found.

Searching for "*cheapinsurance*"
No files found.

Searching for "*coreclickhoo*"
No files found.

Searching for "*crossrider*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*dealshark*"
No files found.

Searching for "*digitalsite*"
No files found.

Searching for "*filescout*"
No files found.

Searching for "*fighters*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
C:\_OTL\MovedFiles\10312014_072622\C_Windows\SysNative\IObitSmartDefragExtension.dll --a---- 128288 bytes [22:39 28/10/2014] [20:17 04/06/2014] 84E8B979BBBDD23AD84E88FD12236306

Searching for "*Iminent*"
No files found.

Searching for "*istart123*"
No files found.

Searching for "*MyWay*"
No files found.

Searching for "*mobogenie*"
No files found.

Searching for "*optimizer*"
C:\Users\Dworaks\AppData\Local\Microsoft\Internet Explorer\DOMStore\LXKB6ZSR\media.optimizern[1].xml --a---- 13 bytes [02:42 27/10/2014] [02:42 27/10/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Dworaks\AppData\Local\Microsoft\Internet Explorer\DOMStore\XVSXQUAX\media.optimizern[1].xml --a---- 13 bytes [06:52 27/10/2014] [06:52 27/10/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

Searching for "*pricegong*"
No files found.

Searching for "*SafeGuard*"
C:\Users\Dworaks\AppData\Roaming\.minecraft\pixelmon\battles\attacks\specialAttacks\statusAppliers\ApplySafeGuard.class --a---- 2572 bytes [03:50 01/11/2013] [01:52 11/11/2013] 34BF9BBC5D8A26E252F5C7380768F33A
C:\Users\Dworaks\AppData\Roaming\.minecraft\pixelmon\battles\status\SafeGuard.class --a---- 1561 bytes [03:50 01/11/2013] [01:52 11/11/2013] C1990D5A48F33BE0F23D15E845EAA5C3
C:\Users\Dworaks\AppData\Roaming\.minecraft\stats\pixelmon\battles\attacks\specialAttacks\statusAppliers\ApplySafeGuard.class --a---- 2572 bytes [03:50 01/11/2013] [01:50 11/11/2013] 34BF9BBC5D8A26E252F5C7380768F33A
C:\Users\Dworaks\AppData\Roaming\.minecraft\stats\pixelmon\battles\status\SafeGuard.class --a---- 1561 bytes [03:50 01/11/2013] [01:50 11/11/2013] C1990D5A48F33BE0F23D15E845EAA5C3

Searching for "*smartbar*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*searchdonkey*"
No files found.

Searching for "*sprotector*"
No files found.

Searching for "*superfish*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*wajam*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit d------ [21:38 30/10/2014]

Searching for "*cheapinsurance*"
No folders found.

Searching for "*coreclickhoo*"
No folders found.

Searching for "*crossrider*"
No folders found.

Searching for "*dealshark*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*digitalsite*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*fighters*"
No folders found.

Searching for "*filescout*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
C:\_OTL\MovedFiles\10312014_072622\C_Program Files (x86)\IObit d------ [22:37 28/10/2014]
C:\_OTL\MovedFiles\10312014_072622\C_Program Files (x86)\IObit\IObit Malware Fighter d------ [22:37 28/10/2014]
C:\_OTL\MovedFiles\10312014_072622\C_Program Files (x86)\IObit\IObit Uninstaller d------ [22:39 28/10/2014]
C:\_OTL\MovedFiles\10312014_072622\C_ProgramData\IObit d------ [22:37 28/10/2014]
C:\_OTL\MovedFiles\10312014_072622\C_Users\Dworaks\AppData\LocalLow\IObit d------ [22:38 28/10/2014]
C:\_OTL\MovedFiles\10312014_072622\C_Users\Dworaks\AppData\Roaming\IObit d------ [22:37 28/10/2014]
C:\_OTL\MovedFiles\10312014_072622\C_Users\Dworaks\AppData\Roaming\IObit\IObit Malware Fighter d------ [22:37 28/10/2014]
C:\_OTL\MovedFiles\10312014_072622\C_Users\Dworaks\AppData\Roaming\IObit\IObit Uninstaller d------ [22:39 28/10/2014]

Searching for "*Iminent*"
No folders found.

Searching for "*istart123*"
No folders found.

Searching for "*MyWay*"
No folders found.

Searching for "*mobogenie*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie d------ [21:38 30/10/2014]
C:\Users\Dworaks\Documents\MRD_FFL2013\Mobogenie d------ [19:39 09/10/2013]

Searching for "*optimizer*"
No folders found.

Searching for "*pricegong*"
No folders found.

Searching for "*SafeGuard*"
C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_LocalLow_AVG SafeGuard toolbar d-a---- [16:14 31/10/2014]

Searching for "*searchab*"
No folders found.

Searching for "*searchdonkey*"
No folders found.

Searching for "*sprotector*"
No folders found.

Searching for "*superfish*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*wajam*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\adbabylon.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Microsoft\Internet Explorer\DOMStorage\adbabylon.com]

Searching for "Bandoo"
No data found.

Searching for "cheapinsurance"
No data found.

Searching for "coreclickhoo"
No data found.

Searching for "crossrider"
No data found.

Searching for "Conduit"
No data found.

Searching for "datamngr"
No data found.

Searching for "dealshark"
No data found.

Searching for "digitalsite"
No data found.

Searching for "filescout"
No data found.

Searching for "fighters"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Fighters\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Fighters\Tray\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Fighters\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31BD239D95D784B498483A12D33E2144]
"00000000000000000000000000000000"="C?\Program Files (x86)\Fighters\Tray\MsgSys.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F59B50F7DDA9DA4BBC407256A30BD1E]
"00000000000000000000000000000000"="C?\Program Files (x86)\Fighters\Tray\sfhtml.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD23E448AEDD25C48BE860375E05906F]
"00000000000000000000000000000000"="C?\Program Files (x86)\Fighters\Tray\SuiteClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCD882B1A9351254C9EF0CF8A081905A]
"00000000000000000000000000000000"="C?\Program Files (x86)\Fighters\Tray\FightersTray.exe"

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}]
@="IObit Uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command]
@=""C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" control_statistics"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\IObit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Uninstaller"

Searching for "Iminent"
No data found.

Searching for "istart123"
No data found.

Searching for "MyWay"
No data found.

Searching for "mobogenie"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie]
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie]
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie]
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie]

Searching for "optimizer"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Canon Inkjet MP600 Printer]
"PrintTicket"="<?xml version="1.0"?>
<psf:PrintTicket xmlns:psf="http://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlns:psk="http://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:ns0000="http://www.canon.com/ns/printschema/inkjet/v100" xmlns:bpe="http://www.adobe.com/schemas/2006/01/bpeschema"><psf:Feature name="ns0000:PageCartridge"><psf:Option name="ns0000:Color"/></psf:Feature><psf:Feature name="ns0000:PageFormTrayAssign_InputBin"><psf:Option name="ns0000:Cassette"/></psf:Feature><psf:Property name="ns0000:FormTrayAssign_1_InputBin"><psf:Value xsi:type="xsd:string">Cassette</psf:Value></psf:Property><psf:Feature name="ns0000:PageMediaTypeOfFormTrayAssign_1"><psf:Option name="ns0000:Plain"/></psf:Feature><psf:Feature name="ns00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Canon Inkjet MP600 Printer]
"PrintCapabilites"="<?xml version="1.0"?>
<psf:PrintCapabilities xmlns:psf="http://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlns:ns0000="http://www.canon.com/ns/printschema/inkjet/v100" xmlns:psk="http://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:bpe="http://www.adobe.com/schemas/2006/01/bpeschema"><psf:ParameterDef name="ns0000:PageDevmodeSnapshot"><psf:Property name="psf:DataType"><psf:Value xsi:type="xsd:QName">xsd:string</psf:Value></psf:Property><psf:Property name="psf:UnitType"><psf:Value xsi:type="xsd:string">base64</psf:Value></psf:Property><psf:Property name="psf:DefaultValue"><psf:Value xsi:type="xsd:string">QwBhAG4AbwBuACAASQBuAGsAagBlAHQAIABNAFAANgAwADAAIABQAHIAaQBuAHQAZQByAAAAUAA2ADAAMAAAAAEEAAbcAAgMQ/+BBwIAAQD
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Canon Inkjet MP600 Printer]
"PrintTicket"="<?xml version="1.0"?>
<psf:PrintTicket xmlns:psf="http://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlns:psk="http://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:ns0000="http://www.canon.com/ns/printschema/inkjet/v100" xmlns:bpe="http://www.adobe.com/schemas/2006/01/bpeschema"><psf:Feature name="ns0000:PageCartridge"><psf:Option name="ns0000:Color"/></psf:Feature><psf:Feature name="ns0000:PageFormTrayAssign_InputBin"><psf:Option name="ns0000:Cassette"/></psf:Feature><psf:Property name="ns0000:FormTrayAssign_1_InputBin"><psf:Value xsi:type="xsd:string">Cassette</psf:Value></psf:Property><psf:Feature name="ns0000:PageMediaTypeOfFormTrayAssign_1"><psf:Option name="ns0000:Plain
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Canon Inkjet MP600 Printer]
"PrintCapabilites"="<?xml version="1.0"?>
<psf:PrintCapabilities xmlns:psf="http://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlns:ns0000="http://www.canon.com/ns/printschema/inkjet/v100" xmlns:psk="http://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:bpe="http://www.adobe.com/schemas/2006/01/bpeschema"><psf:ParameterDef name="ns0000:PageDevmodeSnapshot"><psf:Property name="psf:DataType"><psf:Value xsi:type="xsd:QName">xsd:string</psf:Value></psf:Property><psf:Property name="psf:UnitType"><psf:Value xsi:type="xsd:string">base64</psf:Value></psf:Property><psf:Property name="psf:DefaultValue"><psf:Value xsi:type="xsd:string">QwBhAG4AbwBuACAASQBuAGsAagBlAHQAIABNAFAANgAwADAAIABQAHIAaQBuAHQAZQB

Searching for "pricegong"
No data found.

Searching for "SafeGuard"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASMANCS]

Searching for "searchab"
No data found.

Searching for "searchdonkey"
No data found.

Searching for "smartbar"
No data found.

Searching for "sprotector"
No data found.

Searching for "superfish"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
"DllName"="SuperfishIEAddon.dll;SuperfishIEAddon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
"DllName"="SuperfishIEAddon.dll;SuperfishIEAddon.dll"

Searching for "Tarma"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "wajam"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm
Advertisement
Register to Remove

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 31st, 2014, 1:44 pm

Thanks again for all your help so far.. Item E: asks if I see any change in computer behavior. I still see the Malware pop ups and dllhost.exe consuming resources.
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby pgmigg » October 31st, 2014, 5:11 pm

Hello lynda,

Thanks again for all your help so far..
You are welcome! :D
Item E: asks if I see any change in computer behavior.
This question is very important because in the process of assisting, the computer is actively used and its status may change not only due to the applied treatment, but also for other reasons which I need to know to prepare my instructions to be most effective.
I still see the Malware pop ups
If you see Malwarebyte Anti-Malware (MBAM) warning that "Malicious Website Blocked" it means that MBAM worked and does it very well! MBAM checked every opened website in database and blocked your access there if website is malicious or potentially dangerous.
and dllhost.exe consuming resources.
We are still not finished yet...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Users\Dworaks\AppData\Local\Microsoft\Internet Explorer\DOMStore\MO3T9C6Q\cdn.adbabylon[1].xml
    C:\Users\Dworaks\Documents\MRD_FFL2013\Mobogenie
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\adbabylon.com]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    "DllName"=-
    [HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Microsoft\Internet Explorer\DOMStorage\adbabylon.com]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Fighters\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Fighters\Tray\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Fighters\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31BD239D95D784B498483A12D33E2144]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F59B50F7DDA9DA4BBC407256A30BD1E]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD23E448AEDD25C48BE860375E05906F]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCD882B1A9351254C9EF0CF8A081905A]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\IObit]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
    @=""
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie]
    [-HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie]
    [-HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie]
    [-HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
    "DllName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
    "DllName"=-
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech]
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
ZOEK Scan
You should still have zoek.exe on your desktop.
  1. Please temporarily disable your AntiVirus program as shown in This topic now to avoid potential conflicts during both download and run.
  2. Close any open browsers.
  3. Right click on zoek.exe and select "Run as administrator..." to run it. If prompted by UAC, please allow it.
  4. Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  5. Click the More Options button below the large panel and check the box:
    • Do a Deep Scan
    • Silent Runners
    • System Specs
    • Startup Information
    • Installed Programs
    • Uninstall List
    • Running Processes
    • Recently Created
  6. Click on Run script button
  7. Please wait patiently (it may take a while) until a log report will open (this may be after reboot, if required)
  8. Copy and paste the contents of the opened entire report into your next reply.
    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Step 3.
SystemLook
You should still have SystemLook_x64.exe on your desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *ctfmon*
    *dllhost*
    
    :folderfind
    *ctfmon*
    *dllhost*
    
    :Regfind
    ctfmon
    dllhost
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the zoek-results.log file
  4. Contents of the SystemLook.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
Last edited by pgmigg on November 1st, 2014, 12:26 am, edited 1 time in total.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 31st, 2014, 6:15 pm

Results of OTL:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Dworaks\AppData\Local\Microsoft\Internet Explorer\DOMStore\MO3T9C6Q\cdn.adbabylon[1].xml moved successfully.
C:\Users\Dworaks\Documents\MRD_FFL2013\Mobogenie folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\adbabylon.com\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31BD239D95D784B498483A12D33E2144 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F59B50F7DDA9DA4BBC407256A30BD1E not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD23E448AEDD25C48BE860375E05906F not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCD882B1A9351254C9EF0CF8A081905A not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\IObit\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie\ not found.
Registry key HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie\ not found.
Registry key HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\\DllName not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dworaks
->Temp folder emptied: 1305383285 bytes
->Temporary Internet Files folder emptied: 545434 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15297343 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 151831 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,260.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10312014_165513

Files\Folders moved on Reboot...
C:\Users\Dworaks\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dworaks\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\DWORAKS-PC-20141031-1214.log moved successfully.
File\Folder C:\Windows\temp\officeclicktorun.exe_c2ruidll(2014103112145172C).log not found!
File\Folder C:\Windows\temp\officeclicktorun.exe_streamserver(2014103112145172C).log not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 31st, 2014, 6:45 pm

Results from Systemlook:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:31 on 31/10/2014 by Dworaks
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
C:\_OTL\MovedFiles\10312014_165513\C_Users\Dworaks\AppData\Local\Microsoft\Internet Explorer\DOMStore\MO3T9C6Q\cdn.adbabylon[1].xml --a---- 13 bytes [13:30 30/10/2014] [13:30 30/10/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

Searching for "*Conduit*"
No files found.

Searching for "*cheapinsurance*"
No files found.

Searching for "*coreclickhoo*"
No files found.

