"Silent Runners.vbs", revision 69, http://www.silentrunners.org/ Operating System: Microsoft Windows 7 Professional Service Pack 1 (64-bit) Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Spotify Web Helper = "C:\Users\Bobby\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [Spotify Ltd] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe TPHOTKEY = C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [Lenovo Group Limited] LENOVO.TPFNF6R = C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [Lenovo Group Limited] picon = "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup [null data] TpShocks = TpShocks.exe [Lenovo.] HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation] Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation] AcWin7Hlpr = C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [null data] Zune Launcher = "c:\Program Files\Zune\ZuneLauncher.exe" [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} PWMTRV = rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [MS] (Default) = (empty string) [file not found] GrooveMonitor = "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [MS] SignIn = "C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe" /autorun [null data] NapsterShell = C:\Program Files (x86)\Napster\napster.exe /systray [Napster] AVP = "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [Kaspersky Lab] RIMBBLaunchAgent.exe = C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [Research In Motion Limited] APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.] SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Sun Microsystems, Inc.] QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.] iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = IEVkbdBHO -> {HKLM…CLSID} = IEVkbdBHO Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll [Kaspersky Lab] -> {HKLM…Wow…CLSID} = IEVkbdBHO Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll [Kaspersky Lab] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM…CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM…Wow…CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM…CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [Sun Microsystems, Inc.] -> {HKLM…Wow…CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Sun Microsystems, Inc.] {E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = link filter bho -> {HKLM…CLSID} = FilterBHO Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll [Kaspersky Lab] -> {HKLM…Wow…CLSID} = FilterBHO Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll [Kaspersky Lab] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM…Wow…CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated] {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = IEVkbdBHO -> {HKLM…CLSID} = IEVkbdBHO Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll [Kaspersky Lab] -> {HKLM…Wow…CLSID} = IEVkbdBHO Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll [Kaspersky Lab] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre6\bin\ssv.dll [Sun Microsystems, Inc.] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM…CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM…Wow…CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {9FDDE16B-836F-4806-AB1F-1455CBEFF289}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = Windows Live Messenger Companion Helper \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [MS] {d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided) -> {HKLM…Wow…CLSID} = Bing Bar Helper \InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" [Microsoft Corporation.] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM…CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [Sun Microsystems, Inc.] -> {HKLM…Wow…CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Sun Microsystems, Inc.] {E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = link filter bho -> {HKLM…CLSID} = FilterBHO Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll [Kaspersky Lab] -> {HKLM…Wow…CLSID} = FilterBHO Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll [Kaspersky Lab] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU…CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\Bobby\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU…CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\Bobby\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU…CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\Bobby\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll [MS] KAVOverlayIcon\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ShellEx.dll [Kaspersky Lab] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU…Wow…CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\Bobby\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU…Wow…CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\Bobby\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU…Wow…CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\Bobby\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll [MS] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] KAVOverlayIcon\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5} -> {HKLM…Wow…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\shellex.dll [Kaspersky Lab] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Incorporated] {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension -> {HKLM…CLSID} = DisplayCplExt Class \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.] {5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension -> {HKLM…CLSID} = SimpleShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.] {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} = RXDCExtShlExt extension -> {HKLM…CLSID} = RXDCExtShlExt Class \InProcServer32\(Default) = C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [Sonic Solutions] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM…CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM…CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {FEB746CA-95C2-485F-B386-C30D4E56D22E} = Context Menu Shell Extension -> {HKLM…CLSID} = Context Menu Shell Extension \InProcServer32\(Default) = C:\Windows\SysWOW64\WSCM64.dll [file not found] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM…CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler -> {HKLM…Wow…CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office12\OLKFSTUB.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler -> {HKLM…Wow…CLSID} = Microsoft Office Outlook \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office12\MLSHEXT.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM…Wow…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM…Wow…CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM…Wow…CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM…Wow…CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM…Wow…CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM…Wow…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM…Wow…CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search -> {HKLM…Wow…CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office12\ONFILTER.DLL [MS] {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM…Wow…CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM…Wow…CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ <> AppInit_DLLs = C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll [file not found] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\ <> AppInit_DLLs = C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll [Kaspersky Lab] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <> (msoidssp [MS]) Security Packages = kerberos|msv1_0|schannel|wdigest|tspkg|pku2u|msoidssp|livessp HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {4DA7114C-DE47-43BF-A644-62876DCC2A72}\(Default) = MSOIDCredentialProvider -> {HKLM…CLSID} = MSOIDCredentialProvider \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDCREDPROV.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945} -> {HKLM…CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU…CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Bobby\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll [MS] -> {HKCU…Wow…CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Bobby\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ShellEx.dll [Kaspersky Lab] -> {HKLM…Wow…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\shellex.dll [Kaspersky Lab] RXDCExtSvr\(Default) = {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} -> {HKLM…CLSID} = RXDCExtShlExt Class \InProcServer32\(Default) = C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [Sonic Solutions] WondershareVideoConverterFileOpreation\(Default) = {FEB746CA-95C2-485F-B386-C30D4E56D22E} -> {HKLM…CLSID} = Context Menu Shell Extension \InProcServer32\(Default) = C:\Windows\SysWOW64\WSCM64.dll [file not found] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…Wow…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM…CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…Wow…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU…CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Bobby\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll [MS] -> {HKCU…Wow…CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Bobby\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…Wow…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU…CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Bobby\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll [MS] -> {HKCU…Wow…CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Bobby\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000} -> {HKLM…CLSID} = SimpleShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.] igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} -> {HKLM…CLSID} = GraphicsShellExt Class \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…Wow…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM…Wow…CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = {dd230880-495a-11d1-b064-008048ec2fc5} -> {HKLM…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ShellEx.dll [Kaspersky Lab] -> {HKLM…Wow…CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\shellex.dll [Kaspersky Lab] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM…CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] RXDCExtSvr\(Default) = {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} -> {HKLM…CLSID} = RXDCExtShlExt Class \InProcServer32\(Default) = C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [Sonic Solutions] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM…Wow…CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ ClearRecentDocsOnExit = (REG_DWORD) dword:0x00000001 {unrecognized setting} NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ disableregistrytools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Windows\System\ disablecmd = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to the command prompt} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] iviWinDVD8CDAUDIOEventHandler\ Provider = InterVideo WinDVD 8 InvokeProgID = ivi.WinDVD8MediaFile InvokeVerb = play HKLM\SOFTWARE\Classes\ivi.WinDVD8MediaFile\shell\play\command\(Default) = "C:\Program Files (x86)\InterVideo\DVD8\WinDVD.exe" %1 [InterVideo Inc.] iviWinDVD8DVDEventHandler\ Provider = InterVideo WinDVD 8 InvokeProgID = ivi.WinDVD8MediaFile InvokeVerb = play HKLM\SOFTWARE\Classes\ivi.WinDVD8MediaFile\shell\play\command\(Default) = "C:\Program Files (x86)\InterVideo\DVD8\WinDVD.exe" %1 [InterVideo Inc.] iviWinDVD8SuperVideoCDHandler\ Provider = InterVideo WinDVD 8 InvokeProgID = ivi.WinDVD8MediaFile InvokeVerb = play HKLM\SOFTWARE\Classes\ivi.WinDVD8MediaFile\shell\play\command\(Default) = "C:\Program Files (x86)\InterVideo\DVD8\WinDVD.exe" %1 [InterVideo Inc.] iviWinDVD8VideoCDHandler\ Provider = InterVideo WinDVD 8 InvokeProgID = ivi.WinDVD8MediaFile InvokeVerb = play HKLM\SOFTWARE\Classes\ivi.WinDVD8MediaFile\shell\play\command\(Default) = "C:\Program Files (x86)\InterVideo\DVD8\WinDVD.exe" %1 [InterVideo Inc.] iviWinDVD8VideoFilesHandler\ Provider = InterVideo WinDVD 8 InvokeProgID = ivi.WinDVD8MediaFile InvokeVerb = play HKLM\SOFTWARE\Classes\ivi.WinDVD8MediaFile\shell\play\command\(Default) = "C:\Program Files (x86)\InterVideo\DVD8\WinDVD.exe" %1 [InterVideo Inc.] MediaCapture10Music\ Provider = Media Import InvokeProgID = RoxioMediaCapture10 InvokeVerb = Audio HKLM\SOFTWARE\Classes\RoxioMediaCapture10\shell\Audio\command\(Default) = C:\Program Files (x86)\Roxio\Media Import 10\MediaCapture10.exe -audio %L [Sonic Solutions] MediaCapture10Photos\ Provider = Media Import InvokeProgID = RoxioMediaCapture10 InvokeVerb = Photo HKLM\SOFTWARE\Classes\RoxioMediaCapture10\shell\Photo\command\(Default) = C:\Program Files (x86)\Roxio\Media Import 10\MediaCapture10.exe -photo %L [Sonic Solutions] MediaCapture10VideoCamera\ Provider = Media Import ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\Program Files (x86)\Roxio\Media Import 10\MediaCapture10.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM…CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] MediaCapture10Videos\ Provider = Media Import InvokeProgID = RoxioMediaCapture10 InvokeVerb = Video HKLM\SOFTWARE\Classes\RoxioMediaCapture10\shell\Video\command\(Default) = C:\Program Files (x86)\Roxio\Media Import 10\MediaCapture10.exe -video %L [Sonic Solutions] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] NapsterMTPHandler\ Provider = @C:\Program Files (x86)\Napster\napster.exe,-101 ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files (x86)\Napster\napster.exe" /devicesync HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM…CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] NapsterPlayCDHandler\ Provider = @C:\Program Files (x86)\Napster\napster.exe,-101 InvokeProgID = Napster.AutoplayHandler InvokeVerb = open HKLM\SOFTWARE\Classes\Napster.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files (x86)\Napster\napster.exe" /playcd "%L" [Napster] RhapsodyCDBurningOnArrival\ Provider = Rhapsody InvokeProgID = Rhapsody.CDBurn.3 InvokeVerb = open HKLM\SOFTWARE\Classes\Rhapsody.CDBurn.3\shell\open\command\(Default) = C:\PROGRA~2\Rhapsody\\rhapsody.exe /burn "%1" [Rhapsody International Inc.] RhapsodyMusicDevice\ Provider = Rhapsody InvokeProgID = Rhapsody.MusicDevice.3 InvokeVerb = open HKLM\SOFTWARE\Classes\Rhapsody.MusicDevice.3\shell\open\command\(Default) = C:\PROGRA~2\Rhapsody\\rhapsody.exe /device: "%1" [Rhapsody International Inc.] RhapsodyPlayCDAudioOnArrival\ Provider = Rhapsody InvokeProgID = Rhapsody.AudioCD.3 InvokeVerb = play HKLM\SOFTWARE\Classes\Rhapsody.AudioCD.3\shell\play\command\(Default) = C:\PROGRA~2\Rhapsody\\rhapsody.exe /play "%1" [Rhapsody International Inc.] RhapsodyRipCDAudioOnArrival\ Provider = Rhapsody InvokeProgID = Rhapsody.AudioCDRip.3 InvokeVerb = rip HKLM\SOFTWARE\Classes\Rhapsody.AudioCDRip.3\shell\rip\command\(Default) = C:\PROGRA~2\Rhapsody\\rhapsody.exe /rip "%1" [Rhapsody International Inc.] RoxioSCAudioCDTask36\ Provider = Roxio Central Audio InvokeProgID = Roxio.RoxioCentral36 InvokeVerb = AudioCDTask HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\AudioCDTask\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {1DF24BC5-8E7F-4D41-AF7B-1EAAF8CE889B} [null data] RoxioSCCopyCD36\ Provider = Roxio Central Copy InvokeProgID = Roxio.RoxioCentral36 InvokeVerb = ExactCopyJob HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\ExactCopyJob\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {D7B34115-CCC3-4508-BAC4-02A111F4DB4D} [null data] RoxioSCCopyDisc36\ Provider = Roxio Central Copy InvokeProgID = Roxio.RoxioCentral36 