Part 2 of Zoek Log:
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKCU\..\Run: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: INSTALL_TOR.URL
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.skillport.com
O15 - Trusted Zone: *.skillwsa.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EmbassyService - Unknown owner - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fitbit Data Uploader (Fitbit) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit\fitbit.exe
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell PBA x64 Service (PbaDrvSvc_x64) - Dell, Inc. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SI TSS v1.2.1.41 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Wave Authentication Manager Service - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WvPCR - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe
==== Silent Runners ======================
"Silent Runners.vbs", revision 69.2,
http://www.silentrunners.org/Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Fitbit Service Monitor = C:\Program Files (x86)\Fitbit\fitbit-tray.exe [Fitbit, Inc.]
Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS]
EADM = "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [Electronic Arts]
Fitbit Connect = "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun [Fitbit, Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [Realtek Semiconductor Corp.]
TdmNotify = C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [Wave Systems Corp.]
MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS]
Greenshot = C:\Program Files\Greenshot\Greenshot.exe [null data]
Logitech Download Assistant = C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [MS]
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
USB3MON = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [Intel Corporation]
IAStorIcon = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [Intel Corporation]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
CitrixReceiver = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [file not found]
ConnectionCenter = "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [Citrix Systems, Inc.]
Redirector = "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup [Citrix Systems, Inc.]
Fitbit Connect = "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun [Fitbit, Inc.]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]
CanonQuickMenu = C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon [CANON INC.]
IJNetworkScannerSelectorEX = C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [CANON INC.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{10921475-03CE-4E04-90CE-E2E7EF20C814}\(Default) = ExplorerWnd Helper
-> {HKLM...CLSID} = ExplorerWnd Helper
\InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [file not found]
-> {HKLM...Wow...CLSID} =
\InProcServer32\(Default) = [file not found]
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Lync Click to Call BHO
-> {HKLM...CLSID} = Lync Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [MS]
-> {HKLM...Wow...CLSID} = Lync Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [MS]
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\(Default) = Canon Easy-WebPrint EX BHO
-> {HKLM...CLSID} = Canon Easy-WebPrint EX BHO
\InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]
-> {HKLM...Wow...CLSID} = Canon Easy-WebPrint EX BHO
\InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
-> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [MS]
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [MS]
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Lync Click to Call BHO
-> {HKLM...CLSID} = Lync Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [MS]
-> {HKLM...Wow...CLSID} = Lync Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [MS]
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\(Default) = Canon Easy-WebPrint EX BHO
-> {HKLM...CLSID} = Canon Easy-WebPrint EX BHO
\InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]
-> {HKLM...Wow...CLSID} = Canon Easy-WebPrint EX BHO
\InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
-> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [MS]
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [MS]
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7}
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]
SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]
SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]
EnabledUnlockedFDEIconOverlay\(Default) = {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}
-> {HKLM...CLSID} = FdeInitIcon Class
\InProcServer32\(Default) = C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [Wave Systems Corp.]
UninitializedFdeIconOverlay\(Default) = {CF08DA3E-C97D-4891-A66B-E39B28DD270F}
-> {HKLM...CLSID} = FdeUninitIcon Class
\InProcServer32\(Default) = C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [Wave Systems Corp.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7}
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]
SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]
SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS]
{8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]
{CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]
{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONFILTER.DLL [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office15\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office15\msoshext.dll [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\VISSHE.DLL [MS]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
-> {HKLM...CLSID} = iTunes
\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]
{A6FF0E3A-8437-482C-8E04-4F9E15C57538} = UnLockerMenu
-> {HKLM...CLSID} = UnLockerMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [file not found]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONFILTER.DLL [MS]
{8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]
{CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]
{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper
-> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office15\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office15\msoshext.dll [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\VISSHE.DLL [MS]
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> Authentication Packages = msv1_0|wvauth
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\
{AE583D93-8D1B-424F-9858-5623FB7824EE}\(Default) = UPEK Fingerprint Credential Provider Filter
-> {HKLM...CLSID} = Provider Filter Object
\InProcServer32\(Default) = C:\Program Files\Common Files\SPBA\provider.dll [Authentec Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{18CBEEAA-6708-41A1-9379-D08915333CF2}\(Default) = UPEK Fingerprint Credential Provider
-> {HKLM...CLSID} = Provider Object
\InProcServer32\(Default) = C:\Program Files\Common Files\SPBA\provider.dll [Authentec Inc.]