Searching for "*crossrider*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*dealshark*"
No files found.

Searching for "*digitalsite*"
No files found.

Searching for "*filescout*"
No files found.

Searching for "*fighters*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
C:\_OTL\MovedFiles\10312014_072622\C_Windows\SysNative\IObitSmartDefragExtension.dll --a---- 128288 bytes [22:39 28/10/2014] [20:17 04/06/2014] 84E8B979BBBDD23AD84E88FD12236306

Searching for "*Iminent*"
No files found.

Searching for "*istart123*"
No files found.

Searching for "*MyWay*"
No files found.

Searching for "*mobogenie*"
No files found.

Searching for "*optimizer*"
C:\Users\Dworaks\AppData\Local\Microsoft\Internet Explorer\DOMStore\LXKB6ZSR\media.optimizern[1].xml --a---- 13 bytes [02:42 27/10/2014] [02:42 27/10/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Dworaks\AppData\Local\Microsoft\Internet Explorer\DOMStore\XVSXQUAX\media.optimizern[1].xml --a---- 13 bytes [06:52 27/10/2014] [06:52 27/10/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

Searching for "*pricegong*"
No files found.

Searching for "*SafeGuard*"
C:\Users\Dworaks\AppData\Roaming\.minecraft\pixelmon\battles\attacks\specialAttacks\statusAppliers\ApplySafeGuard.class --a---- 2848 bytes [03:50 01/11/2013] [01:52 11/11/2013] DD53C8B557D5DC4FA7C13C2E9A3AB4B2
C:\Users\Dworaks\AppData\Roaming\.minecraft\pixelmon\battles\status\SafeGuard.class --a---- 1840 bytes [03:50 01/11/2013] [01:52 11/11/2013] BC34F3AF63482C422D774E50B64FB4C8
C:\Users\Dworaks\AppData\Roaming\.minecraft\stats\pixelmon\battles\attacks\specialAttacks\statusAppliers\ApplySafeGuard.class --a---- 2848 bytes [03:50 01/11/2013] [01:50 11/11/2013] DF08D682C4CB51A002874356A8D6DB6F
C:\Users\Dworaks\AppData\Roaming\.minecraft\stats\pixelmon\battles\status\SafeGuard.class --a---- 1840 bytes [03:50 01/11/2013] [01:50 11/11/2013] 4C854752F61DE8411197C1B0E814968A

Searching for "*smartbar*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*searchdonkey*"
No files found.

Searching for "*sprotector*"
No files found.

Searching for "*superfish*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*wajam*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit d------ [21:38 30/10/2014]

Searching for "*cheapinsurance*"
No folders found.

Searching for "*coreclickhoo*"
No folders found.

Searching for "*crossrider*"
No folders found.

Searching for "*dealshark*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*digitalsite*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*fighters*"
No folders found.

Searching for "*filescout*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
C:\_OTL\MovedFiles\10312014_072622\C_Program Files (x86)\IObit d------ [22:37 28/10/2014]
C:\_OTL\MovedFiles\10312014_072622\C_Program Files (x86)\IObit\IObit Malware Fighter d------ [22:37 28/10/2014]
C:\_OTL\MovedFiles\10312014_072622\C_Program Files (x86)\IObit\IObit Uninstaller d------ [22:39 28/10/2014]
C:\_OTL\MovedFiles\10312014_072622\C_ProgramData\IObit d------ [22:37 28/10/2014]
C:\_OTL\MovedFiles\10312014_072622\C_Users\Dworaks\AppData\LocalLow\IObit d------ [22:38 28/10/2014]
C:\_OTL\MovedFiles\10312014_072622\C_Users\Dworaks\AppData\Roaming\IObit d------ [22:37 28/10/2014]
C:\_OTL\MovedFiles\10312014_072622\C_Users\Dworaks\AppData\Roaming\IObit\IObit Malware Fighter d------ [22:37 28/10/2014]
C:\_OTL\MovedFiles\10312014_072622\C_Users\Dworaks\AppData\Roaming\IObit\IObit Uninstaller d------ [22:39 28/10/2014]

Searching for "*Iminent*"
No folders found.

Searching for "*istart123*"
No folders found.

Searching for "*MyWay*"
No folders found.

Searching for "*mobogenie*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie d------ [21:38 30/10/2014]
C:\_OTL\MovedFiles\10312014_165513\C_Users\Dworaks\Documents\MRD_FFL2013\Mobogenie d------ [19:39 09/10/2013]

Searching for "*optimizer*"
No folders found.

Searching for "*pricegong*"
No folders found.

Searching for "*SafeGuard*"
C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_LocalLow_AVG SafeGuard toolbar d-a---- [16:14 31/10/2014]

Searching for "*searchab*"
No folders found.

Searching for "*searchdonkey*"
No folders found.

Searching for "*sprotector*"
No folders found.

Searching for "*superfish*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*wajam*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "cheapinsurance"
No data found.

Searching for "coreclickhoo"
No data found.

Searching for "crossrider"
No data found.

Searching for "Conduit"
No data found.

Searching for "datamngr"
No data found.

Searching for "dealshark"
No data found.

Searching for "digitalsite"
No data found.

Searching for "filescout"
No data found.

Searching for "fighters"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Fighters\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Fighters\Tray\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Fighters\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31BD239D95D784B498483A12D33E2144]
"00000000000000000000000000000000"="C?\Program Files (x86)\Fighters\Tray\MsgSys.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F59B50F7DDA9DA4BBC407256A30BD1E]
"00000000000000000000000000000000"="C?\Program Files (x86)\Fighters\Tray\sfhtml.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD23E448AEDD25C48BE860375E05906F]
"00000000000000000000000000000000"="C?\Program Files (x86)\Fighters\Tray\SuiteClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCD882B1A9351254C9EF0CF8A081905A]
"00000000000000000000000000000000"="C?\Program Files (x86)\Fighters\Tray\FightersTray.exe"

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}]
@="IObit Uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command]
@=""C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" control_statistics"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538}\InprocServer32]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Uninstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\IObit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\Advanced SystemCare 7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Malware Fighter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64]
@="C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR]
@="C:\Program Files (x86)\IObit\IObit Uninstaller"

Searching for "Iminent"
No data found.

Searching for "istart123"
No data found.

Searching for "MyWay"
No data found.

Searching for "mobogenie"
No data found.

Searching for "optimizer"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Canon Inkjet MP600 Printer]
"PrintTicket"="<?xml version="1.0"?>
<psf:PrintTicket xmlns:psf="http://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlns:psk="http://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:ns0000="http://www.canon.com/ns/printschema/inkjet/v100" xmlns:bpe="http://www.adobe.com/schemas/2006/01/bpeschema"><psf:Feature name="ns0000:PageCartridge"><psf:Option name="ns0000:Color"/></psf:Feature><psf:Feature name="ns0000:PageFormTrayAssign_InputBin"><psf:Option name="ns0000:Cassette"/></psf:Feature><psf:Property name="ns0000:FormTrayAssign_1_InputBin"><psf:Value xsi:type="xsd:string">Cassette</psf:Value></psf:Property><psf:Feature name="ns0000:PageMediaTypeOfFormTrayAssign_1"><psf:Option name="ns0000:Plain"/></psf:Feature><psf:Feature name="ns00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Canon Inkjet MP600 Printer]
"PrintCapabilites"="<?xml version="1.0"?>
<psf:PrintCapabilities xmlns:psf="http://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlns:ns0000="http://www.canon.com/ns/printschema/inkjet/v100" xmlns:psk="http://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:bpe="http://www.adobe.com/schemas/2006/01/bpeschema"><psf:ParameterDef name="ns0000:PageDevmodeSnapshot"><psf:Property name="psf:DataType"><psf:Value xsi:type="xsd:QName">xsd:string</psf:Value></psf:Property><psf:Property name="psf:UnitType"><psf:Value xsi:type="xsd:string">base64</psf:Value></psf:Property><psf:Property name="psf:DefaultValue"><psf:Value xsi:type="xsd:string">QwBhAG4AbwBuACAASQBuAGsAagBlAHQAIABNAFAANgAwADAAIABQAHIAaQBuAHQAZQByAAAAUAA2ADAAMAAAAAEEAAbcAAgMQ/+BBwIAAQD
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{62079164-233b-41f8-a80f-f01705f514a8}]
@="EVR Graph Optimizer"
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Canon Inkjet MP600 Printer]
"PrintTicket"="<?xml version="1.0"?>
<psf:PrintTicket xmlns:psf="http://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlns:psk="http://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:ns0000="http://www.canon.com/ns/printschema/inkjet/v100" xmlns:bpe="http://www.adobe.com/schemas/2006/01/bpeschema"><psf:Feature name="ns0000:PageCartridge"><psf:Option name="ns0000:Color"/></psf:Feature><psf:Feature name="ns0000:PageFormTrayAssign_InputBin"><psf:Option name="ns0000:Cassette"/></psf:Feature><psf:Property name="ns0000:FormTrayAssign_1_InputBin"><psf:Value xsi:type="xsd:string">Cassette</psf:Value></psf:Property><psf:Feature name="ns0000:PageMediaTypeOfFormTrayAssign_1"><psf:Option name="ns0000:Plain
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\Canon Inkjet MP600 Printer]
"PrintCapabilites"="<?xml version="1.0"?>
<psf:PrintCapabilities xmlns:psf="http://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlns:ns0000="http://www.canon.com/ns/printschema/inkjet/v100" xmlns:psk="http://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:bpe="http://www.adobe.com/schemas/2006/01/bpeschema"><psf:ParameterDef name="ns0000:PageDevmodeSnapshot"><psf:Property name="psf:DataType"><psf:Value xsi:type="xsd:QName">xsd:string</psf:Value></psf:Property><psf:Property name="psf:UnitType"><psf:Value xsi:type="xsd:string">base64</psf:Value></psf:Property><psf:Property name="psf:DefaultValue"><psf:Value xsi:type="xsd:string">QwBhAG4AbwBuACAASQBuAGsAagBlAHQAIABNAFAANgAwADAAIABQAHIAaQBuAHQAZQB

Searching for "pricegong"
No data found.

Searching for "SafeGuard"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASMANCS]

Searching for "searchab"
No data found.

Searching for "searchdonkey"
No data found.

Searching for "smartbar"
No data found.

Searching for "sprotector"
No data found.

Searching for "superfish"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
"DllName"="SuperfishIEAddon.dll;SuperfishIEAddon.dll"

Searching for "Tarma"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "wajam"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby lynda » October 31st, 2014, 6:46 pm

e: No changes in behavior.
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby pgmigg » November 1st, 2014, 12:37 am

Hello lynda,

It looks like you run one more time the SystemLook scan from my previous set of instructions (with the long list of entries) instead of currently asked (with the short list of entries) and did not run at all the ZOEK scan.
Thus I will repeat the skipped steps again.

Please be more attentive!

Step 1.
ZOEK Scan
You should still have zoek.exe on your desktop.
  1. Please temporarily disable your AntiVirus program as shown in This topic now to avoid potential conflicts during both download and run.
  2. Close any open browsers.
  3. Right click on zoek.exe and select "Run as administrator..." to run it. If prompted by UAC, please allow it.
  4. Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  5. Click the More Options button below the large panel and check the box:
    • Do a Deep Scan
    • Silent Runners
    • System Specs
    • Startup Information
    • Installed Programs
    • Uninstall List
    • Running Processes
    • Recently Created
  6. Click on Run script button
  7. Please wait patiently (it may take a while) until a log report will open (this may be after reboot, if required)
  8. Copy and paste the contents of the opened entire report into your next reply.
    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Step 2.
SystemLook
You should still have SystemLook_x64.exe on your desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *ctfmon*
    *dllhost*
    
    :folderfind
    *ctfmon*
    *dllhost*
    
    :Regfind
    ctfmon
    dllhost
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the zoek-results.log file
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: dllhost.exe COM surrogate problem

Unread postby lynda » November 1st, 2014, 10:48 am

Sorry i must have scrolled to the wrong place when doing these. I'll be more attentive. Thanks for the patience:

Here is the Zoek log from yesterday... it is too large for the forum so will post in two submissions:

Part1:
Zoek.exe v5.0.0.0 Updated 31-10-2014
Tool run by Dworaks on Fri 10/31/2014 at 17:17:01.71.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dworaks\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-10-31-171505.log 8403 bytes

==== Running Processes ======================

C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
C:\Program Files (x86)\Fitbit\fitbit.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Fitbit\fitbit-tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\notepad.exe
C:\Users\Dworaks\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

==== Installed Programs ======================

Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.03)
Apple Application Support
Apple Software Update
Bonjour
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon IJ Scan Utility
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5500 series MP Drivers
Canon MG5500 series On-screen Manual
Canon MG5500 series User Registration
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Quick Menu
Cisco WebEx Meetings
Citrix Access Gateway Endpoint Analysis
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Custom
D3DX10
Dell Client System Update
Dell Data Protection | Access
Dell Edoc Viewer
DellAccess
EMBASSY Client Core
ERAS Connector
Fitbit Base Station (Driver Removal)
Fitbit Connect
Fitbit v2.1.0.9
Gemalto
GemPcCCID
GoPro Studio 2.0.1
Greenshot 1.0.6.2228
H&R Block Deluxe + Efile + State 2013
H&R Block Iowa 2013
HRBlockDirect version 1.1.2.0
Intel(R) Control Center
Intel(R) Network Connections 17.2.154.0
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
iTunes
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Professional Plus 2013 - en-us
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Movie Maker
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Online Plug-in
Origin
PBA Driver-x64
Photo Common
Photo Gallery
Preboot Manager
Private Information Manager
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Self-service Plug-in
SI TSS
SPBA (WBF) 5.9
Star Wars The Old Republic
Star Wars: The Old Republic
TextPad 7
The SimsT 3
The SimsT 3 Generations
The SimsT 3 High-End Loft Stuff
The SimsT 3 Into the Future
The SimsT 3 Island Paradise
The SimsT 3 Late Night
The SimsT 3 Movie Stuff
The SimsT 3 Pets
The SimsT 3 Seasons
The SimsT 3 Showtime
The SimsT 3 Supernatural
The SimsT 3 University Life
The SimsT 3 World Adventures
The SimsT 4 Create A Sim Demo
toolkit32for64bit
Trusted Drive Manager
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Wave Crypto Runtime 2.0.9.0 x64
Wave Crypto Runtime 2.0.9.0 x86
Wave Infrastructure Installer
Wave Support Software Installer
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 6063 MB
CPU Info: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
CPU Speed: 3287.5 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Intel(R) 82579LM Gigabit Network Connection
CD / DVD Drives: 1x (D: | ) D: MATSHITADVD+-RW UJ8E1
Ports: COM1 LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 930.7GB
Hard Disks - Free: C: 759.4GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 06/10/13 | DELL - 1072009
Time Zone: Central Standard Time
Motherboard *: Dell Inc. 0YXT71
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.17358
Mozilla Firefox version: 26.0 (x86 en-US)
Adobe Reader version: 11.0.03.37
Flash Player version: 15.0.0.152