InvokeVerb = ExactCopyJob HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\ExactCopyJob\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {D7B34115-CCC3-4508-BAC4-02A111F4DB4D} [null data] RoxioSCDataProject36\ Provider = Roxio Central Data InvokeProgID = Roxio.RoxioCentral36 InvokeVerb = DataGuide HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\DataGuide\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch Data [null data] RoxioSCDataTask36\ Provider = Roxio Central Data InvokeProgID = Roxio.RoxioCentral36 InvokeVerb = DataTask HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\DataTask\Command\(Default) = "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {85B64A0F-9111-4A55-8B5A-59343EE1EE8B} [null data] ZunePlayCDAudioOnArrival\ Provider = @c:\Program Files\Zune\ZuneResources.dll,-603 InvokeProgID = Microsoft.Zune.2.AudioCD InvokeVerb = Play HKLM\SOFTWARE\Classes\Microsoft.Zune.2.AudioCD\shell\Play\Command\(Default) = "c:\Program Files\Zune\Zune.exe" /PlayCD:"%L" [MS] ZunePlayMediaOnArrival\ Provider = @c:\Program Files\Zune\ZuneResources.dll,-603 InvokeProgID = Microsoft.Zune.2.PlayMedia InvokeVerb = Play HKLM\SOFTWARE\Classes\Microsoft.Zune.2.PlayMedia\shell\Play\Command\(Default) = "c:\Program Files\Zune\Zune.exe" /PlayMedia:"%L" [MS] ZuneRipCDAudioOnArrival\ Provider = @c:\Program Files\Zune\ZuneResources.dll,-603 InvokeProgID = Microsoft.Zune.2.RipCD InvokeVerb = Rip HKLM\SOFTWARE\Classes\Microsoft.Zune.2.RipCD\shell\Rip\Command\(Default) = "c:\Program Files\Zune\Zune.exe" /RipCD:"%L" [MS] Startup items in "Bobby" & "All Users" startup folders: ------------------------------------------------------- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++} Moveslink for Movestick Mini -> shortcut to: C:\Windows\Installer\{4D036ACA-DFDF-41B2-A680-E0D736F3E947}\_22A9010B636AF7A61D8E03.exe /AutoStart [null data] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] DiskUpdate -> launches: C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [null data] JavaUpdateSched -> launches: %WINDIR%\SysWOW64\jusched.exe [file not found] PCDoctorBackgroundMonitorTask -> launches: C:\Program Files\PC-Doctor\pcdr5cuiw32.exe -backgroundmon scripts\backgroundmon.xml -st PCDoctorBackgroundMonitorTask [null data] Playtopus Updater -> launches: C:\Windows\SysWOW64\rundll32.exe C:\Users\Bobby\AppData\Local\PLAYTO~1\Updater.dll,ProcessRequest [MS] PMTask -> launches: C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe [Lenovo Group Limited] SystemToolsDailyTest -> launches: C:\Program Files\PC-Doctor\pcdr5cuiw32.exe -silentenumeration [null data] {13BE27F3-A817-42F7-9AFC-90DF90AF6416} -> launches: C:\Program Files (x86)\Cisco Systems\VPN Client\ipsecdialer.exe [Cisco Systems, Inc.] {8ABCD926-18A6-4CF5-BCD3-66E2C8788CF1} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Bobby\Downloads\ZuneSetupPkg-x86.exe -d C:\Users\Bobby\Downloads [MS] {93B670D2-AF24-44C8-AE27-A8240BE1FD05} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Rhapsody\WiseUpd2.exe" [MS] {9DBE7CF0-6C0E-4C25-B179-BF73B6A09AD4} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Bobby\AppData\Local\Babylon\Setup\Setup.exe -d C:\Users\Bobby\AppData\Local\Babylon\Setup\ -c "C:\Users\Bobby\AppData\Local\Temp\C2B8B6C9-BAB0-7891-B5DC-9C4EE228B5F2\Setup.exe" /aflt=babsst /babTrack="affID=107695" /srcExt=ss /instlRef=sst /S /mnt -rc [MS] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM…CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM…CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM…CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM…CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM…Wow…CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM…CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM…Wow…CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM…CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM…CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM…CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM…CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM…CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM…CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM…Wow…CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM…CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM…Wow…CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows Defender MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM…Wow…CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\TVT ChangePWD -> launches: %RR%\rrcmd.exe test [Lenovo Limited Group Corporation] LaunchRnR -> launches: %RR%\rrcmd.exe BACKUP location=L name="Scheduled" scheduled [Lenovo Limited Group Corporation] UpdateRnR -> launches: %TVTCOMMON%\Scheduler\tvtsetsched.exe rnrupdate [null data] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-677306797-942110887-989636544-1003 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000007\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000008\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.] 