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
TextPad\(Default) = {8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}
-> {HKCU...CLSID} = TextPad
\InProcServer32\(Default) = C:\Program Files (x86)\TextPad 7\System\shellext64.dll [Helios Software Solutions]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Advanced SystemCare\(Default) = {2803063F-4B8D-4dc6-8874-D1802487FE2D}
-> {HKLM...CLSID} = CExtMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll [file not found]
EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS]
UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538}
-> {HKLM...CLSID} = UnLockerMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [file not found]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
Advanced SystemCare\(Default) = {2803063F-4B8D-4dc6-8874-D1802487FE2D}
-> {HKLM...CLSID} = CExtMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll [file not found]
EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS]
UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538}
-> {HKLM...CLSID} = UnLockerMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [file not found]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM...CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...Wow...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538}
-> {HKLM...CLSID} = UnLockerMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [file not found]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
DisableRegistryTools = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
DisableTaskMgr = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Dworaks\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\Windows\WLXPGSS.SCR [MS]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]
iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]
iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]
iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]
MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
Startup items in "Dworaks" & "All Users" startup folders:
---------------------------------------------------------
C:\Users\Dworaks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}
INSTALL_TOR -> URL shortcut to:
https://paytordmbdekmizq.torsona.com/6oLm95Windows Sidebar Gadgets: {++}
------------------------
C:\Users\Dworaks\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CClock.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCalendar.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CWeather.Gadget"
Non-disabled Scheduled Tasks: {++}
-----------------------------
C:\Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
Microsoft Office 15 Sync Maintenance for Dworaks-PC-Dworaks Dworaks-PC -> launches: C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [MS]
WSCEAA -> launches: C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe -schedule [null data]
{8EFC75E5-698E-4E42-A93C-4E37CD6D4A19} -> launches: C:\Windows\system32\pcalua.exe -a "C:\ProgramData\Citrix\Citrix Receiver\TrolleyExpress.exe" -c /uninstall /cleanup [MS]
{9FDDFA76-CBDA-F5CE-5CB7-030DBEF45EFB} -> launches: C:\Windows\system32\regsvr32.exe /s "C:\Windows\system32\nupqiz.dll" [MS]
C:\Windows\System32\Tasks\Apple
AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]
C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware
Microsoft Antimalware Scheduled Scan -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS]
MpIdleTask -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS]
C:\Windows\System32\Tasks\Microsoft\Office
Office Automatic Updates -> launches: C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False [MS]
OfficeTelemetryAgentFallBack -> launches: C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe scan upload mininterval:2880 [MS]
OfficeTelemetryAgentLogOn -> launches: C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe scan upload [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM...CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM...CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM...CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
-> {HKLM...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
-> {HKLM...Wow...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
-> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]
C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-1962258163-3716458331-2083168627-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} = Canon Easy-WebPrint EX
-> {HKLM...CLSID} = Canon Easy-WebPrint EX
\InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} = Canon Easy-WebPrint EX
-> {HKLM...Wow...CLSID} = Canon Easy-WebPrint EX
\InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21347690-EC41-4F9A-8887-1F4AEE672439}\(Default) = (no title provided)
-> {HKLM...CLSID} = Canon Easy-WebPrint EX
\InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll [MS]
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\
ButtonText = Lync Click to Call
MenuText = Lync Click to Call
CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
-> {HKLM...CLSID} = Lync Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [MS]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
-> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll [MS]
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\
ButtonText = Lync Click to Call
MenuText = Lync Click to Call
CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
-> {HKLM...Wow...CLSID} = Lync Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [MS]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...Wow...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll [MS]
Miscellaneous IE Hijack Points
------------------------------
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> InPrivate =
res://ieframe.dll/inprivate_win7.htm [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Canon Inkjet Printer/Scanner/Fax Extended Survey Program, IJPLMSVC, C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [null data]
Dell PBA x64 Service, PbaDrvSvc_x64, "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe" [Dell, Inc.]
EmbassyService, EmbassyService, "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe" [null data]
Fitbit Connect Service, Fitbit Connect, C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [Fitbit, Inc.]
Fitbit Data Uploader, Fitbit, C:\Program Files (x86)\Fitbit\fitbit.exe [Fitbit, Inc.]
Intel(R) Integrated Clock Controller Service - Intel(R) ICCS, ICCS, "C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe" [Intel Corporation]
Intel(R) PROSet Monitoring Service, Intel(R) PROSet Monitoring Service, C:\Windows\system32\IProsetMonitor.exe [Intel Corporation]
Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation]
MBAMService, MBAMService, "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [Malwarebytes Corporation]
Microsoft Antimalware Service, MsMpSvc, "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS]
Microsoft Office ClickToRun Service, ClickToRunSvc, "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service [MS]
TdmService, TdmService, "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe" [Wave Systems Corp.]
Wave Authentication Manager Service, Wave Authentication Manager Service, C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [Wave Systems Corp.]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
<<!>> MsMpSvc, Service
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> MsMpSvc, Service
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor4\Driver = CNBLM4.DLL [CANON INC.]
Canon BJ Language Monitor MG5500 series\Driver = CNMLMBU.DLL [CANON INC.]
Canon BJNP Port\Driver = CNMN6PPM.DLL [CANON INC.]
<<H>>: Suspicious data at a browser hijack point.
==== C:\zoek_backup content ======================
C:\zoek_backup (files=92 folders=46 31348068 bytes)
==== EOF on Fri 10/31/2014 at 17:28:03.80 ======================