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Dworaks\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-27 22:50:17 EC6626695C7B02FEB4D528D27F48DE93 321536 ----a-w- C:\Windows\SysWOW64\CNC_BUL.dll
2014-10-27 22:50:17 D16CF34B17899F90A8FCF2A3F77B4A27 15872 ----a-w- C:\Windows\SysWOW64\CNHMCA.dll
2014-10-27 22:50:17 CFE8B2CB0511F65137FC6ED1C2749D50 95744 ----a-w- C:\Windows\SysWOW64\CNC1771D.TBL
2014-10-27 22:49:22 6975FBEBF9EA81617D289A375C8A768C 366592 ----a-w- C:\Windows\SysWOW64\CNMNPPM.DLL
2014-10-25 22:32:53 08780A0007B75B409C3FF3EEF7E1A6E4 16 ----a-w- C:\Windows\SysWOW64\u
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-27 22:49:22 9C821D94738FF35B0B324E710B360702 39424 ----a-w- C:\Windows\Sysnative\CNMN6UI.DLL
2014-10-27 22:49:22 98DC5275FAC302FA8CE49194908AF3D5 359936 ----a-w- C:\Windows\Sysnative\CNMN6PPM.DLL
2014-10-25 22:31:49 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\Sysnative\iaowsy.dll
====== C:\Windows\Sysnative\drivers =====
2014-10-28 02:29:09 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-10-28 02:28:47 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-10-28 02:28:47 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-10-28 02:28:46 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-10-15 07:28:41 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys
2014-10-15 07:28:37 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
2014-10-15 07:27:52 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-15 07:27:52 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
2014-10-27 23:42:04 246D0406791C50CAEC0CAAC7A620F105 3164 ----a-w- C:\Windows\Sysnative\Tasks\{8EFC75E5-698E-4E42-A93C-4E37CD6D4A19}
2014-10-27 23:40:09 6FB8A426709577ECEE1C8DD05C634921 5014 ----a-w- C:\Windows\Sysnative\Tasks\WSCEAA
2014-10-25 22:31:48 03EC984CCEACA05652380DD0321AF978 3858 ----a-w- C:\Windows\Sysnative\Tasks\{9FDDFA76-CBDA-F5CE-5CB7-030DBEF45EFB}
2014-10-24 16:38:33 0F30124D68E705C0C4C3141F804297F9 4990 ----a-w- C:\Windows\Sysnative\Tasks\Microsoft Office 15 Sync Maintenance for Dworaks-PC-Dworaks Dworaks-PC
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-10-27 22:29:10 -------- d-----w- C:\Program Files\Canon
2014-10-27 22:26:53 -------- d--h--w- C:\Program Files\CanonBJ
2014-10-25 15:19:25 -------- d-----w- C:\Program Files\iPod
2014-10-25 15:19:24 -------- d-----w- C:\Program Files\iTunes
======= C:\PROGRA~2 =====
2014-10-28 12:48:05 -------- d-----w- C:\PROGRA~2\AVG Web TuneUp
2014-10-27 21:33:11 -------- d-----w- C:\PROGRA~2\Canon
2014-10-25 15:19:24 -------- d-----w- C:\PROGRA~2\iTunes
======= C: =====
2014-10-28 21:25:45 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
2014-10-27 03:12:16 445FC89235A8C653C401733CFA095829 10112 ------w- C:\bootsqm.dat
====== C:\Users\Dworaks\AppData\Roaming ======
2014-10-31 20:35:13 E59D27AF54A09BE77C6D34B4307FC0BB 272 ----a-w- C:\Users\Dworaks\AppData\Roaming\INSTALL_TOR.URL
2014-10-31 20:35:13 5EDAB0A541E37A0919F249E988F532BE 8536 ----a-w- C:\Users\Dworaks\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-31 20:35:13 208BAF51A4AA2D2382E64C5B35AA704B 4208 ----a-w- C:\Users\Dworaks\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-31 20:30:24 E59D27AF54A09BE77C6D34B4307FC0BB 272 ----a-w- C:\Users\Dworaks\AppData\Locallow\INSTALL_TOR.URL
2014-10-31 20:30:24 5EDAB0A541E37A0919F249E988F532BE 8536 ----a-w- C:\Users\Dworaks\AppData\Locallow\DECRYPT_INSTRUCTION.HTML
2014-10-31 20:30:24 208BAF51A4AA2D2382E64C5B35AA704B 4208 ----a-w- C:\Users\Dworaks\AppData\Locallow\DECRYPT_INSTRUCTION.TXT
2014-10-31 20:30:18 E59D27AF54A09BE77C6D34B4307FC0BB 272 ----a-w- C:\Users\Dworaks\AppData\Local\INSTALL_TOR.URL
2014-10-31 20:30:18 5EDAB0A541E37A0919F249E988F532BE 8536 ----a-w- C:\Users\Dworaks\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-31 20:30:18 208BAF51A4AA2D2382E64C5B35AA704B 4208 ----a-w- C:\Users\Dworaks\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-31 16:16:45 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2014-10-31 16:16:45 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-10-31 16:16:45 -------- d-----w- C:\Users\Dworaks\AppData\Local\Temp
2014-10-31 16:16:45 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2014-10-31 16:16:45 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2014-10-28 22:40:25 -------- d-----w- C:\Users\Dworaks\AppData\Roaming\ProductData
2014-10-28 12:48:14 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\AVG Web TuneUp
2014-10-28 04:13:41 -------- d-----w- C:\Users\Dworaks\AppData\Roaming\TuneUp Software
2014-10-27 22:51:12 -------- d-----w- C:\Users\Dworaks\AppData\Roaming\canon
2014-10-27 22:48:38 -------- d-----w- C:\Users\Dworaks\AppData\Locallow\Canon Easy-WebPrint EX2
2014-10-27 22:48:38 -------- d-----w- C:\Users\Dworaks\AppData\Locallow\Canon Easy-WebPrint EX
2014-10-26 22:54:10 -------- d-----w- C:\Users\Dworaks\AppData\Roaming\Ushafehu
====== C:\Users\Dworaks ======
2014-10-31 21:17:35 E59D27AF54A09BE77C6D34B4307FC0BB 272 ----a-w- C:\Users\Public\INSTALL_TOR.URL
2014-10-31 21:17:35 5EDAB0A541E37A0919F249E988F532BE 8536 ----a-w- C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-10-31 21:17:35 208BAF51A4AA2D2382E64C5B35AA704B 4208 ----a-w- C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-10-31 21:17:34 E59D27AF54A09BE77C6D34B4307FC0BB 272 ----a-w- C:\Users\Dworaks\INSTALL_TOR.URL
2014-10-31 21:17:34 5EDAB0A541E37A0919F249E988F532BE 8536 ----a-w- C:\Users\Dworaks\DECRYPT_INSTRUCTION.HTML
2014-10-31 21:17:34 208BAF51A4AA2D2382E64C5B35AA704B 4208 ----a-w- C:\Users\Dworaks\DECRYPT_INSTRUCTION.TXT
2014-10-31 20:29:43 E59D27AF54A09BE77C6D34B4307FC0BB 272 ----a-w- C:\ProgramData\INSTALL_TOR.URL
2014-10-31 20:29:43 5EDAB0A541E37A0919F249E988F532BE 8536 ----a-w- C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-10-31 20:29:43 208BAF51A4AA2D2382E64C5B35AA704B 4208 ----a-w- C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-10-30 23:19:30 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\Dworaks\Desktop\SystemLook_x64.exe
2014-10-30 21:45:33 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Dworaks\Desktop\OTL.exe
2014-10-30 21:19:35 27A4F18F1BB9F05D71128BADD4DCD5C3 1706144 ----a-w- C:\Users\Dworaks\Desktop\JRT.exe
2014-10-30 21:10:03 12EFD5FA51597F188E5DB50BE20EE597 1375089 ----a-w- C:\Users\Dworaks\Desktop\adwcleaner_3.311.exe
2014-10-30 14:07:14 D40F4180401519B08D5BE1511B1AF7E7 25088 ----a-w- C:\Users\Dworaks\Desktop\codecheck.exe
2014-10-30 14:06:26 64036987FDD56ACBE09AEB6570B8F128 468480 ----a-w- C:\Users\Dworaks\Desktop\CKScanner.exe
2014-10-29 00:02:33 943C708E6C85202BB41BAAED958F2D07 2113024 ----a-w- C:\Users\Dworaks\Downloads\FRST64.exe
2014-10-28 22:35:11 EC5561CD74DB41FBD75E18890EC3FF59 19362952 ----a-w- C:\Users\Dworaks\Downloads\imfv2-setup-for-review.exe
2014-10-28 22:27:17 E7AAAB8BA25A7986A4FFFB60D18623C6 32601272 ----a-w- C:\Users\Dworaks\Downloads\Windows-KB890830-x64-V5.17.exe
2014-10-28 21:19:46 0289AA4DF64B6030E5BFB3AAC36AD501 2998656 ----a-w- C:\Users\Dworaks\Downloads\SpyHunter-Installer.exe
2014-10-28 21:19:26 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Dworaks\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-27 22:54:27 -------- d--h--w- C:\ProgramData\CanonIJMIG
2014-10-27 22:54:12 -------- d--h--w- C:\ProgramData\CanonIJQuickMenu
2014-10-27 22:51:56 -------- d--h--w- C:\ProgramData\CanonIJScan
2014-10-27 22:51:05 -------- d-----w- C:\ProgramData\CanonIJPLM
2014-10-27 22:50:26 -------- d-----w- C:\ProgramData\Canon IJ Network Tool
2014-10-27 22:49:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series User Registration
2014-10-27 22:46:02 -------- d-----w- C:\ProgramData\CanonIJWSpt
2014-10-27 22:29:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-10-27 22:28:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5500 series Manual
2014-10-27 21:27:45 1BB333A17136613A1F5AEC0068C9B45C 51109464 ----a-w- C:\Users\Dworaks\Downloads\win-mg5500-1_0-ucd.exe
2014-10-26 22:55:14 BE22162245D4BBDAE28FD406EFEE7397 1368 ----a-w- C:\ProgramData\@system.att
2014-10-26 22:54:24 A4E1FDEFA610E9028D2CB60670EFE7A4 1104 ---ha-w- C:\ProgramData\@system2.att
2014-10-25 22:30:58 -------- d-----w- C:\ProgramData\Windows Genuine Advantage
2014-10-25 15:19:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-25 15:19:24 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