000000000009\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000010\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000007\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000008\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] 000000000009\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000010\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {8DCB7100-DF86-4384-8842-8FA844297B3F} = Bing -> {HKLM…Wow…CLSID} = Bing Bar \InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" [Microsoft Corporation.] Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{4086155B-7245-4538-9C82-F9983ECFC4A4}\(Default) = Lenovo ThinkVantage Toolbox Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = mscoree.dll [MS] HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {4248FE82-7FCB-46AC-B270-339F08212110}\ ButtonText = &Virtual Keyboard CLSIDExtension = {4248FE82-7FCB-46AC-B270-339F08212110} -> {HKLM…CLSID} = VirtualKeyboardButtonHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll [Kaspersky Lab] {CCF151D8-D089-449F-A5A4-D9909053F20F}\ ButtonText = URLs c&heck CLSIDExtension = {CCF151D8-D089-449F-A5A4-D9909053F20F} -> {HKLM…CLSID} = FilterButtonHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll [Kaspersky Lab] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {0000036B-C524-4050-81A0-243669A86B9F}\ ButtonText = @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 CLSIDExtension = {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} -> {HKLM…Wow…CLSID} = Windows Live Messenger Companion Command Bar Button \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [MS] {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM…Wow…CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Send to OneNote MenuText = S&end to OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM…Wow…CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll [MS] {4248FE82-7FCB-46AC-B270-339F08212110}\ ButtonText = &Virtual Keyboard CLSIDExtension = {4248FE82-7FCB-46AC-B270-339F08212110} -> {HKLM…Wow…CLSID} = VirtualKeyboardButtonHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll [Kaspersky Lab] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Research BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM…Wow…CLSID} = &Research \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL [MS] {CCF151D8-D089-449F-A5A4-D9909053F20F}\ ButtonText = URLs c&heck CLSIDExtension = {CCF151D8-D089-449F-A5A4-D9909053F20F} -> {HKLM…Wow…CLSID} = FilterButtonHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll [Kaspersky Lab] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AcPrfMgrSvc, AcPrfMgrSvc, C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe [Lenovo] AcSvc, AcSvc, C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe [Lenovo] AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD] Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] BBUpdate, BBUpdate, "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [MS] Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] Business Contact Manager SQL Server Startup Service, BcmSqlStartupSvc, "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [MS] Cisco Systems, Inc. VPN Service, CVPND, "C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe" [Cisco Systems, Inc.] CryptoStorage control service, CSObjectsSrv, "C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe" [Infowatch] HsfXAudioService, HsfXAudioService, C:\Windows\system32\svchost.exe -k HsfXAudioService {C:\Windows\SysWOW64\XAudio64.dll [Conexant Systems, Inc.]} Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\AMT\LMS.exe [Intel Corporation] Intel(R) Management and Security Application User Notification Service, UNS, C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [Intel Corporation] Intel(R) PROSet/Wireless Event Log, EvtEng, C:\Program Files\Intel\WiFi\bin\EvtEng.exe [Intel(R) Corporation] Intel(R) PROSet/Wireless Registry Service, RegSrvc, C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [Intel(R) Corporation] iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.] IviRegMgr, IviRegMgr, "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [InterVideo] Kaspersky PURE, AVP, "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" -r [Kaspersky Lab] Microsoft Online Services Sign-in Assistant, msoidsvc, "C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE" [MS] On Screen Display, TPHKSVC, C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [Lenovo Group Limited] RosettaStoneDaemon, RosettaStoneDaemon, "C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe" [Rosetta Stone Ltd.] SQL Server Browser, SQLBrowser, "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [MS] SQL Server VSS Writer, SQLWriter, "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [MS] System Update, SUService, "c:\Program Files (x86)\Lenovo\System Update\SUService.exe" [null data] ThinkPad PM Service, IBMPMSVC, C:\Windows\system32\ibmpmsvc.exe [Lenovo] ThinkVantage Registry Monitor Service, ThinkVantage Registry Monitor Service, "C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe" [Lenovo Group Limited] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ BJ Language Monitor4\Driver = CNBLM4.DLL [CANON INC.] PrimoMon\Driver = Primomonnt.dll [null data] ---------- (launch time: 2013-03-18 15:56:00) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 248 seconds. ---------- (total run time: 311 seconds)