====== C: exe-files ==
2014-10-28 02:43:24 1DA69035314432F9A61B2CBA8DE5847D 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{94AFE861-8BC6-305A-AA7A-DAFBE6FDA568}-viyhner.exe
2014-10-28 02:29:44 1DA69035314432F9A61B2CBA8DE5847D 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{62B9E0DB-D7E4-0134-6B80-7ADA0586DC91}-viyhner.exe
2014-10-28 02:28:09 1DA69035314432F9A61B2CBA8DE5847D 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{A8A07955-2900-2406-DDD7-61A21DFE58A9}-viyhner.exe
2014-10-28 00:00:38 1DA69035314432F9A61B2CBA8DE5847D 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{5FBC91AD-F32E-F342-6214-9BF1C2D7FF10}-viyhner.exe
2014-10-27 23:49:45 1DA69035314432F9A61B2CBA8DE5847D 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{1201EC3C-6AC0-F9C7-DE82-AB0D0D76DEA9}-viyhner.exe
2014-10-27 23:47:55 1DA69035314432F9A61B2CBA8DE5847D 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{BB1B6CB0-78D6-3B4C-D2E7-7B75D3996FAD}-viyhner.exe
2014-10-27 23:27:28 1DA69035314432F9A61B2CBA8DE5847D 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{E5BC9F4D-B5F2-4894-A7A8-A03BAE0395C3}-viyhner.exe
2014-10-27 23:05:38 1DA69035314432F9A61B2CBA8DE5847D 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{B43A4B20-F103-AB41-ECB6-C948C01A7EA9}-viyhner.exe
2014-10-27 22:52:43 EDCCC8C13B1EB882F77BA0ABB84566E7 140456 ----a-w- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
2014-10-27 22:52:43 EA5075E4077194D58773A9479E7557FA 392872 ----a-w- C:\Program Files (x86)\Canon\IJPLM\ijplmui.exe
2014-10-27 22:50:29 17ED68EA56D9C0DE013E8D0B789C41CD 124496 ----a-w- C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe
2014-10-27 22:50:29 171D20E99050BD7D864E4757F01473BF 1112656 ----a-w- C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe
2014-10-27 22:50:28 D692DF2EE9EAF76E45E391FB1EF71153 421032 ---ha-w- C:\Program Files (x86)\Canon\IJ Scan Utility\MAINT.exe
2014-10-27 22:50:28 7E911C7D39B6F2E0F93764FFC7FE962F 94288 ----a-w- C:\Program Files (x86)\Canon\IJ Scan Utility\MAPI.exe
2014-10-27 22:50:27 50B183DE2A94E7F7271CAED5DBFAE26C 116840 ----a-w- C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNUU.exe
2014-10-27 22:50:26 3CBB060EF0E98C334100DCFDE672FED4 708176 ----a-w- C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNPUT.EXE
2014-10-27 22:50:25 A134320CA81E7136050C3F119636B719 421032 ---ha-w- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\MAINT.exe
2014-10-27 22:50:25 6B53177248AC5327FFB5CB2D5C500C94 453736 ----a-w- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
2014-10-27 22:49:02 EA2DFB3E298DE43E77EC4E70C9B3B8BD 69712 ------w- C:\Program Files (x86)\Canon\IJEREG\MG5500 series\IJRMF.exe
2014-10-27 22:49:02 9B137B4D4D84979C3AD271D23CA032C4 404560 ------w- C:\Program Files (x86)\Canon\IJEREG\MG5500 series\IJEREG.exe
2014-10-27 22:49:02 57B2DC0F38E830D98C5D5323F0F3C262 72784 ------w- C:\Program Files (x86)\Canon\IJEREG\MG5500 series\UNINST.EXE
2014-10-27 22:48:35 B05FCC8AE92C5EC4CE7FE41AC7FD1DA4 110184 ----a-w- C:\Program Files\Canon\Easy-WebPrint EX\addprinter.exe
2014-10-27 22:48:35 73913CC49926CAB5CC37BAF3DE13A4E0 725088 ----a-w- C:\Program Files\Canon\Easy-WebPrint EX\ewpexapp.exe
2014-10-27 22:48:35 61446FDD76788229D3EBAEABE84DF38C 887896 ----a-w- C:\Program Files\Canon\Easy-WebPrint EX\dotNetFx40_Client_setup.exe
2014-10-27 22:48:35 4669FF378F9895A672037B0FF36F9027 2265088 ----a-w- C:\Program Files\Canon\Easy-WebPrint EX\ewpexbrk.exe
2014-10-27 22:48:34 61446FDD76788229D3EBAEABE84DF38C 887896 ----a-w- C:\Program Files (x86)\Canon\Easy-WebPrint EX\dotNetFx40_Client_setup.exe
2014-10-27 22:48:34 13940BA025548132C1D0F5F177A0B7A7 110184 ----a-w- C:\Program Files (x86)\Canon\Easy-WebPrint EX\addprinter.exe
2014-10-27 22:48:33 C95B0C1EED7E60EE94C184B66D3FC05C 725088 ----a-w- C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexapp.exe
2014-10-27 22:48:33 7760472A5EA8DB92278498E375B068EB 1674848 ----a-w- C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbrk.exe
2014-10-27 22:48:31 BB749C5E36C107EAFE7F3752A640BDCC 1865328 ---ha-w- C:\Program Files (x86)\Canon\Easy-WebPrint EX\uninst.exe
2014-10-27 22:46:36 5D1DB45A16831DEECA71E1323746D5EE 122472 ----a-w- C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexdl.exe
2014-10-27 22:46:00 215A5E3991E3E82C135B66B39E9B1B90 382040 ----a-w- C:\Program Files (x86)\Canon\Quick Menu\CNSEMAIN.EXE
2014-10-27 22:45:59 F63E7FD48CAA8563D994CBB4A0314463 621672 ----a-w- C:\Program Files (x86)\Canon\Quick Menu\CNQMULNC.EXE
2014-10-27 22:45:59 E015476B5F5620B6A88F7A0E572FA9DF 991848 ----a-w- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
2014-10-27 22:45:59 6AD64E318ED6B5F04AFAC2849DE05EA0 1284680 ----a-w- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
2014-10-27 22:45:59 3D4058C53ECB180907410F39CB39C134 1089112 ----a-w- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
2014-10-27 22:45:58 F4B76972229BC45D039C44B87D2519BF 592984 ----a-w- C:\Program Files (x86)\Canon\Quick Menu\CNQMLNCR.EXE
2014-10-27 22:45:58 13629FA912300B606BF886514B01248D 779384 ----a-w- C:\Program Files (x86)\Canon\Quick Menu\CNQMINST.EXE
2014-10-27 22:45:57 78BC759CD8B8A3B1119E520583D42E5A 769128 ----a-w- C:\Program Files (x86)\Canon\Quick Menu\CNQMACNF.EXE
2014-10-27 22:45:55 77AF87F5DF4DF4857A476493142622C0 1862744 ---ha-w- C:\Program Files (x86)\Canon\Quick Menu\uninst.exe
2014-10-27 22:31:49 77AF87F5DF4DF4857A476493142622C0 1862744 ---ha-w- C:\Program Files (x86)\Canon\My Image Garden\AddOn\uninst.exe
2014-10-27 22:31:05 5411747E7CE6720183645783946FE048 577616 ----a-w- C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe
2014-10-27 22:31:03 18102952358185C0FDACAFEA5B5E2865 3332240 ----a-w- C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\cnmiggipi.exe
2014-10-27 22:31:02 77AF87F5DF4DF4857A476493142622C0 1862744 ---ha-w- C:\Program Files (x86)\Canon\My Image Garden\uninst.exe
2014-10-27 22:29:13 C902E1F9ADE0A77B4AA6BB124A9589C8 2750536 ----a-w- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
2014-10-27 22:29:13 5667CA38599CD21BA6DEC422735C8835 382024 ----a-w- C:\Program Files\Canon\MyPrinter\BJMyRst.exe
2014-10-27 22:29:13 1C51B34FF9167D4CB25CB28CD062C819 3680328 ----a-w- C:\Program Files\Canon\MyPrinter\BJMyDgn.exe
2014-10-27 22:29:11 77AF87F5DF4DF4857A476493142622C0 1862744 ---ha-w- C:\Program Files\Canon\MyPrinter\uninst.exe
2014-10-27 22:28:43 5F875FDDFFC4D7E91C2B10E895CC6F8C 354392 ----a-w- C:\Program Files (x86)\Canon\IJ Manual\CANON MG5500 SERIES\uninstall.exe
2014-10-27 22:28:34 331F5FCA4B7DDF32EE185BFD16082F38 56496 ----a-w- C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmvdrv.exe
2014-10-27 22:28:32 865871BCC18C97E601C97496045C9D22 2165920 ----a-w- C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe
2014-10-27 22:27:44 EB874987545F96D52FE42376763AA586 723032 ----a-w- C:\Program Files\CanonBJ\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series\DELDRV64.exe
2014-10-27 22:27:44 9FA2DA695795766CB2CF977DAB3D44D6 56424 ------w- C:\Program Files\CanonBJ\IJPrinter\Canon MG5500 series\IJDIA6.exe
2014-10-27 21:23:26 1DA69035314432F9A61B2CBA8DE5847D 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{B06B6B1F-7500-9926-0581-32E5D2C39576}-viyhner.exe
2014-10-27 21:19:38 1DA69035314432F9A61B2CBA8DE5847D 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{4D9FE919-C47A-A633-C93F-B2DF776836A6}-viyhner.exe
2014-10-27 03:15:23 1DA69035314432F9A61B2CBA8DE5847D 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{E751D159-3639-1EAA-0091-F4DC5E20E904}-viyhner.exe
2014-10-27 00:04:18 1DA69035314432F9A61B2CBA8DE5847D 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{EA38881C-C09B-D73B-1272-44DEDC3194F4}-viyhner.exe
2014-10-26 23:07:23 1DA69035314432F9A61B2CBA8DE5847D 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0299D2B4-B2CF-9C49-C632-B1E25992882B}-viyhner.exe
2014-10-26 23:03:20 83BB1EF32EA9A9416D9FD400AE93BB97 14921072 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{766ACD5F-8856-ED8F-351E-9E705FC1C993}-ChromeUpdate.exe
2014-10-26 23:03:20 1DA69035314432F9A61B2CBA8DE5847D 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{78E79928-4BE8-9384-782F-74543CCB6E8C}-viyhner.exe
2014-10-26 22:55:30 922D86CCD453C67B22224E9B767769AE 301763 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2FED9D13-611C-D980-B429-5A4AF02431D3}-biylcea.exe
2014-10-25 15:15:55 2BF25BB82936758771C99A2C70754E09 77104 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 12.0.1.26\SetupAdmin.exe
=== C: other files ==
2014-10-28 21:25:45 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
2014-10-28 02:29:09 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-28 02:28:47 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-28 02:28:47 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-28 02:28:46 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Fitbit Service Monitor"="C:\Program Files (x86)\Fitbit\fitbit-tray.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"
"Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup"
"Redirector"="C:\Program Files (x86)\Citrix\ICA Client\redirector.exe /startup"
"Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon"
"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Fitbit Service Monitor"="C:\Program Files (x86)\Fitbit\fitbit-tray.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"
"Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe"
"TdmNotify"="C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Greenshot"="C:\Program Files\Greenshot\Greenshot.exe"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"

==== Startup Folders ======================

2014-10-31 21:17:50 272 ----a-w- C:\Users\Dworaks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTALL_TOR.URL

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/23/2014 08:16 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\WSCEAA" [C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe]
"C:\Windows\SysNative\tasks\{9FDDFA76-CBDA-F5CE-5CB7-030DBEF45EFB}" [C:\Windows\system32\regsvr32.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Dworaks\AppData\Roaming\Mozilla\Firefox\Profiles\0jdc2wdu.default
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
D6ED6EB98E759460AD8C66DE23070132 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
A0C99FDB62BE2C620C439A4273DE5D88 - C:\Program Files\Citrix\Secure Access Client\npagee.dll - Citrix Access Gateway
A0C99FDB62BE2C620C439A4273DE5D88 - C:\Users\Dworaks\AppData\Roaming\Mozilla\plugins\npagee.dll - Citrix Access Gateway
E5AE569FEB47BDE05D0DCC83594EE488 - C:\Users\Dworaks\AppData\Roaming\Mozilla\plugins\npagee64.dll - Citrix Access Gateway
E5AE569FEB47BDE05D0DCC83594EE488 - C:\Program Files\Citrix\Secure Access Client\npagee64.dll - Citrix Access Gateway


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Uninstall List x64 ======================

Adobe Flash Player 15 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Flash Player 15 Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
Adobe Reader XI (11.0.03) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}]
Apple Application Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}]
Apple Software Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}]
Bonjour [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}]
Canon Easy-WebPrint EX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Easy-WebPrint EX]
Canon IJ Network Scanner Selector EX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Canon_IJ_Network_Scanner_Selector_EX]
Canon IJ Network Tool [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Canon_IJ_Network_UTILITY]
Canon IJ Scan Utility [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Canon_IJ_Scan_Utility]
Canon Inkjet Printer/Scanner/Fax Extended Survey Program [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CANONIJPLM100]
Canon MG5500 series MP Drivers [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series]
Canon MG5500 series On-screen Manual [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Canon MG5500 series On-screen Manual]
Canon MG5500 series User Registration [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Canon MG5500 series User Registration]
Canon My Image Garden [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Canon My Image Garden]
Canon My Image Garden Design Files [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Canon My Image Garden Design Files]
Canon My Printer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CanonMyPrinter]
Canon Quick Menu [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CanonQuickMenu]
Cisco WebEx Meetings [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ActiveTouchMeetingClient]
Citrix Access Gateway Endpoint Analysis [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C403F3CF-A531-4D11-ADAE-7D002F8264FE}]
Citrix Authentication Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB1C49C7-AC32-4785-A281-774744FC78F5}]
Citrix Receiver (HDX Flash Redirection) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EC94A726-7636-4693-9627-D8A8B44793EE}]
Citrix Receiver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CitrixOnlinePluginPackWeb]
Citrix Receiver Inside [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D67AEDE1-BCCF-4C5D-BF4F-A08FE92075B7}]
Citrix Receiver(Aero) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1606C5A0-DCD7-4543-A185-FAAD210E5284}]
Citrix Receiver(DV) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3E6D7195-3B74-46AF-9BD1-49EBECD0A455}]
Citrix Receiver(USB) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6BDC0D7C-9E42-4667-8FA9-2F26A2FEF4D0}]
Custom [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}]
D3DX10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
Dell Client System Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{04566294-A6B6-4462-9721-031073EB3694}]
Dell Data Protection | Access [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}]
Dell Edoc Viewer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}]
DellAccess [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20A4AA32-B3FF-4A0B-853C-ACDDCD6CB344}]
EMBASSY Client Core [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7EC46A4C-E659-418E-A65A-BD7FC82D4C48}]
ERAS Connector [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D46BCA58-0AF7-4455-8017-34CE3FEEE808}]
Fitbit Base Station (Driver Removal) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FITBIT&10C4&84C4]
Fitbit Connect [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C257E096-67B0-4122-98F3-EE0D8798E03B}]
Fitbit v2.1.0.9 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fitbit Data Uploader_is1]
Gemalto [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{91CE5F03-3A2A-4268-935A-04944F058AE9}]
GemPcCCID [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7567A068-2F02-40D1-A34C-16D79ECD35A6}]
GoPro Studio 2.0.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GoPro Studio]
Greenshot 1.0.6.2228 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Greenshot_is1]
H&R Block Deluxe + Efile + State 2013 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EDE796DE-0A72-464D-9D21-F04BC41A092B}]
H&R Block Iowa 2013 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A6A2A7-7B5B-4595-98B4-6B6D3F376531}]
HRBlockDirect version 1.1.2.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1]
Intel(R) Control Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}]
Intel(R) Network Connections 17.2.154.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{858C1B33-C3D5-4377-B77B-1E2F338C7F66}]
Intel(R) Network Connections 17.2.154.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PROSetDX]
Intel(R) Processor Graphics [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}]
Intel(R) Rapid Storage Technology [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}]
Intel(R) SDK for OpenCL - CPU Only Runtime Package [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}]
Intel(R) USB 3.0 eXtensible Host Controller Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}]
iTunes [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}]
Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}]
Malwarebytes Anti-Malware version 2.0.3.1025 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}]
Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033]
Microsoft Office Professional Plus 2013 - en-us [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us]
Microsoft Security Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{23F2C78C-E131-4CA0-8F84-3473FB7728BA}]
Microsoft Security Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}]
Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{071c9b48-7c32-4621-a0ac-3f809523288f}]
Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}]
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ce085a78-074e-4823-8dc1-8a721b94b76d}]
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}]
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}]
Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BABDA39-61CF-41EE-992D-4054B6649A9B}]
Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}]
Mozilla Firefox 26.0 (x86 en-US) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 26.0 (x86 en-US)]
Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
MSVCRT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}]
MSVCRT_amd64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}]
MSVCRT110 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}]
MSVCRT110_amd64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9FA781F-3E80-4399-825A-AD3E11C28C77}]
MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]
MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]
Online Plug-in [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A0FE2C0-7A7E-444E-8BD4-087178A91865}]
Origin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Origin]
PBA Driver-x64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DF5B5BEC-BA44-4669-98C8-2A691C5EA428}]
Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D888F114-7537-4D48-AF03-5DA9C82D7540}]
Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30F99474-EBE3-4134-A02B-F6CD38CFE243}]
Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC6C7107-7D72-41A1-A031-3CE751159BAB}]
Preboot Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{59ACD2BB-FC62-4427-81D2-618CF81A2A32}]
Private Information Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A90F92B7-3C3F-4AEF-B281-31DD17BB73CA}]
Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}]
Self-service Plug-in [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C487153-A286-48F7-BE55-717552E90E20}]
SI TSS [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A2309A2F-4BEB-45C8-92E1-84D430AC15AD}]
SPBA (WBF) 5.9 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DD317AA5-F0EF-480F-9501-507712B5E0B6}]
Star Wars The Old Republic [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\swtor_swtor]
Star Wars: The Old Republic [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}]
TextPad 7 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F53AC20-2D32-4341-9DA1-29DD40E2199E}]
The SimsT 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}]
The SimsT 3 Generations [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}]
The SimsT 3 High-End Loft Stuff [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{71828142-5A24-4BD0-97E7-976DA08CE6CF}]
The SimsT 3 Into the Future [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}]
The SimsT 3 Island Paradise [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}]
The SimsT 3 Late Night [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45057FCE-5784-48BE-8176-D9D00AF56C3C}]
The SimsT 3 Movie Stuff [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0087539-3C57-44E0-BEE7-D779D546CBE1}]
The SimsT 3 Pets [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C12631C6-804D-4B32-B0DD-8A496462F106}]
The SimsT 3 Seasons [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3DE92282-CB49-434F-81BF-94E5B380E889}]
The SimsT 3 Showtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3BBFD444-5FAB-49F6-98B1-A1954E831399}]
The SimsT 3 Supernatural [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}]
The SimsT 3 University Life [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}]
The SimsT 3 World Adventures [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}]
The SimsT 4 Create A Sim Demo [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6908ED99-F02B-4E99-A202-3FAC99C510ED}]
toolkit32for64bit [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB63285D-990D-4207-AE31-000025626917}]
Trusted Drive Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{236EBEF4-8DE5-4E0E-8FD0-27D94F772FF0}]
Visual Studio 2012 x64 Redistributables [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}]
Visual Studio 2012 x86 Redistributables [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}]
Wave Crypto Runtime 2.0.9.0 x64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F160A36-29D0-4AE0-986C-671A564BC0D4}]
Wave Crypto Runtime 2.0.9.0 x86 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{29D07FB4-A026-4E1F-B9A2-8C9EC0E2FEBB}]
Wave Infrastructure Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90DB5C39-360F-4187-9D56-E3B013CEEF73}]
Wave Support Software Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86A9BBDF-9B6D-4E3D-810E-23C9079C6217}]
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\0B624A43DD66DBF5CF3EDFA9741A364E688062A4]
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0454BB9A-2A7A-4214-BDFF-937F7A711A44}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C034A6F9-6569-491B-B3BF-F5D15221A708}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite]
Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}]
Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}]
Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE52672C-A0E9-4450-8875-88A221D5CD50}]
Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{70854FE6-3BF1-4C69-94D0-BEB821102E34}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B80D3EA9-A252-4AE5-AC51-81729F5C586F}]
Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}]
Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}]
Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE7C0B3D-50B9-4951-BE78-A321CBF86552}]
Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}]
Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CCBD1F4-CEEC-452A-9CB8-46564B501315}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18272881-CFC0-434D-A975-E5BE44206AA0}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86C40513-B5A4-476E-9EAB-EC118DCF4502}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2C146B1-948D-47EF-8387-5D1C6B980F7C}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{23A3E560-069F-4CFC-8F6C-1B526EC735FC}]
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby lynda » November 1st, 2014, 10:49 am

Part 2 of Zoek Log:



==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKCU\..\Run: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: INSTALL_TOR.URL
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.skillport.com
O15 - Trusted Zone: *.skillwsa.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EmbassyService - Unknown owner - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fitbit Data Uploader (Fitbit) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit\fitbit.exe
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell PBA x64 Service (PbaDrvSvc_x64) - Dell, Inc. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SI TSS v1.2.1.41 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Wave Authentication Manager Service - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WvPCR - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Fitbit Service Monitor = C:\Program Files (x86)\Fitbit\fitbit-tray.exe [Fitbit, Inc.]
Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS]
EADM = "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [Electronic Arts]
Fitbit Connect = "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun [Fitbit, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [Realtek Semiconductor Corp.]
TdmNotify = C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [Wave Systems Corp.]
MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS]
Greenshot = C:\Program Files\Greenshot\Greenshot.exe [null data]
Logitech Download Assistant = C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [MS]
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
USB3MON = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [Intel Corporation]
IAStorIcon = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [Intel Corporation]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
CitrixReceiver = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [file not found]
ConnectionCenter = "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [Citrix Systems, Inc.]
Redirector = "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup [Citrix Systems, Inc.]
Fitbit Connect = "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun [Fitbit, Inc.]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]
CanonQuickMenu = C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon [CANON INC.]
IJNetworkScannerSelectorEX = C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [CANON INC.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{10921475-03CE-4E04-90CE-E2E7EF20C814}\(Default) = ExplorerWnd Helper
-> {HKLM...CLSID} = ExplorerWnd Helper
\InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [file not found]
-> {HKLM...Wow...CLSID} =
\InProcServer32\(Default) = [file not found]

{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Lync Click to Call BHO
-> {HKLM...CLSID} = Lync Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [MS]
-> {HKLM...Wow...CLSID} = Lync Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [MS]

{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\(Default) = Canon Easy-WebPrint EX BHO
-> {HKLM...CLSID} = Canon Easy-WebPrint EX BHO
\InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]
-> {HKLM...Wow...CLSID} = Canon Easy-WebPrint EX BHO
\InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
-> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [MS]
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [MS]

{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Lync Click to Call BHO
-> {HKLM...CLSID} = Lync Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [MS]
-> {HKLM...Wow...CLSID} = Lync Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [MS]

{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\(Default) = Canon Easy-WebPrint EX BHO
-> {HKLM...CLSID} = Canon Easy-WebPrint EX BHO
\InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]
-> {HKLM...Wow...CLSID} = Canon Easy-WebPrint EX BHO
\InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
-> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [MS]
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [MS]

{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7}
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]

SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]

SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]

EnabledUnlockedFDEIconOverlay\(Default) = {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}
-> {HKLM...CLSID} = FdeInitIcon Class
\InProcServer32\(Default) = C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [Wave Systems Corp.]

UninitializedFdeIconOverlay\(Default) = {CF08DA3E-C97D-4891-A66B-E39B28DD270F}
-> {HKLM...CLSID} = FdeUninitIcon Class
\InProcServer32\(Default) = C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [Wave Systems Corp.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7}
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS]

{8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]

{CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]

{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]

{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONFILTER.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office15\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office15\msoshext.dll [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\VISSHE.DLL [MS]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
-> {HKLM...CLSID} = iTunes
\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

{A6FF0E3A-8437-482C-8E04-4F9E15C57538} = UnLockerMenu
-> {HKLM...CLSID} = UnLockerMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [file not found]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONFILTER.DLL [MS]

{8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

{CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office15\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office15\msoshext.dll [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\VISSHE.DLL [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> Authentication Packages = msv1_0|wvauth

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\

{AE583D93-8D1B-424F-9858-5623FB7824EE}\(Default) = UPEK Fingerprint Credential Provider Filter
-> {HKLM...CLSID} = Provider Filter Object
\InProcServer32\(Default) = C:\Program Files\Common Files\SPBA\provider.dll [Authentec Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{18CBEEAA-6708-41A1-9379-D08915333CF2}\(Default) = UPEK Fingerprint Credential Provider
-> {HKLM...CLSID} = Provider Object
\InProcServer32\(Default) = C:\Program Files\Common Files\SPBA\provider.dll [Authentec Inc.]

HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

TextPad\(Default) = {8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}
-> {HKCU...CLSID} = TextPad
\InProcServer32\(Default) = C:\Program Files (x86)\TextPad 7\System\shellext64.dll [Helios Software Solutions]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Advanced SystemCare\(Default) = {2803063F-4B8D-4dc6-8874-D1802487FE2D}
-> {HKLM...CLSID} = CExtMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll [file not found]

EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS]

UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538}
-> {HKLM...CLSID} = UnLockerMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [file not found]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

Advanced SystemCare\(Default) = {2803063F-4B8D-4dc6-8874-D1802487FE2D}
-> {HKLM...CLSID} = CExtMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll [file not found]

EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS]

UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538}
-> {HKLM...CLSID} = UnLockerMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [file not found]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM...CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...Wow...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538}
-> {HKLM...CLSID} = UnLockerMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [file not found]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

DisableTaskMgr = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Dworaks\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\Windows\WLXPGSS.SCR [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]


Startup items in "Dworaks" & "All Users" startup folders:
---------------------------------------------------------

C:\Users\Dworaks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}
INSTALL_TOR -> URL shortcut to: https://paytordmbdekmizq.torsona.com/6oLm95


Windows Sidebar Gadgets: {++}
------------------------

C:\Users\Dworaks\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CClock.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCalendar.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CWeather.Gadget"


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
Microsoft Office 15 Sync Maintenance for Dworaks-PC-Dworaks Dworaks-PC -> launches: C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [MS]
WSCEAA -> launches: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe -schedule [null data]
{8EFC75E5-698E-4E42-A93C-4E37CD6D4A19} -> launches: C:\Windows\system32\pcalua.exe -a "C:\ProgramData\Citrix\Citrix Receiver\TrolleyExpress.exe" -c /uninstall /cleanup [MS]
{9FDDFA76-CBDA-F5CE-5CB7-030DBEF45EFB} -> launches: C:\Windows\system32\regsvr32.exe /s "C:\Windows\system32\nupqiz.dll" [MS]

C:\Windows\System32\Tasks\Apple
AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]

C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware
Microsoft Antimalware Scheduled Scan -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS]
MpIdleTask -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS]

C:\Windows\System32\Tasks\Microsoft\Office
Office Automatic Updates -> launches: C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False [MS]
OfficeTelemetryAgentFallBack -> launches: C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe scan upload mininterval:2880 [MS]
OfficeTelemetryAgentLogOn -> launches: C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe scan upload [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM...CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM...CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM...CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
-> {HKLM...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
-> {HKLM...Wow...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
-> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-1962258163-3716458331-2083168627-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} = Canon Easy-WebPrint EX
-> {HKLM...CLSID} = Canon Easy-WebPrint EX
\InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} = Canon Easy-WebPrint EX
-> {HKLM...Wow...CLSID} = Canon Easy-WebPrint EX
\InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{21347690-EC41-4F9A-8887-1F4AEE672439}\(Default) = (no title provided)
-> {HKLM...CLSID} = Canon Easy-WebPrint EX
\InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll [MS]

{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\
ButtonText = Lync Click to Call
MenuText = Lync Click to Call
CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
-> {HKLM...CLSID} = Lync Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
-> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll [MS]

{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\
ButtonText = Lync Click to Call
MenuText = Lync Click to Call
CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
-> {HKLM...Wow...CLSID} = Lync Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...Wow...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Canon Inkjet Printer/Scanner/Fax Extended Survey Program, IJPLMSVC, C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [null data]
Dell PBA x64 Service, PbaDrvSvc_x64, "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe" [Dell, Inc.]
EmbassyService, EmbassyService, "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe" [null data]
Fitbit Connect Service, Fitbit Connect, C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [Fitbit, Inc.]
Fitbit Data Uploader, Fitbit, C:\Program Files (x86)\Fitbit\fitbit.exe [Fitbit, Inc.]
Intel(R) Integrated Clock Controller Service - Intel(R) ICCS, ICCS, "C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe" [Intel Corporation]
Intel(R) PROSet Monitoring Service, Intel(R) PROSet Monitoring Service, C:\Windows\system32\IProsetMonitor.exe [Intel Corporation]
Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation]
MBAMService, MBAMService, "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [Malwarebytes Corporation]
Microsoft Antimalware Service, MsMpSvc, "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS]
Microsoft Office ClickToRun Service, ClickToRunSvc, "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service [MS]
TdmService, TdmService, "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe" [Wave Systems Corp.]
Wave Authentication Manager Service, Wave Authentication Manager Service, C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [Wave Systems Corp.]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> MsMpSvc, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> MsMpSvc, Service


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor4\Driver = CNBLM4.DLL [CANON INC.]
Canon BJ Language Monitor MG5500 series\Driver = CNMLMBU.DLL [CANON INC.]
Canon BJNP Port\Driver = CNMN6PPM.DLL [CANON INC.]


<<H>>: Suspicious data at a browser hijack point.


==== C:\zoek_backup content ======================

C:\zoek_backup (files=92 folders=46 31348068 bytes)

==== EOF on Fri 10/31/2014 at 17:28:03.80 ======================
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby lynda » November 1st, 2014, 10:56 am

Results of Systemlook.

SystemLook 30.07.11 by jpshortstuff
Log created at 09:51 on 01/11/2014 by Dworaks
Administrator - Elevation successful

========== filefind ==========

Searching for "*ctfmon*"
C:\Windows\Prefetch\CTFMON.EXE-43603594.pf --a---- 166550 bytes [00:04 27/10/2014] [21:47 29/10/2014] 41843BDC988085C560AA08E5BAB8558A
C:\Windows\Prefetch\CTFMON.EXE-795F8130.pf --a---- 15288 bytes [00:04 27/10/2014] [02:10 27/10/2014] BAB88AB2ECBC14845713F28CE853AAB1
C:\Windows\System32\ctfmon.exe --a---- 9728 bytes [23:39 13/07/2009] [01:39 14/07/2009] 42B6A94DD747DF2B5F628A2752E62A98
C:\Windows\System32\MsCtfMonitor.dll --a---- 28160 bytes [23:39 13/07/2009] [01:41 14/07/2009] 1F1CA9E99DD5BF918BE0BF30B5A42FDA
C:\Windows\System32\en-US\ctfmon.exe.mui --a---- 2048 bytes [07:06 21/11/2010] [07:06 21/11/2010] E6EB13B31D3AE1A7D0AC3DF0CE624336
C:\Windows\System32\en-US\MsCtfMonitor.dll.mui --a---- 2560 bytes [07:06 21/11/2010] [07:06 21/11/2010] 3EFA37FB1F60290E6623AE39870485CB
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor --a---- 2978 bytes [04:53 14/07/2009] [04:53 14/07/2009] AFEA6C14BB51CEFBCBA26408C0DE8925
C:\Windows\SysWOW64\ctfmon.exe --a---- 8704 bytes [23:26 13/07/2009] [01:14 14/07/2009] 4A3CDCEF8ED41B221F3DBEF5792FB52D
C:\Windows\SysWOW64\MsCtfMonitor.dll --a---- 19968 bytes [23:26 13/07/2009] [01:15 14/07/2009] B43687C534A49700BF4B3C9898763752
C:\Windows\SysWOW64\en-US\ctfmon.exe.mui --a---- 2048 bytes [07:06 21/11/2010] [07:06 21/11/2010] 4BD53271722E0F71080B5DF2CD47CDC9
C:\Windows\SysWOW64\en-US\MsCtfMonitor.dll.mui --a---- 2560 bytes [07:06 21/11/2010] [07:06 21/11/2010] D886E309327497B54882F09075D7BF5A
C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe --a---- 9728 bytes [23:39 13/07/2009] [01:39 14/07/2009] 42B6A94DD747DF2B5F628A2752E62A98
C:\Windows\winsxs\amd64_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_6.1.7600.16385_none_e1310860626a47c0\MsCtfMonitor.dll --a---- 28160 bytes [23:39 13/07/2009] [01:41 14/07/2009] 1F1CA9E99DD5BF918BE0BF30B5A42FDA
C:\Windows\winsxs\amd64_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f26e86d04fd58283\ctfmon.exe.mui --a---- 2048 bytes [07:06 21/11/2010] [07:06 21/11/2010] E6EB13B31D3AE1A7D0AC3DF0CE624336
C:\Windows\winsxs\amd64_microsoft-windows-t..tfmonitor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6cdd9e020b264849\MsCtfMonitor.dll.mui --a---- 2560 bytes [07:06 21/11/2010] [07:06 21/11/2010] 3EFA37FB1F60290E6623AE39870485CB
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce.manifest --a---- 2714 bytes [02:33 14/07/2009] [02:12 14/07/2009] 6CA9EC78A877E8523DD18810BB15E196
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_6.1.7600.16385_none_e1310860626a47c0.manifest --a---- 5021 bytes [02:33 14/07/2009] [02:27 14/07/2009] FDEC1EBB534B403864ADCE8E050D32CC
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f26e86d04fd58283.manifest --a---- 2272 bytes [07:05 21/11/2010] [07:05 21/11/2010] 0F9544FC237BCF9E4D22A03E0C441E9B
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98.manifest --a---- 2710 bytes [02:33 14/07/2009] [01:47 14/07/2009] 3AB503C30ABA34CDDFAE4FB97CEA5599
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_6.1.7600.16385_none_85126cdcaa0cd68a.manifest --a---- 5017 bytes [02:33 14/07/2009] [01:57 14/07/2009] FEB4ABB2AE5E849B819840364CB351F2
C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_964feb4c9778114d.manifest --a---- 2270 bytes [07:05 21/11/2010] [07:05 21/11/2010] FB39C80BF0DA4D99EE420AEE4EBEC6F9
C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe --a---- 8704 bytes [23:26 13/07/2009] [01:14 14/07/2009] 4A3CDCEF8ED41B221F3DBEF5792FB52D
C:\Windows\winsxs\x86_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_6.1.7600.16385_none_85126cdcaa0cd68a\MsCtfMonitor.dll --a---- 19968 bytes [23:26 13/07/2009] [01:15 14/07/2009] B43687C534A49700BF4B3C9898763752
C:\Windows\winsxs\x86_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_964feb4c9778114d\ctfmon.exe.mui --a---- 2048 bytes [07:06 21/11/2010] [07:06 21/11/2010] 4BD53271722E0F71080B5DF2CD47CDC9
C:\Windows\winsxs\x86_microsoft-windows-t..tfmonitor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_10bf027e52c8d713\MsCtfMonitor.dll.mui --a---- 2560 bytes [07:06 21/11/2010] [07:06 21/11/2010] D886E309327497B54882F09075D7BF5A

Searching for "*dllhost*"
C:\Windows\Prefetch\DLLHOST.EXE-236A108B.pf --a---- 56582 bytes [01:30 05/09/2014] [23:32 30/10/2014] 01C05551674BA2CE73A33213A60124C0
C:\Windows\Prefetch\DLLHOST.EXE-2E02FDCA.pf --a---- 26888 bytes [14:34 07/09/2014] [22:14 31/10/2014] ADC377D1DBF7C7E5E0FB3DB3A4C9513B
C:\Windows\Prefetch\DLLHOST.EXE-4B6CB38A.pf --a---- 36138 bytes [01:41 08/08/2013] [23:34 30/10/2014] FE3AF5B3292CC863A40CF22159BACFB7
C:\Windows\Prefetch\DLLHOST.EXE-63B92852.pf --a---- 150090 bytes [18:22 07/09/2013] [01:37 01/11/2014] B96E5BFB06F593C96CBC4363FEF1AD4E
C:\Windows\Prefetch\DLLHOST.EXE-844858E7.pf --a---- 23668 bytes [02:58 05/09/2014] [02:58 31/10/2014] FB390230019EB316DA9BE84B557CFC68
C:\Windows\Prefetch\DLLHOST.EXE-A010D183.pf --a---- 29024 bytes [20:01 06/09/2014] [14:33 01/11/2014] D324FD653A88DA469DB738CF223A82CE
C:\Windows\Prefetch\DLLHOST.EXE-D49D3641.pf --a---- 26938 bytes [13:10 01/09/2014] [22:27 31/10/2014] C0DFA88862C2F32E9E6029778719C375
C:\Windows\Prefetch\DLLHOST.EXE-DC06F8EA.pf --a---- 19996 bytes [16:43 07/09/2013] [13:24 31/10/2014] 0AC55CF2B1418249201220D36054C46E
C:\Windows\System32\dllhost.exe --a---- 9728 bytes [23:59 13/07/2009] [01:39 14/07/2009] A8EDB86FC2A4D6D1285E4C70384AC35A
C:\Windows\SysWOW64\dllhost.exe --a---- 7168 bytes [23:43 13/07/2009] [01:14 14/07/2009] A63DC5C2EA944E6657203E0C8EDEAF61
C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe --a---- 9728 bytes [23:59 13/07/2009] [01:39 14/07/2009] A8EDB86FC2A4D6D1285E4C70384AC35A
C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhost.exe --a---- 7168 bytes [23:43 13/07/2009] [01:14 14/07/2009] A63DC5C2EA944E6657203E0C8EDEAF61

========== folderfind ==========

Searching for "*ctfmon*"
C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce d------ [03:20 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_6.1.7600.16385_none_e1310860626a47c0 d------ [03:20 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f26e86d04fd58283 d------ [07:06 21/11/2010]
C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98 d------ [03:20 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_6.1.7600.16385_none_85126cdcaa0cd68a d------ [03:20 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_964feb4c9778114d d------ [07:06 21/11/2010]

Searching for "*dllhost*"
No folders found.

========== Regfind ==========

Searching for "ctfmon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}]
@="MsCtfMonitor task handler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}\InprocServer32]
@="%SystemRoot%\system32\MsCtfMonitor.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}]
@="MsCtfMonitor task handler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}\InprocServer32]
@="%SystemRoot%\system32\MsCtfMonitor.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}]
"AppName"="ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_none_ec0aa56e4d5f8db1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_none_1cb95f061c7795cf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_en-us_dc0eb4a902165664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_none_8fec09ea95021c7b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-t..mework-msctfmonitor_31bf3856ad364e35_none_c09ac382641a2499]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_en-us_7ff0192549b8e52e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}]
"Path"="\Microsoft\Windows\TextServicesFramework\MsCtfMonitor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TextServicesFramework\MsCtfMonitor]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}]
"AppName"="ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}]
@="MsCtfMonitor task handler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}\InprocServer32]
@="%SystemRoot%\system32\MsCtfMonitor.dll"

Searching for "dllhost"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\753197c2_0]
@="{0.0.0.00000000}.{49d53449-a4d8-4f3e-b801-be9e848d86bf}|\Device\HarddiskVolume3\Windows\SysWOW64\dllhost.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
"a"="DllHost.exe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\System32\dllhost.exe"="COM Surrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7B130458-E09C-4823-A8AF-2583DCD9AEC7}]
@="EapThirdPartyDllHost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59856830-3ECB-4D29-9CFE-DDD0F74B96A2}\InprocServer32\4.0.0.0]
"Class"="System.ServiceModel.ComIntegration.DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B2801E6-0BC6-4c92-B742-6BE9B01AE874}]
@="DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B2801E6-0BC6-4c92-B742-6BE9B01AE874}\InprocServer32]
"Class"="System.ServiceModel.ComIntegration.DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B2801E6-0BC6-4c92-B742-6BE9B01AE874}\InprocServer32\3.0.0.0]
"Class"="System.ServiceModel.ComIntegration.DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B2801E6-0BC6-4c92-B742-6BE9B01AE874}\ProgId]
@="DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DllHostInitializer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DllHostInitializer]
@="DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000141-0000-0000-C000-000000000046}]
@="IDLLHost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59856830-3ECB-4D29-9CFE-DDD0F74B96A2}\InprocServer32\4.0.0.0]
"Class"="System.ServiceModel.ComIntegration.DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B2801E6-0BC6-4c92-B742-6BE9B01AE874}]
@="DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B2801E6-0BC6-4c92-B742-6BE9B01AE874}\InprocServer32]
"Class"="System.ServiceModel.ComIntegration.DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B2801E6-0BC6-4c92-B742-6BE9B01AE874}\InprocServer32\3.0.0.0]
"Class"="System.ServiceModel.ComIntegration.DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B2801E6-0BC6-4c92-B742-6BE9B01AE874}\ProgId]
@="DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000141-0000-0000-C000-000000000046}]
@="IDLLHost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7B130458-E09C-4823-A8AF-2583DCD9AEC7}]
@="EapThirdPartyDllHost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\AppVISV\Virtualized\DllHost.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\dllhost.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unse
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation]
"HostApps"="RUNDLL32.EXE;MSHTA.EXE;DLLHOST.EXE;APPLAUNCH.EXE;HH.EXE;WINHLP32.EXE;MMC.EXE;"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FileAssociation]
"HostApps"="RUNDLL32.EXE;MSHTA.EXE;DLLHOST.EXE;APPLAUNCH.EXE;HH.EXE;WINHLP32.EXE;MMC.EXE;"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{59856830-3ECB-4D29-9CFE-DDD0F74B96A2}\InprocServer32\4.0.0.0]
"Class"="System.ServiceModel.ComIntegration.DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7B2801E6-0BC6-4c92-B742-6BE9B01AE874}]
@="DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7B2801E6-0BC6-4c92-B742-6BE9B01AE874}\InprocServer32]
"Class"="System.ServiceModel.ComIntegration.DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7B2801E6-0BC6-4c92-B742-6BE9B01AE874}\InprocServer32\3.0.0.0]
"Class"="System.ServiceModel.ComIntegration.DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7B2801E6-0BC6-4c92-B742-6BE9B01AE874}\ProgId]
@="DllHostInitializer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{00000141-0000-0000-C000-000000000046}]
@="IDLLHost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{7B130458-E09C-4823-A8AF-2583DCD9AEC7}]
@="EapThirdPartyDllHost"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\753197c2_0]
@="{0.0.0.00000000}.{49d53449-a4d8-4f3e-b801-be9e848d86bf}|\Device\HarddiskVolume3\Windows\SysWOW64\dllhost.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
"a"="DllHost.exe"
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\System32\dllhost.exe"="COM Surrogate"
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\System32\dllhost.exe"="COM Surrogate"

-= EOF =-
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby lynda » November 1st, 2014, 10:56 am

E: no changes in behavior.
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby pgmigg » November 1st, 2014, 12:22 pm

Hello lynda,

Good! :D Before starting a battle against dllhost.exe COM surrogate I need couple more scans. Please do the following:

Step 1.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value in blue, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • SELECT "Show hidden files and folders"
  6. Find below and
    • remove check mark from check box "Hide extensions for known file types"
    • remove check mark from check box "Hide protected operating system files"
  7. Press the Apply, then the OK buttons.

Step 2.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Windows\System32\ctfmon.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\System32\dllhost.exe
C:\Windows\SysWOW64\dllhost.exe


Using Jotti
  1. Choose the appropriate language (if needed)... once a language is selected, you'll see a message "Ready to receive files"
  2. Press the Browse button and navigate to -one- of the files in the list.
  3. Double click the located file name...The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  8. Please repeat this procedure for each file listed above.
  9. Paste the Web address link(s) for the scan results in your next reply.

Using Virus Total
  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.

Step 3.
SystemLook
You should still have SystemLook_x64.exe on your desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *Surrogate*
    
    :folderfind
    *Surrogate*
    
    :Regfind
    Surrogate
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. The resulting web links after online file scan by Virus Total or Jotti.
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00


Re: dllhost.exe COM surrogate problem

Unread postby lynda » November 1st, 2014, 12:46 pm

Results from Systemlook:
SystemLook 30.07.11 by jpshortstuff
Log created at 11:42 on 01/11/2014 by Dworaks
Administrator - Elevation successful

========== filefind ==========

Searching for "*Surrogate*"
C:\Program Files\Microsoft Office 15\root\client\AppVDllSurrogate32.exe --a---- 124072 bytes [08:46 09/08/2013] [13:03 26/09/2014] 33DFE1A4E0072E6815D653AABC0A8444
C:\Program Files\Microsoft Office 15\root\client\AppVDllSurrogate64.exe --a---- 145056 bytes [08:46 09/08/2013] [13:03 26/09/2014] C419E73483ADA429BF4693D77CE49279
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d.manifest --a---- 2848 bytes [02:33 14/07/2009] [02:22 14/07/2009] 276A9D8D8F7A7CFDCDF4C5AD273F2CD6
C:\Windows\winsxs\Manifests\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7.manifest --a---- 2846 bytes [02:33 14/07/2009] [01:54 14/07/2009] 96098B5C52937AE0FE58DB97E7DAFC51

========== folderfind ==========

Searching for "*Surrogate*"
C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d d------ [03:20 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7 d------ [03:20 14/07/2009]

========== Regfind ==========

Searching for "Surrogate"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ime\IMTC70]
"Surrogate"="0x00000000"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\System32\dllhost.exe"="COM Surrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{00021401-0000-0000-C000-000000000046}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0010890e-8789-413c-adbc-48f5b511b3af}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{00393519-3A67-4507-A2B8-85146167ACA7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{03e15b2e-cca6-451c-8fb0-1e2ee37a27dd}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{06622D85-6856-4460-8DE1-A81921B41C4B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0671E064-7C24-4AC0-AF10-0F3055707C32}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{06C792F8-6212-4F39-BF70-E8C0AC965C23}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{08F646B3-5E7F-4B7A-A5CB-F95445F9F67A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0968e258-16c7-4dba-aa86-462dd61e31a3}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0C3B05FB-3498-40C3-9C03-4B22D735550C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{11c058e0-9f3e-4c90-a459-2553f2f9e011}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{12C21EA7-2EB8-4B55-9249-AC243DA8C666}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{16D99191-6280-4B33-A2F5-04805A0FC582}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1BA783C1-2A30-4ad3-B928-A9A46C604C28}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1E5300BE-0762-4527-8140-C0FF22DDFC56}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1f2e5c40-9550-11ce-99d2-00aa006e086c}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1fda955b-61ff-11da-978c-0008744faab7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2206CDB0-19C1-11D1-89E0-00C04FD7A829}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2331D136-E39D-4019-92D6-7CE5579962FB}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{273541FF-7F64-5B0F-8F00-5D77AFBE261E}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2C941FD1-975B-59BE-A960-9A2A262853A5}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{304CE942-6E39-40D8-943A-B913C40C9CD4}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{30d49246-d217-465f-b00b-ac9ddd652eb7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{383b69fa-5486-49da-91f5-d63c24c8e9d0}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3ad05575-8857-4850-9277-11b85bdb8e09}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3E000D72-A845-4CD9-BD83-80C07C3B881F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3E5FC7F9-9A51-4367-9063-A120244FBEC7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3eb3c877-1f16-487c-9050-104dbcd66683}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3F5E4B87-C907-4f76-82E4-6FDF0CE90E25}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3F6B5E16-092A-41ED-930B-0B4125D91D4E}]
@="MSTTS DecObj Class Surrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3F6B5E16-092A-41ED-930B-0B4125D91D4E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{434A6274-C539-4E99-88FC-44206D942775}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{44C39C96-0167-478F-B68D-783294A2545D}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{46C166AA-3108-11D4-9348-00C04F8EEB71}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{48da6741-1bf0-4a44-8325-293086c79077}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{49f171dd-b51a-40d3-9a6c-52d674cc729d}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4A6B8BAD-9872-4525-A812-71A52367DC17}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4D111E08-CBF7-4f12-A926-2C7920AF52FC}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4E14FBA2-2E22-11D1-9964-00C04FBBB345}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4f6bcd94-c2a5-42ce-8dbc-31e794be4630}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{5011B6DE-E9FA-4518-B5E5-45DE9DD2CDC6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{50a9ab2a-20f8-4d71-9f32-9fd305b49601}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{50d69d24-961d-4828-9d1c-5f4717f226d1}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{514B5E31-5596-422F-BE58-D804464683B5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{53362C32-A296-4F2D-A2F8-FD984D08340B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{53362C64-A296-4F2D-A2F8-FD984D08340B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{534A1E02-D58F-44f0-B58B-36CBED287C7C}]
@="32-bit Preview Handler Surrogate Host"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{534A1E02-D58F-44f0-B58B-36CBED287C7C}]
"DllSurrogate"="C:\Windows\SysWOW64\prevhost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{59347292-B72D-41F2-98C5-E9ACA1B247A2}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{5AAABB05-F91B-4bce-AB18-D8319DEDABA8}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{60173D16-A550-47f0-A14B-C6F9E4DA0831}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{60a90a2f-858d-42af-8929-82be9d99e8a1}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{623D5F5E-2F09-427d-8BD7-64495CD9835D}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{63CE6D27-426A-41F9-8E51-549C1132DAE2}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{642ef9d6-48a5-476b-919a-a507cfd02c0f}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{66eea0f5-001a-4073-a496-783f86fcf4c0}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6CE51F75-0448-438e-B9CA-69C352A248A7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6d2b5079-2f0b-48dd-ab7f-97cec514d30b}]
@="Preview Handler Surrogate Host"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6d2b5079-2f0b-48dd-ab7f-97cec514d30b}]
"DllSurrogate"="%SystemRoot%\system32\prevhost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7007ACC5-3202-11D1-AAD2-00805FC1270E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7007ACD1-3202-11D1-AAD2-00805FC1270E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{71B804C5-5577-471D-8FE5-C4A45B654EB8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72A7994A-3092-4054-B6BE-08FF81AEEFFC}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7568952A-571E-4C70-BEA9-7F9004393436}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{76AE5F57-B7C9-421f-B55E-FB25144317B6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{76be8257-c4c0-4d37-90c0-a23372254d27}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{76D0CB12-7604-4048-B83C-1005C7DDC503}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{777BA81A-2498-4875-933A-3067DE883070}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7A076CE1-4B31-452a-A4F1-0304C8738100}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7aa7790d-75d7-484b-98a1-3913d022091d}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7B130458-E09C-4823-A8AF-2583DCD9AEC7}]
"DllSurrogate"="%SystemRoot%\System32\Eap3Host.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7C8AB6D9-8764-4033-8F62-2FE896E54B32}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{825FC848-87F7-4F26-9EF6-43964094FF98}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{84D586C4-A423-11D2-B943-00C04F79D22F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}]
"DllSurrogate"="%SystemRoot%\System32\Eap3Host.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8C334A55-DDB9-491C-817E-35A6B85D2ECB}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8D26D9AA-5DA8-4b95-949A-B74954A229A6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8f3080a6-af99-4f2e-a806-f3d5702a0444}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9200689A-F979-4eea-8830-0E1D6B74821F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{92C2A9B3-4228-438E-8A7B-EF110987764C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A2D8CFE7-7BA4-4bad-B86B-851376B59134}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A4B07E49-6567-4FB8-8D39-01920E3B2357}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a4c31131-ff70-4984-afd6-0609ced53ad6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A79DB36D-6218-48E6-9EC9-DCBA9A39BF00}]
"DllSurrogate"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AD3EDBCA-0901-415B-82E9-C16D3B65E38C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B366DEBE-645B-43A5-B865-DDD82C345492}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{b70cc729-28ae-11dd-9676-000000000000}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B8A2E14E-290D-4122-B092-1A7D86198CCE}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BA126F01-2166-11D1-B1D0-00805FC1270E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BDE0D630-7801-47cd-984E-1F0AFBC5ACBF}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{c2a71820-3463-498f-bab7-4798795a2ff6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C49F2185-50A7-11D3-9144-00104BA11C5E}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{c5bbbd35-e321-468a-9884-6708aa083f83}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CC70FEAD-94B9-4F76-88CC-004BB068ACDF}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{cee8ccc9-4f6b-4469-a235-5a22869eef03}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D2E7041B-2927-42fb-8E9F-7CE93B6DC937}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}]
@="Bluewire unpairing elevation surrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E10F6C3A-F1AE-4adc-AA9D-2FE65525666E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E1990E85-DFE4-4410-82CE-C74C57BF6E8E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{e30984f1-b02b-4c27-a40f-23d11b8c1212}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E7F34D0A-582E-4a48-98BA-6E58AAA3AD4C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E8054D20-497D-4E16-BF41-6E69FCD381A5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E96767E0-7EAA-45e1-8E7D-64414AFF281A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{ECABB0C6-7F19-11D2-978E-0000F8757E2A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{edb5f444-cb8d-445a-a523-ec5ab6ea33c7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F056D291-A2AB-45f7-8EE4-40454493B351}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F20DA720-C02F-11CE-927B-0800095AE340}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}]
@="SPPSurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F3D3AA8D-EF96-4470-848E-BD70B803047A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{f4be747e-45c4-4701-90f1-d49d9ac30248}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{f62fdd2e-66d2-423b-9a04-f71ea00f892a}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F75B6772-91E4-4D2F-9D44-61A447109C2B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F87E8A73-C375-4984-BFFB-709016C57658}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FA1456D3-4B97-4f9c-8511-2786161DC333}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FCC74B77-EC3E-4dd8-A80B-008A702075A9}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B0E5E9-D635-4CD3-B98D-7C10E700DEA0}]
@="PimcSurrogate Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B0E5E9-D635-4CD3-B98D-7C10E700DEA0}\ProgID]
@="PenIMC.PimcSurrogate.4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24EEC005-3938-3C71-821D-7F68FD850B2D}]
@="System.Runtime.Remoting.Messaging.RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24EEC005-3938-3C71-821D-7F68FD850B2D}\InprocServer32]
"Class"="System.Runtime.Remoting.Messaging.RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24EEC005-3938-3C71-821D-7F68FD850B2D}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.Remoting.Messaging.RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24EEC005-3938-3C71-821D-7F68FD850B2D}\ProgId]
@="System.Runtime.Remoting.Messaging.RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C8A919-EB24-3CCA-84F7-2EA82BB3F3ED}]
@="System.Runtime.Serialization.SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C8A919-EB24-3CCA-84F7-2EA82BB3F3ED}\InprocServer32]
"Class"="System.Runtime.Serialization.SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C8A919-EB24-3CCA-84F7-2EA82BB3F3ED}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.Serialization.SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C8A919-EB24-3CCA-84F7-2EA82BB3F3ED}\ProgId]
@="System.Runtime.Serialization.SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{967696C6-354C-4B5C-9CC8-BD9E1C480C77}]
@="PimcSurrogate Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{967696C6-354C-4B5C-9CC8-BD9E1C480C77}\ProgID]
@="PenIMC.PimcSurrogate.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000022-0000-0000-C000-000000000046}]
@="ISurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04A35D22-0B08-34E7-A573-88EF2374375E}]
@="_MessageSurrogateFilter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{551F7A57-8651-37DB-A94A-6A3CA09C0ED7}]
@="_RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F478AC7-7B54-4E5B-86E4-441092FAC8DD}]
@="IPimcSurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{62339172-DBFA-337B-8AC8-053B241E06AB}]
@="ISerializationSurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE27784-B62B-4701-861C-6557E3D740E3}]
@="IPimcSurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DE1230E-1F52-3779-9619-F5184103466C}]
@="_SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C66FF18-A1A5-3E19-857B-0E7B6A9E3F38}]
@="ISurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PenIMC.PimcSurrogate.2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PenIMC.PimcSurrogate.2]
@="PimcSurrogate Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PenIMC.PimcSurrogate.4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PenIMC.PimcSurrogate.4]
@="PimcSurrogate Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.Remoting.Messaging.RemotingSurrogateSelector]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.Remoting.Messaging.RemotingSurrogateSelector]
@="System.Runtime.Remoting.Messaging.RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.Serialization.SurrogateSelector]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.Serialization.SurrogateSelector]
@="System.Runtime.Serialization.SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{07B0E5E9-D635-4CD3-B98D-7C10E700DEA0}]
@="PimcSurrogate Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{07B0E5E9-D635-4CD3-B98D-7C10E700DEA0}\ProgID]
@="PenIMC.PimcSurrogate.4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{24EEC005-3938-3C71-821D-7F68FD850B2D}]
@="System.Runtime.Remoting.Messaging.RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{24EEC005-3938-3C71-821D-7F68FD850B2D}\InprocServer32]
"Class"="System.Runtime.Remoting.Messaging.RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{24EEC005-3938-3C71-821D-7F68FD850B2D}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.Remoting.Messaging.RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{24EEC005-3938-3C71-821D-7F68FD850B2D}\ProgId]
@="System.Runtime.Remoting.Messaging.RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{88C8A919-EB24-3CCA-84F7-2EA82BB3F3ED}]
@="System.Runtime.Serialization.SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{88C8A919-EB24-3CCA-84F7-2EA82BB3F3ED}\InprocServer32]
"Class"="System.Runtime.Serialization.SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{88C8A919-EB24-3CCA-84F7-2EA82BB3F3ED}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.Serialization.SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{88C8A919-EB24-3CCA-84F7-2EA82BB3F3ED}\ProgId]
@="System.Runtime.Serialization.SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{967696C6-354C-4B5C-9CC8-BD9E1C480C77}]
@="PimcSurrogate Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{967696C6-354C-4B5C-9CC8-BD9E1C480C77}\ProgID]
@="PenIMC.PimcSurrogate.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000022-0000-0000-C000-000000000046}]
@="ISurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04A35D22-0B08-34E7-A573-88EF2374375E}]
@="_MessageSurrogateFilter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{551F7A57-8651-37DB-A94A-6A3CA09C0ED7}]
@="_RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5F478AC7-7B54-4E5B-86E4-441092FAC8DD}]
@="IPimcSurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{62339172-DBFA-337B-8AC8-053B241E06AB}]
@="ISerializationSurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE27784-B62B-4701-861C-6557E3D740E3}]
@="IPimcSurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6DE1230E-1F52-3779-9619-F5184103466C}]
@="_SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7C66FF18-A1A5-3E19-857B-0E7B6A9E3F38}]
@="ISurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{00021401-0000-0000-C000-000000000046}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{0010890e-8789-413c-adbc-48f5b511b3af}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{00393519-3A67-4507-A2B8-85146167ACA7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{03e15b2e-cca6-451c-8fb0-1e2ee37a27dd}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{06622D85-6856-4460-8DE1-A81921B41C4B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{0671E064-7C24-4AC0-AF10-0F3055707C32}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{06C792F8-6212-4F39-BF70-E8C0AC965C23}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{08F646B3-5E7F-4B7A-A5CB-F95445F9F67A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{0968e258-16c7-4dba-aa86-462dd61e31a3}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{0C3B05FB-3498-40C3-9C03-4B22D735550C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{11c058e0-9f3e-4c90-a459-2553f2f9e011}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{12C21EA7-2EB8-4B55-9249-AC243DA8C666}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{16D99191-6280-4B33-A2F5-04805A0FC582}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1BA783C1-2A30-4ad3-B928-A9A46C604C28}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1E5300BE-0762-4527-8140-C0FF22DDFC56}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1f2e5c40-9550-11ce-99d2-00aa006e086c}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{1fda955b-61ff-11da-978c-0008744faab7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{2206CDB0-19C1-11D1-89E0-00C04FD7A829}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{2331D136-E39D-4019-92D6-7CE5579962FB}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{273541FF-7F64-5B0F-8F00-5D77AFBE261E}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{2C941FD1-975B-59BE-A960-9A2A262853A5}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{304CE942-6E39-40D8-943A-B913C40C9CD4}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{30d49246-d217-465f-b00b-ac9ddd652eb7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{383b69fa-5486-49da-91f5-d63c24c8e9d0}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{3ad05575-8857-4850-9277-11b85bdb8e09}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{3E000D72-A845-4CD9-BD83-80C07C3B881F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{3E5FC7F9-9A51-4367-9063-A120244FBEC7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{3eb3c877-1f16-487c-9050-104dbcd66683}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{3F5E4B87-C907-4f76-82E4-6FDF0CE90E25}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{3F6B5E16-092A-41ED-930B-0B4125D91D4E}]
@="MSTTS DecObj Class Surrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{3F6B5E16-092A-41ED-930B-0B4125D91D4E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{434A6274-C539-4E99-88FC-44206D942775}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{44C39C96-0167-478F-B68D-783294A2545D}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{46C166AA-3108-11D4-9348-00C04F8EEB71}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{48da6741-1bf0-4a44-8325-293086c79077}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{49f171dd-b51a-40d3-9a6c-52d674cc729d}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{4A6B8BAD-9872-4525-A812-71A52367DC17}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{4D111E08-CBF7-4f12-A926-2C7920AF52FC}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{4E14FBA2-2E22-11D1-9964-00C04FBBB345}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{4f6bcd94-c2a5-42ce-8dbc-31e794be4630}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{5011B6DE-E9FA-4518-B5E5-45DE9DD2CDC6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{50a9ab2a-20f8-4d71-9f32-9fd305b49601}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{50d69d24-961d-4828-9d1c-5f4717f226d1}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{514B5E31-5596-422F-BE58-D804464683B5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{53362C32-A296-4F2D-A2F8-FD984D08340B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{53362C64-A296-4F2D-A2F8-FD984D08340B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{534A1E02-D58F-44f0-B58B-36CBED287C7C}]
@="32-bit Preview Handler Surrogate Host"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{534A1E02-D58F-44f0-B58B-36CBED287C7C}]
"DllSurrogate"="C:\Windows\SysWOW64\prevhost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{59347292-B72D-41F2-98C5-E9ACA1B247A2}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{5AAABB05-F91B-4bce-AB18-D8319DEDABA8}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{60173D16-A550-47f0-A14B-C6F9E4DA0831}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{60a90a2f-858d-42af-8929-82be9d99e8a1}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{623D5F5E-2F09-427d-8BD7-64495CD9835D}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{63CE6D27-426A-41F9-8E51-549C1132DAE2}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{642ef9d6-48a5-476b-919a-a507cfd02c0f}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{66eea0f5-001a-4073-a496-783f86fcf4c0}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6CE51F75-0448-438e-B9CA-69C352A248A7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6d2b5079-2f0b-48dd-ab7f-97cec514d30b}]
@="Preview Handler Surrogate Host"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6d2b5079-2f0b-48dd-ab7f-97cec514d30b}]
"DllSurrogate"="%SystemRoot%\system32\prevhost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7007ACC5-3202-11D1-AAD2-00805FC1270E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7007ACD1-3202-11D1-AAD2-00805FC1270E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{71B804C5-5577-471D-8FE5-C4A45B654EB8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{72A7994A-3092-4054-B6BE-08FF81AEEFFC}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7568952A-571E-4C70-BEA9-7F9004393436}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{76AE5F57-B7C9-421f-B55E-FB25144317B6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{76be8257-c4c0-4d37-90c0-a23372254d27}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{76D0CB12-7604-4048-B83C-1005C7DDC503}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{777BA81A-2498-4875-933A-3067DE883070}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7A076CE1-4B31-452a-A4F1-0304C8738100}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7aa7790d-75d7-484b-98a1-3913d022091d}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7B130458-E09C-4823-A8AF-2583DCD9AEC7}]
"DllSurrogate"="%SystemRoot%\System32\Eap3Host.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7C8AB6D9-8764-4033-8F62-2FE896E54B32}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{825FC848-87F7-4F26-9EF6-43964094FF98}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{84D586C4-A423-11D2-B943-00C04F79D22F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}]
"DllSurrogate"="%SystemRoot%\System32\Eap3Host.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{8C334A55-DDB9-491C-817E-35A6B85D2ECB}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{8D26D9AA-5DA8-4b95-949A-B74954A229A6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{8f3080a6-af99-4f2e-a806-f3d5702a0444}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{9200689A-F979-4eea-8830-0E1D6B74821F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{92C2A9B3-4228-438E-8A7B-EF110987764C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{A2D8CFE7-7BA4-4bad-B86B-851376B59134}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{A4B07E49-6567-4FB8-8D39-01920E3B2357}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{a4c31131-ff70-4984-afd6-0609ced53ad6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{A79DB36D-6218-48E6-9EC9-DCBA9A39BF00}]
"DllSurrogate"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{AD3EDBCA-0901-415B-82E9-C16D3B65E38C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B366DEBE-645B-43A5-B865-DDD82C345492}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{b70cc729-28ae-11dd-9676-000000000000}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B8A2E14E-290D-4122-B092-1A7D86198CCE}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{BA126F01-2166-11D1-B1D0-00805FC1270E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{BDE0D630-7801-47cd-984E-1F0AFBC5ACBF}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{c2a71820-3463-498f-bab7-4798795a2ff6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{C49F2185-50A7-11D3-9144-00104BA11C5E}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{c5bbbd35-e321-468a-9884-6708aa083f83}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CC70FEAD-94B9-4F76-88CC-004BB068ACDF}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{cee8ccc9-4f6b-4469-a235-5a22869eef03}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D2E7041B-2927-42fb-8E9F-7CE93B6DC937}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}]
@="Bluewire unpairing elevation surrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{E10F6C3A-F1AE-4adc-AA9D-2FE65525666E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{E1990E85-DFE4-4410-82CE-C74C57BF6E8E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{e30984f1-b02b-4c27-a40f-23d11b8c1212}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{E7F34D0A-582E-4a48-98BA-6E58AAA3AD4C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{E8054D20-497D-4E16-BF41-6E69FCD381A5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{E96767E0-7EAA-45e1-8E7D-64414AFF281A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{ECABB0C6-7F19-11D2-978E-0000F8757E2A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{edb5f444-cb8d-445a-a523-ec5ab6ea33c7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{F056D291-A2AB-45f7-8EE4-40454493B351}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{F20DA720-C02F-11CE-927B-0800095AE340}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}]
@="SPPSurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{F3D3AA8D-EF96-4470-848E-BD70B803047A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{f4be747e-45c4-4701-90f1-d49d9ac30248}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{f62fdd2e-66d2-423b-9a04-f71ea00f892a}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{F75B6772-91E4-4D2F-9D44-61A447109C2B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{F87E8A73-C375-4984-BFFB-709016C57658}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{FA1456D3-4B97-4f9c-8511-2786161DC333}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{FCC74B77-EC3E-4dd8-A80B-008A702075A9}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\AppID\{37B05236-FFB5-4D42-B0C8-4A36CBF1BE15}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\AppID\{52A0704B-CD41-4B75-A49F-A47322B23773}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_none_f6a74bc1d09a2b1a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_none_9a88b03e183cb9e4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B0E5E9-D635-4CD3-B98D-7C10E700DEA0}]
@="PimcSurrogate Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{07B0E5E9-D635-4CD3-B98D-7C10E700DEA0}\ProgID]
@="PenIMC.PimcSurrogate.4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{24EEC005-3938-3C71-821D-7F68FD850B2D}]
@="System.Runtime.Remoting.Messaging.RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{24EEC005-3938-3C71-821D-7F68FD850B2D}\InprocServer32]
"Class"="System.Runtime.Remoting.Messaging.RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{24EEC005-3938-3C71-821D-7F68FD850B2D}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.Remoting.Messaging.RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{24EEC005-3938-3C71-821D-7F68FD850B2D}\ProgId]
@="System.Runtime.Remoting.Messaging.RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{88C8A919-EB24-3CCA-84F7-2EA82BB3F3ED}]
@="System.Runtime.Serialization.SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{88C8A919-EB24-3CCA-84F7-2EA82BB3F3ED}\InprocServer32]
"Class"="System.Runtime.Serialization.SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{88C8A919-EB24-3CCA-84F7-2EA82BB3F3ED}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.Serialization.SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{88C8A919-EB24-3CCA-84F7-2EA82BB3F3ED}\ProgId]
@="System.Runtime.Serialization.SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{967696C6-354C-4B5C-9CC8-BD9E1C480C77}]
@="PimcSurrogate Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{967696C6-354C-4B5C-9CC8-BD9E1C480C77}\ProgID]
@="PenIMC.PimcSurrogate.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{00000022-0000-0000-C000-000000000046}]
@="ISurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{04A35D22-0B08-34E7-A573-88EF2374375E}]
@="_MessageSurrogateFilter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{551F7A57-8651-37DB-A94A-6A3CA09C0ED7}]
@="_RemotingSurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{5F478AC7-7B54-4E5B-86E4-441092FAC8DD}]
@="IPimcSurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{62339172-DBFA-337B-8AC8-053B241E06AB}]
@="ISerializationSurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6AE27784-B62B-4701-861C-6557E3D740E3}]
@="IPimcSurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6DE1230E-1F52-3779-9619-F5184103466C}]
@="_SurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7C66FF18-A1A5-3E19-857B-0E7B6A9E3F38}]
@="ISurrogateSelector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{00021401-0000-0000-C000-000000000046}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{0010890e-8789-413c-adbc-48f5b511b3af}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{00393519-3A67-4507-A2B8-85146167ACA7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{03e15b2e-cca6-451c-8fb0-1e2ee37a27dd}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{06622D85-6856-4460-8DE1-A81921B41C4B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{0671E064-7C24-4AC0-AF10-0F3055707C32}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{06C792F8-6212-4F39-BF70-E8C0AC965C23}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{08F646B3-5E7F-4B7A-A5CB-F95445F9F67A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{0968e258-16c7-4dba-aa86-462dd61e31a3}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{0C3B05FB-3498-40C3-9C03-4B22D735550C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{11c058e0-9f3e-4c90-a459-2553f2f9e011}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{12C21EA7-2EB8-4B55-9249-AC243DA8C666}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{16D99191-6280-4B33-A2F5-04805A0FC582}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{1BA783C1-2A30-4ad3-B928-A9A46C604C28}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{1E5300BE-0762-4527-8140-C0FF22DDFC56}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{1f2e5c40-9550-11ce-99d2-00aa006e086c}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{1fda955b-61ff-11da-978c-0008744faab7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{2206CDB0-19C1-11D1-89E0-00C04FD7A829}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{2331D136-E39D-4019-92D6-7CE5579962FB}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{273541FF-7F64-5B0F-8F00-5D77AFBE261E}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{2C941FD1-975B-59BE-A960-9A2A262853A5}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{304CE942-6E39-40D8-943A-B913C40C9CD4}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{30d49246-d217-465f-b00b-ac9ddd652eb7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{383b69fa-5486-49da-91f5-d63c24c8e9d0}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{3ad05575-8857-4850-9277-11b85bdb8e09}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{3E000D72-A845-4CD9-BD83-80C07C3B881F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{3E5FC7F9-9A51-4367-9063-A120244FBEC7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{3eb3c877-1f16-487c-9050-104dbcd66683}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{3F5E4B87-C907-4f76-82E4-6FDF0CE90E25}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{3F6B5E16-092A-41ED-930B-0B4125D91D4E}]
@="MSTTS DecObj Class Surrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{3F6B5E16-092A-41ED-930B-0B4125D91D4E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{434A6274-C539-4E99-88FC-44206D942775}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{44C39C96-0167-478F-B68D-783294A2545D}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{46C166AA-3108-11D4-9348-00C04F8EEB71}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{48da6741-1bf0-4a44-8325-293086c79077}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{49f171dd-b51a-40d3-9a6c-52d674cc729d}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{4A6B8BAD-9872-4525-A812-71A52367DC17}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{4D111E08-CBF7-4f12-A926-2C7920AF52FC}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{4E14FBA2-2E22-11D1-9964-00C04FBBB345}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{4f6bcd94-c2a5-42ce-8dbc-31e794be4630}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{5011B6DE-E9FA-4518-B5E5-45DE9DD2CDC6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{50a9ab2a-20f8-4d71-9f32-9fd305b49601}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{50d69d24-961d-4828-9d1c-5f4717f226d1}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{514B5E31-5596-422F-BE58-D804464683B5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{53362C32-A296-4F2D-A2F8-FD984D08340B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{53362C64-A296-4F2D-A2F8-FD984D08340B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{534A1E02-D58F-44f0-B58B-36CBED287C7C}]
@="32-bit Preview Handler Surrogate Host"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{534A1E02-D58F-44f0-B58B-36CBED287C7C}]
"DllSurrogate"="C:\Windows\SysWOW64\prevhost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{59347292-B72D-41F2-98C5-E9ACA1B247A2}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{5AAABB05-F91B-4bce-AB18-D8319DEDABA8}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{60173D16-A550-47f0-A14B-C6F9E4DA0831}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{60a90a2f-858d-42af-8929-82be9d99e8a1}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{623D5F5E-2F09-427d-8BD7-64495CD9835D}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{63CE6D27-426A-41F9-8E51-549C1132DAE2}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{642ef9d6-48a5-476b-919a-a507cfd02c0f}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{66eea0f5-001a-4073-a496-783f86fcf4c0}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{6CE51F75-0448-438e-B9CA-69C352A248A7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{6d2b5079-2f0b-48dd-ab7f-97cec514d30b}]
@="Preview Handler Surrogate Host"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{6d2b5079-2f0b-48dd-ab7f-97cec514d30b}]
"DllSurrogate"="%SystemRoot%\system32\prevhost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{7007ACC5-3202-11D1-AAD2-00805FC1270E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{7007ACD1-3202-11D1-AAD2-00805FC1270E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{71B804C5-5577-471D-8FE5-C4A45B654EB8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{72A7994A-3092-4054-B6BE-08FF81AEEFFC}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{7568952A-571E-4C70-BEA9-7F9004393436}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{76AE5F57-B7C9-421f-B55E-FB25144317B6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{76be8257-c4c0-4d37-90c0-a23372254d27}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{76D0CB12-7604-4048-B83C-1005C7DDC503}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{777BA81A-2498-4875-933A-3067DE883070}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{7A076CE1-4B31-452a-A4F1-0304C8738100}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{7aa7790d-75d7-484b-98a1-3913d022091d}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{7B130458-E09C-4823-A8AF-2583DCD9AEC7}]
"DllSurrogate"="%SystemRoot%\System32\Eap3Host.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{7C8AB6D9-8764-4033-8F62-2FE896E54B32}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{825FC848-87F7-4F26-9EF6-43964094FF98}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{84D586C4-A423-11D2-B943-00C04F79D22F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}]
"DllSurrogate"="%SystemRoot%\System32\Eap3Host.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{8C334A55-DDB9-491C-817E-35A6B85D2ECB}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{8D26D9AA-5DA8-4b95-949A-B74954A229A6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{8f3080a6-af99-4f2e-a806-f3d5702a0444}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{9200689A-F979-4eea-8830-0E1D6B74821F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{92C2A9B3-4228-438E-8A7B-EF110987764C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{A2D8CFE7-7BA4-4bad-B86B-851376B59134}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{A4B07E49-6567-4FB8-8D39-01920E3B2357}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{a4c31131-ff70-4984-afd6-0609ced53ad6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{A79DB36D-6218-48E6-9EC9-DCBA9A39BF00}]
"DllSurrogate"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{AD3EDBCA-0901-415B-82E9-C16D3B65E38C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B366DEBE-645B-43A5-B865-DDD82C345492}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{b70cc729-28ae-11dd-9676-000000000000}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B8A2E14E-290D-4122-B092-1A7D86198CCE}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{BA126F01-2166-11D1-B1D0-00805FC1270E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{BDE0D630-7801-47cd-984E-1F0AFBC5ACBF}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{c2a71820-3463-498f-bab7-4798795a2ff6}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{C49F2185-50A7-11D3-9144-00104BA11C5E}]
"DLLSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{c5bbbd35-e321-468a-9884-6708aa083f83}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{CC70FEAD-94B9-4F76-88CC-004BB068ACDF}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{cee8ccc9-4f6b-4469-a235-5a22869eef03}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{D0565000-9DF4-11D1-A281-00C04FCA0AA7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{D2E7041B-2927-42fb-8E9F-7CE93B6DC937}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}]
@="Bluewire unpairing elevation surrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{E10F6C3A-F1AE-4adc-AA9D-2FE65525666E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{E1990E85-DFE4-4410-82CE-C74C57BF6E8E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{e30984f1-b02b-4c27-a40f-23d11b8c1212}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{E7F34D0A-582E-4a48-98BA-6E58AAA3AD4C}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{E8054D20-497D-4E16-BF41-6E69FCD381A5}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{E96767E0-7EAA-45e1-8E7D-64414AFF281A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{ECABB0C3-7F19-11D2-978E-0000F8757E2A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{ECABB0C6-7F19-11D2-978E-0000F8757E2A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{edb5f444-cb8d-445a-a523-ec5ab6ea33c7}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{F056D291-A2AB-45f7-8EE4-40454493B351}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{F20DA720-C02F-11CE-927B-0800095AE340}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}]
@="SPPSurrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{F3D3AA8D-EF96-4470-848E-BD70B803047A}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{f4be747e-45c4-4701-90f1-d49d9ac30248}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{f62fdd2e-66d2-423b-9a04-f71ea00f892a}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{F75B6772-91E4-4D2F-9D44-61A447109C2B}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{F87E8A73-C375-4984-BFFB-709016C57658}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{FA1456D3-4B97-4f9c-8511-2786161DC333}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{FCC74B77-EC3E-4dd8-A80B-008A702075A9}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}]
"DllSurrogate"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}]
"DllSurrogate"=""
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\ime\IMTC70]
"Surrogate"="0x00000000"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\ime\IMTC70]
"Surrogate"="0x00000000"
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Microsoft\Windows\CurrentVersion\ime\IMTC70]
"Surrogate"="0x00000000"
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\System32\dllhost.exe"="COM Surrogate"
[HKEY_USERS\S-1-5-21-1962258163-3716458331-2083168627-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\System32\dllhost.exe"="COM Surrogate"

-= EOF =-
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm

Re: dllhost.exe COM surrogate problem

Unread postby lynda » November 1st, 2014, 12:46 pm

D: no changes in behavior.
lynda
Regular Member
 
Posts: 47
Joined: October 29th, 2014, 6:21 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 134 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware