1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
359.
360.
361.
362.
363.
364.
365.
366.
367.
368.
369.
370.
371.
372.
373.
374.
375.
376.
377.
378.
379.
380.
381.
382.
383.
384.
385.
386.
387.
388.
389.
390.
391.
392.
393.
394.
395.
396.
397.
398.
399.
400.
401.
402.
403.
404.
405.
406.
407.
408.
409.
410.
411.
412.
413.
414.
415.
416.
417.
418.
419.
420.
421.
422.
423.
424.
425.
426.
427.
428.
429.
430.
431.
432.
433.
434.
435.
436.
437.
438.
439.
440.
441.
442.
443.
444.
445.
446.
447.
448.
449.
450.
451.
452.
453.
454.
455.
456.
457.
458.
459.
460.
461.
462.
463.
464.
465.
466.
467.
468.
469.
470.
471.
472.
473.
474.
475.
476.
477.
478.
479.
480.
481.
482.
483.
484.
485.
486.
487.
488.
489.
490.
491.
492.
493.
494.
495.
496.
497.
498.
499.
500.
501.
502.
503.
504.
505.
506.
507.
508.
509.
510.
511.
512.
513.
514.
515.
516.
517.
518.
519.
520.
521.
522.
523.
524.
525.
526.
527.
528.
529.
530.
531.
532.
533.
534.
535.
536.
537.
538.
539.
540.
541.
542.
543.
544.
545.
546.
547.
548.
549.
550.
551.
552.
553.
554.
555.
556.
557.
558.
559.
560.
561.
562.
563.
564.
565.
566.
567.
568.
569.
570.
571.
572.
573.
574.
575.
576.
577.
578.
579.
580.
581.
582.
583.
584.
585.
586.
587.
588.
589.
590.
591.
592.
593.
594.
595.
596.
597.
598.
599.
600.
601.
602.
603.
604.
605.
606.
607.
608.
609.
610.
611.
612.
613.
614.
615.
616.
617.
618.
619.
620.
621.
622.
623.
624.
625.
626.
627.
628.
629.
630.
631.
632.
633.
634.
635.
636.
637.
638.
639.
640.
641.
642.
643.
644.
645.
646.
647.
648.
649.
650.
651.
652.
653.
654.
655.
656.
657.
658.
659.
660.
661.
662.
663.
664.
665.
666.
667.
668.
669.
670.
671.
672.
673.
674.
675.
676.
677.
678.
679.
680.
681.
682.
683.
684.
685.
686.
687.
688.
689.
690.
691.
692.
693.
694.
695.
696.
697.
698.
699.
700.
701.
702.
703.
704.
705.
706.
707.
708.
709.
710.
711.
712.
713.
714.
715.
716.
717.
718.
719.
720.
721.
722.
723.
724.
725.
726.
727.
728.
729.
730.
731.
732.
733.
734.
735.
736.
737.
738.
739.
740.
741.
742.
743.
744.
745.
746.
747.
748.
749.
750.
751.
752.
753.
754.
755.
756.
757.
758.
759.
760.
761.
762.
763.
764.
765.
766.
767.
768.
769.
770.
771.
772.
773.
774.
775.
776.
777.
778.
779.
780.
781.
782.
783.
784.
785.
786.
787.
788.
789.
790.
791.
792.
793.
794.
795.
796.
797.
798.
799.
800.
801.
802.
803.
804.
805.
806.
807.
808.
809.
810.
811.
812.
813.
814.
815.
816.
817.
818.
819.
820.
821.
822.
823.
824.
825.
826.
827.
828.
829.
830.
831.
832.
833.
834.
835.
836.
837.
838.
839.
840.
841.
842.
843.
844.
845.
846.
847.
848.
849.
850.
851.
852.
853.
854.
855.
856.
857.
858.
859.
860.
861.
862.
863.
864.
865.
866.
867.
868.
869.
870.
871.
872.
873.
874.
875.
876.
877.
878.
879.
880.
881.
882.
883.
884.
885.
886.
887.
888.
889.
890.
891.
892.
893.
894.
895.
896.
897.
898.
899.
900.
901.
902.
903.
904.
905.
906.
907.
908.
909.
910.
911.
912.
913.
914.
915.
916.
917.
918.
919.
920.
921.
922.
923.
924.
925.
926.
927.
928.
929.
930.
931.
932.
933.
934.
935.
936.
937.
938.
939.
940.
941.
942.
943.
944.
945.
946.
947.
948.
949.
950.
951.
952.
953.
954.
955.
956.
957.
958.
959.
960.
961.
962.
963.
964.
965.
966.
967.
968.
969.
970.
971.
972.
973.
974.
975.
976.
977.
978.
979.
980.
981.
982.
983.
984.
985.
986.
987.
988.
989.
990.
991.
992.
993.
994.
995.
996.
997.
998.
999.
1000.
1001.
1002.
1003.
1004.
1005.
1006.
1007.
1008.
1009.
1010.
1011.
1012.
1013.
1014.
1015.
1016.
1017.
1018.
1019.
1020.
1021.
1022.
1023.
1024.
1025.
1026.
1027.
1028.
1029.
1030.
1031.
1032.
1033.
1034.
1035.
1036.
1037.
1038.
1039.
1040.
1041.
1042.
1043.
1044.
1045.
1046.
1047.
1048.
1049.
1050.
1051.
1052.
1053.
1054.
1055.
1056.
1057.
1058.
1059.
1060.
1061.
1062.
1063.
1064.
1065.
1066.
1067.
1068.
1069.
1070.
1071.
1072.
1073.
1074.
1075.
1076.
1077.
1078.
1079.
1080.
1081.
1082.
1083.
1084.
1085.
1086.
1087.
1088.
1089.
1090.
1091.
1092.
1093.
1094.
1095.
1096.
1097.
1098.
1099.
1100.
1101.
1102.
1103.
1104.
1105.
1106.
1107.
1108.
1109.
1110.
1111.
1112.
1113.
1114.
1115.
1116.
1117.
1118.
1119.
1120.
1121.
1122.
1123.
1124.
1125.
1126.
1127.
1128.
1129.
1130.
1131.
1132.
1133.
1134.
1135.
1136.
1137.
1138.
1139.
1140.
1141.
1142.
1143.
1144.
1145.
1146.
1147.
1148.
1149.
1150.
1151.
1152.
1153.
1154.
1155.
1156.
1157.
1158.
1159.
1160.
1161.
1162.
1163.
1164.
1165.
1166.
1167.
1168.
1169.
1170.
1171.
1172.
1173.
1174.
1175.
1176.
1177.
1178.
1179.
1180.
1181.
1182.
1183.
1184.
1185.
1186.
1187.
1188.
1189.
1190.
1191.
1192.
1193.
1194.
1195.
1196.
1197.
1198.
1199.
1200.
1201.
1202.
1203.
1204.
1205.
1206.
1207.
1208.
1209.
1210.
1211.
1212.
1213.
1214.
1215.
1216.
1217.
1218.
1219.
1220.
1221.
1222.
1223.
1224.
1225.
1226.
1227.
1228.
1229.
1230.
1231.
1232.
1233.
1234.
1235.
1236.
1237.
1238.
1239.
1240.
1241.
1242.
1243.
1244.
1245.
1246.
1247.
1248.
1249.
1250.
1251.
1252.
1253.
1254.
1255.
1256.
1257.
1258.
1259.
1260.
1261.
1262.
1263.
1264.
1265.
1266.
1267.
1268.
1269.
1270.
1271.
1272.
1273.
1274.
1275.
1276.
1277.
1278.
1279.
1280.
1281.
1282.
1283.
1284.
1285.
1286.
1287.
1288.
1289.
1290.
1291.
1292.
1293.
1294.
1295.
1296.
1297.
1298.
1299.
1300.
1301.
1302.
1303.
1304.
1305.
1306.
1307.
1308.
1309.
1310.
1311.
1312.
1313.
1314.
1315.
1316.
1317.
1318.
1319.
1320.
1321.
1322.
1323.
1324.
1325.
1326.
1327.
1328.
1329.
1330.
1331.
1332.
1333.
1334.
1335.
1336.
1337.
1338.
1339.
1340.
1341.
1342.
1343.
1344.
1345.
1346.
1347.
1348.
1349.
1350.
1351.
1352.
1353.
1354.
1355.
1356.
1357.
1358.
1359.
1360.
1361.
1362.
1363.
1364.
1365.
1366.
1367.
1368.
1369.
1370.
1371.
1372.
1373.
1374.
1375.
1376.
1377.
1378.
1379.
1380.
1381.
1382.
1383.
1384.
1385.
1386.
1387.
1388.
1389.
1390.
1391.
1392.
1393.
1394.
1395.
1396.
1397.
1398.
1399.
1400.
1401.
1402.
1403.
1404.
1405.
1406.
1407.
1408.
1409.
1410.
1411.
1412.
1413.
1414.
1415.
1416.
1417.
1418.
1419.
1420.
1421.
1422.
1423.
1424.
1425.
1426.
1427.
1428.
1429.
1430.
1431.
1432.
1433.
1434.
1435.
1436.
1437.
1438.
1439.
1440.
1441.
1442.
1443.
1444.
1445. | "Silent Runners.vbs", revision 72, http://www.silentrunners.org/
Operating System: Microsoft Windows 10 Pro (64-bit), Version 1903
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
OneDrive = "C:\Users\daw\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [MS]
WTFast Tray = "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly [null data]
CCleaner Smart Cleaning = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [Piriform Software Ltd]
ExpressVPN4 = C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
SecurityHealth = C:\WINDOWS\system32\SecurityHealthSystray.exe
jv16 PT (System Startup Check) = "C:\Program Files (x86)\jv16 PowerTools\jv16pt_PreWorker2.exe" /SysStartupCheck /PT:"C:\Program Files (x86)\jv16 PowerTools\" [null data]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
IAStorIcon = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [Intel Corporation]
OnScreen Control = C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreenStartUpApp.exe [TODO: <Company name>]
Live Update = C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER [Micro-Star INT'L CO., LTD.]
MSIRegister = "C:\MSI\MSIRegister\MSIRegister.exe" [null data]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]
Aimersoft Helper Compact.exe = C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [AimerSoft]
ExpressVPNNotificationService = "C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe" [ExpressVPN]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Skype for Business Click to Call BHO
-> {HKLM...CLSID} = Skype for Business Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS]
-> {HKLM...Wow...CLSID} = Skype for Business Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [Oracle Corporation]
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
-> {HKLM...Wow...CLSID} =
\InProcServer32\(Default) = [file not found]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [Oracle Corporation]
{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}\(Default) = ScriptInjectionPluginBrowserHelperObject
-> {HKLM...CLSID} = Kaspersky Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [AO Kaspersky Lab]
-> {HKLM...Wow...CLSID} = Kaspersky Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [AO Kaspersky Lab]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Lync Click to Call BHO
-> {HKLM...CLSID} = Skype for Business Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS]
-> {HKLM...Wow...CLSID} = Skype for Business Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [MS]
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
-> {HKLM...Wow...CLSID} =
\InProcServer32\(Default) = [file not found]
{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}\(Default) = ScriptInjectionPluginBrowserHelperObject
-> {HKLM...CLSID} = Kaspersky Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [AO Kaspersky Lab]
-> {HKLM...Wow...CLSID} = Kaspersky Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [AO Kaspersky Lab]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
GoogleDriveBlacklisted\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}
-> {HKLM...CLSID} = Google Drive Shell extension
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GoogleDriveSynced\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}
-> {HKLM...CLSID} = Google Drive Shell extension
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GoogleDriveSyncing\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}
-> {HKLM...CLSID} = Google Drive Shell extension
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
OneDrive6\(Default) = {9AA2F32D-362A-42D9-9328-24A483E2CCC3}
-> {HKCU...CLSID} = ReadOnlyOverlayHandler Class
\InProcServer32\(Default) = C:\Users\daw\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll [MS]
OneDrive7\(Default) = {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}
-> {HKCU...CLSID} = UpToDateUnpinnedOverlayHandler Class
\InProcServer32\(Default) = C:\Users\daw\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll [MS]
SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7}
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
GGDriveOverlay1\(Default) = {E68D0A50-3C40-4712-B90D-DCFA93FF2534}
-> {HKLM...CLSID} = GGDriveOverlay1 Class
\InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
GGDriveOverlay2\(Default) = {E68D0A51-3C40-4712-B90D-DCFA93FF2534}
-> {HKLM...CLSID} = GGDriveOverlay2 Class
\InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
GGDriveOverlay3\(Default) = {E68D0A52-3C40-4712-B90D-DCFA93FF2534}
-> {HKLM...CLSID} = GGDriveOverlay3 Class
\InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
GGDriveOverlay4\(Default) = {E68D0A53-3C40-4712-B90D-DCFA93FF2534}
-> {HKLM...CLSID} = GGDriveOverlay4 Class
\InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
OneDrive6\(Default) = {9AA2F32D-362A-42D9-9328-24A483E2CCC3}
-> {HKCU...Wow...CLSID} = ReadOnlyOverlayHandler Class
\InProcServer32\(Default) = C:\Users\daw\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\FileSyncShell.dll [MS]
OneDrive7\(Default) = {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}
-> {HKCU...Wow...CLSID} = UpToDateUnpinnedOverlayHandler Class
\InProcServer32\(Default) = C:\Users\daw\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\FileSyncShell.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\
{578480AA-1B1C-4343-AABD-62C0A273DCB5}
-> {HKLM...CLSID} = Cloud Cache Invalidator SSO
\InProcServer32\(Default) = C:\Windows\System32\Windows.CloudStore.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Windows Defender\shellext.dll [MS]
{B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
{8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
{CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper
-> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM...CLSID} = Outlook File Icon Extension
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OLKFSTUB.DLL [MS]
{E68D0A50-3C40-4712-B90D-DCFA93FF2534} = GGDriveOverlay1
-> {HKLM...CLSID} = GGDriveOverlay1 Class
\InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
{E68D0A51-3C40-4712-B90D-DCFA93FF2534} = GGDriveOverlay2
-> {HKLM...CLSID} = GGDriveOverlay2 Class
\InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
{E68D0A52-3C40-4712-B90D-DCFA93FF2534} = GGDriveOverlay3
-> {HKLM...CLSID} = GGDriveOverlay3 Class
\InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
{E68D0A53-3C40-4712-B90D-DCFA93FF2534} = GGDriveOverlay4
-> {HKLM...CLSID} = GGDriveOverlay4 Class
\InProcServer32\(Default) = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [GG Network S.A.]
{AD392E40-428C-459F-961E-9B147782D099} = UltraISO
-> {HKLM...CLSID} = UIContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\UltraISO\isoshl64.dll [EZB Systems, Inc.]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\msohevi.dll [MS]
{B28AA736-876B-46DA-B3A8-84C5E30BA492} = Witryny sieci Web
-> {HKLM...CLSID} = Witryny sieci Web
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\WXPNSE.DLL [MS]
{755D388B-420B-4692-A974-84AAF0E577D3} = Scan with Kaspersky Anti-Virus
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [AO Kaspersky Lab]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL [MS]
{E3956DCF-D1C7-4375-AAAA-22FF8191C479} = Microsoft Access Metadata Handler
-> {HKLM...CLSID} = Microsoft Access Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
{33154C99-BF49-443D-A73C-303A23ABBE97} = Microsoft Excel Metadata Handler
-> {HKLM...CLSID} = Microsoft Excel Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
{01BE4CFB-129A-452B-A209-F9D40B3B84A5} = Microsoft PowerPoint Metadata Handler
-> {HKLM...CLSID} = Microsoft PowerPoint Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
{5383EF74-273B-4278-AB0C-CDAA9FD5369E} = Microsoft Visio Metadata Handler
-> {HKLM...CLSID} = Microsoft Visio Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} = Microsoft Word Metadata Handler
-> {HKLM...CLSID} = Microsoft Word Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Access Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Access Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
{72B66649-3DBF-429F-BD6F-7774A9784B78} = Microsoft Excel Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Excel Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
{35C5242B-7455-4F9C-962B-369EA43ED6F3} = Microsoft PowerPoint Thumbnail Handler
-> {HKLM...CLSID} = Microsoft PowerPoint Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482} = Microsoft Visio Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Visio Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
{355822FC-86F1-4BE8-B5F0-A33736789641} = Microsoft Word Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Word Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL [MS]
{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
-> {HKLM...CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files\AMD\CNext\CNext\atiacm64.dll [Advanced Micro Devices, Inc.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{DB19096C-5365-4164-A246-59FEFF9D8062} = Nameext
-> {HKLM...Wow...CLSID} = Projekty w przedsiębiorstwie
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\NAMEEXT.DLL [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OLKFSTUB.DLL [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS]
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{755D388B-420B-4692-A974-84AAF0E577D3} = Scan with Kaspersky Anti-Virus
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\shellex.dll [AO Kaspersky Lab]
{E3956DCF-D1C7-4375-AAAA-22FF8191C479} = Microsoft Access Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Access Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
{33154C99-BF49-443D-A73C-303A23ABBE97} = Microsoft Excel Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Excel Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
{01BE4CFB-129A-452B-A209-F9D40B3B84A5} = Microsoft PowerPoint Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft PowerPoint Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
{5383EF74-273B-4278-AB0C-CDAA9FD5369E} = Microsoft Visio Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Visio Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} = Microsoft Word Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Word Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Access Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Access Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
{72B66649-3DBF-429F-BD6F-7774A9784B78} = Microsoft Excel Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Excel Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
{35C5242B-7455-4F9C-962B-369EA43ED6F3} = Microsoft PowerPoint Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft PowerPoint Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482} = Microsoft Visio Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Visio Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
{355822FC-86F1-4BE8-B5F0-A33736789641} = Microsoft Word Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Word Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{C5D7540A-CD51-453B-B22B-05305BA03F07}\(Default) = Cloud Experience Credential Provider
-> {HKLM...CLSID} = Cloud Experience Credential Provider
\InProcServer32\(Default) = C:\Windows\System32\cxcredprov.dll [MS]
{F8A1793B-7873-4046-B2A7-1F318747F427}\(Default) = FIDO Credential Provider
-> {HKLM...CLSID} = FIDO Credential Provider
\InProcServer32\(Default) = C:\WINDOWS\system32\fidocredprov.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\
{6cfb9c5c-138e-4bb3-8a3d-d5383e910e57}\DllName = C:\WINDOWS\System32\RdpGroupPolicyExtension.dll [file not found]
{CFF649BD-601D-4361-AD3D-0FC365DB4DB7}\DllName = C:\WINDOWS\system32\domgmt.dll [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = {807583E5-5146-11D5-A672-00B0D022E945}
-> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}
-> {HKLM...CLSID} = HxProtocol Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS]
<<!>> mso-minsb-roaming.16\CLSID = {83C25742-A9F7-49FB-9138-434302C88D07}
-> {HKLM...CLSID} = Min Sandbox Protocol Roaming Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [MS]
<<!>> mso-minsb.16\CLSID = {42089D2D-912D-4018-9087-2B87803E93FB}
-> {HKLM...CLSID} = Min Sandbox Protocol Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [MS]
<<!>> osf\CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1}
-> {HKLM...CLSID} = Protocol Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [MS]
<<!>> osf-roaming.16\CLSID = {42089D2D-912D-4018-9087-2B87803E93FB}
-> {HKLM...CLSID} = Min Sandbox Protocol Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [MS]
<<!>> osf.16\CLSID = {5504BE45-A83B-4808-900A-3A5C36E7F77A}
-> {HKLM...CLSID} = Protocol Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [MS]
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
GGDriveMenu\(Default) = {E68D0A55-3C40-4712-B90D-DCFA93FF2534}
-> {HKCU...CLSID} = GGDriveMenu Class
\InProcServer32\(Default) = C:\Users\daw\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll [GG Network S.A.]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6}
-> {HKLM...CLSID} = GDContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google]
Kaspersky Anti-Virus 19.0.0\(Default) = {755D388B-420B-4692-A974-84AAF0E577D3}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [AO Kaspersky Lab]
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\shellex.dll [AO Kaspersky Lab]
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...Wow...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [Malwarebytes]
HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\
GGDriveMenu\(Default) = {E68D0A55-3C40-4712-B90D-DCFA93FF2534}
-> {HKCU...CLSID} = GGDriveMenu Class
\InProcServer32\(Default) = C:\Users\daw\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll [GG Network S.A.]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6}
-> {HKLM...CLSID} = GDContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google]
Kaspersky Anti-Virus 19.0.0\(Default) = {755D388B-420B-4692-A974-84AAF0E577D3}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [AO Kaspersky Lab]
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\shellex.dll [AO Kaspersky Lab]
UltraISO\(Default) = {AD392E40-428C-459F-961E-9B147782D099}
-> {HKLM...CLSID} = UIContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\UltraISO\isoshl64.dll [EZB Systems, Inc.]
HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
GGDriveMenu\(Default) = {E68D0A55-3C40-4712-B90D-DCFA93FF2534}
-> {HKCU...CLSID} = GGDriveMenu Class
\InProcServer32\(Default) = C:\Users\daw\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll [GG Network S.A.]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
-> {HKLM...CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files\AMD\CNext\CNext\atiacm64.dll [Advanced Micro Devices, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...Wow...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus 19.0.0\(Default) = {755D388B-420B-4692-A974-84AAF0E577D3}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [AO Kaspersky Lab]
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\shellex.dll [AO Kaspersky Lab]
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [Malwarebytes]
UltraISO\(Default) = {AD392E40-428C-459F-961E-9B147782D099}
-> {HKLM...CLSID} = UIContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\UltraISO\isoshl64.dll [EZB Systems, Inc.]
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...Wow...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...Wow...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveAutoRun- = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDriveAutoRun- = (REG_DWORD) dword:0x00000000
{unrecognized setting}
NoDriveTypeAutoRun- = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
DSCAutomationHostEnabled = (REG_DWORD) dword:0x00000002
{Computer Configuration|UNDOCUMENTED!|
Value of "2" present by default in W10 v1607 (Anniversary Update)}
EnableCursorSuppression = (REG_DWORD) dword:0x00000001
{Computer Configuration|UNDOCUMENTED!|
Value of "1" present by default in W10 v1607 (Anniversary Update)}
EnableFullTrustStartupTasks = (REG_DWORD) dword:0x00000002
{Computer Configuration|UNDOCUMENTED!|
Value of "2" present by default in W10 v1709 (Fall Creators Update)}
EnableUwpStartupTasks = (REG_DWORD) dword:0x00000002
{Computer Configuration|UNDOCUMENTED!|
Value of "2" present by default in W10 v1709 (Fall Creators Update)}
SupportFullTrustStartupTasks = (REG_DWORD) dword:0x00000001
{Computer Configuration|UNDOCUMENTED!|
Value of "1" present by default in W10 v1709 (Fall Creators Update)}
SupportUwpStartupTasks = (REG_DWORD) dword:0x00000001
{Computer Configuration|UNDOCUMENTED!|
Value of "1" present by default in W10 v1709 (Fall Creators Update)}
SoftwareSASGeneration = (REG_DWORD) dword:0x00000001
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\Users\daw\Desktop\OTL.scr [OldTimer Tools]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
AstroburnLiteBurnDisc\
Provider = Astroburn Lite
InvokeProgID = AstroburnLiteBurnDisc
InvokeVerb = BurnDisc
HKLM\SOFTWARE\Classes\AstroburnLiteBurnDisc\shell\BurnDisc\Command\(Default) = C:\Program Files (x86)\Astroburn Lite\AstroburnLite.exe [Disc Soft Ltd]
FindAppPlayDVDMovieOnArrival\
Provider = @mferror.dll,-115
InvokeProgID = FindApp.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\FindApp.DVD\shell\play\command\(Default) = explorer "ms-windows-store://search/?query=DVD" [MS]
MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSPromptEachTime\
Provider = @C:\WINDOWS\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTime
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
-> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
\LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]
MSPromptEachTimeNoContent\
Provider = @C:\WINDOWS\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTimeNoContent
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
-> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
\LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]
MSStorageSense\
Provider = @C:\WINDOWS\System32\SettingsHandlers_StorageSense.dll,-100
InvokeProgID = MSStorageSense
InvokeVerb = open
HKLM\SOFTWARE\Classes\MSStorageSense\shell\open\command\(Default) = explorer ms-settings:storagesense [MS]
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
Non-disabled Scheduled Tasks: {++}
-----------------------------
C:\Windows\System32\Tasks
Adobe Acrobat Update Task -> launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems]
Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
AMDInstallUEP -> launches: C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe [file not found]
AMDLinkUpdate -> launches: C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe -AMDLinkUpdate [Advanced Micro Devices, Inc.]
BlueStacksHelper -> launches: C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe -sr [file not found]
CCleaner Update -> (HIDDEN!) launches: C:\Program Files\CCleaner\CCUpdate.exe [Piriform Software Ltd]
CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Software Ltd]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> launches: C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate [Intel Corporation]
ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> launches: C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate [Intel Corporation]
ModifyLinkUpdate -> launches: "C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe" -UpdateCurrentUser [Advanced Micro Devices, Inc.]
MSIGH_Host -> (HIDDEN!) launches: C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe --normal [null data]
MSIOSDx64_Host -> (HIDDEN!) launches: C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [null data]
MSIOSDx86_Host -> (HIDDEN!) launches: C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [null data]
MSISW_Host -> (HIDDEN!) launches: C:\WINDOWS\SysWOW64\muachost.exe [MSI]
oCamTask -> launches: C:\Program Files (x86)\oCam\oCamTask.exe /Run [oh!soft]
OneDrive Standalone Update Task-S-1-5-21-2410118792-1310059698-778459309-1001 -> launches: %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MS]
Opera scheduled Autoupdate 1511290304 -> launches: C:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0) [Opera Software]
StartCN -> launches: "C:\Program Files\AMD\CNext\CNext\cncmd.exe" startwithdelay [Advanced Micro Devices, Inc.]
StartDVR -> launches: "C:\Program Files\AMD\CNext\CNext\RSServCmd.exe" [Advanced Micro Devices, Inc.]
{1B5F98B9-92DB-48E7-8C92-F1822A43734E} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\daw\Downloads\Mimo Installer.exe" -d C:\Users\daw\Downloads [MS]
{554F2A33-E339-474F-8E66-DFA93089F46C} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\4Media\Video Cutter 2\Uninstall.exe" [MS]
{EB58302A-98E9-4B85-8514-82E2DDD885CB} -> launches: C:\Windows\system32\pcalua.exe -a H:\setup.exe -d H:\ [MS]
C:\Windows\System32\Tasks\Microsoft\Office
Office 15 Subscription Heartbeat -> launches: %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [MS]
Office Automatic Updates 2.0 -> launches: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /frequentupdate SCHEDULEDTASK displaylevel=False [MS]
Office ClickToRun Service Monitor -> launches: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService [MS]
Office Feature Updates -> launches: C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [MS]
Office Feature Updates Logon -> launches: C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe /onlogon [MS]
OfficeBackgroundTaskHandlerLogon -> launches: C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [MS]
OfficeBackgroundTaskHandlerRegistration -> launches: C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [MS]
OfficeTelemetryAgentFallBack -> launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880 [MS]
OfficeTelemetryAgentLogOn -> launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework
.NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Windows\System32\mscoree.dll [MS]
.NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Windows\System32\mscoree.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4D8A-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\AppID
EDP Policy Manager -> launches: {DECA92E0-AF85-439E-9204-86679978DA08}
-> {HKLM...CLSID} = EDP Policy Manager Task Handler
\InProcServer32\(Default) = C:\WINDOWS\System32\AppLockerCsp.dll [MS]
SmartScreenSpecific -> launches: {9F2B0085-9218-42A1-88B0-9F0E65851666} [InProcServer32 entry not found]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
Microsoft Compatibility Appraiser -> launches: %windir%\system32\compattelrunner.exe [MS]
ProgramDataUpdater -> launches: %windir%\system32\compattelrunner.exe -maintenance [MS]
StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData
appuriverifierdaily -> launches: %windir%\system32\AppHostRegistrationVerifier.exe [MS]
appuriverifierinstall -> launches: %windir%\system32\AppHostRegistrationVerifier.exe [MS]
CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS]
DsSvcCleanup -> launches: %windir%\system32\dstokenclean.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\BitLocker
BitLocker Encrypt All Drives -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
BitLocker MDM policy Refresh -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\BrokerInfrastructure
BgTaskRegistrationMaintenanceTask -> launches: {E984D939-0E00-4DD9-AC3A-7ACA04745521} [InProcServer32 entry not found]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
AikCertEnrollTask -> launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
-> {HKLM...CLSID} = NGC Pregeneration Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS]
CryptoPolicyTask -> launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
-> {HKLM...CLSID} = NGC Pregeneration Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS]
KeyPreGenTask -> launches: {47E30D54-DAC1-473A-AFF7-2355BF78881F}
-> {HKLM...CLSID} = NGC Pregeneration Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\ngctasks.dll [MS]
SystemTask -> launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
UserTask -> launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
UserTask-Roam -> launches: {58FB76B9-AC85-4E55-AC04-427593B1D060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk
ProactiveScan -> launches: {CF4270F5-2E43-4468-83B3-A8C45BB33EA1}
-> {HKLM...CLSID} = Proactive Scan
\InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS]
SyspartRepair -> (HIDDEN!) launches: %windir%\system32\bcdboot.exe %windir% /sysrepair [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CloudExperienceHost
CreateObjectTask -> (HIDDEN!) launches: {E4544ABA-62BF-4C54-AAB2-EC246342626C} [InProcServer32 entry not found]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
UsbCeip -> (HIDDEN!) launches: {C27F6B1D-FE0B-45E4-9257-38799FA69BC8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan
Data Integrity Scan -> launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
-> {HKLM...CLSID} = Data Integrity Scan
\InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]
Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
-> {HKLM...CLSID} = Data Integrity Scan
\InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Device Information
Device -> launches: %windir%\system32\devicecensus.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup
Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888}
-> {HKLM...CLSID} = DsmRefreshTask Class
\InProcServer32\(Default) = C:\WINDOWS\System32\DeviceSetupManagerAPI.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\DeviceDirectoryClient
HandleCommand -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
HandleWnsCommand -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
LocateCommandUserSession -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceAccountChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceLocationRightsChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDevicePeriodic24 -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDevicePolicyChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceProtectionStateChanged -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceSettingChange -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterDeviceWnsFallback -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
RegisterUserDevice -> (HIDDEN!) launches: {AE31B729-D5FD-401E-AF42-784074835AFE}
-> {HKLM...CLSID} = Device Directory Client Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\DeviceDirectoryClient.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
RecommendedTroubleshootingScanner -> launches: %windir%\system32\mitigationscanner.exe [MS]
Scheduled -> (HIDDEN!) launches: {C1F85EF8-BCC2-4606-BB39-70C523715EB3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\sdiagschd.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\DirectX
DirectXDatabaseUpdater -> (HIDDEN!) launches: %windir%\system32\directxdatabaseupdater.exe [MS]
DXGIAdapterCache -> (HIDDEN!) launches: %windir%\system32\dxgiadaptercache.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup
SilentCleanup -> launches: %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
Microsoft-Windows-DiskDiagnosticDataCollector -> (HIDDEN!) launches: %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint
Diagnostics -> launches: %windir%\system32\disksnapshot.exe -z [MS]
StorageSense -> launches: {AB2A519B-03B0-43CE-940A-A73DF850B49A}
-> {HKLM...CLSID} = StorageUsage State Reporter Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\StorageUsage.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\DUSM
dusmtask -> launches: %SystemRoot%\System32\dusmtask.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\EDP
EDP App Launch Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
EDP Auth Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
EDP Inaccessible Credentials Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
StorageCardEncryption Task -> launches: {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\edptask.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\EnterpriseMgmt
MDMMaintenenceTask -> launches: %windir%\system32\MDMAgent.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\ErrorDetails
EnableErrorDetailsUpdate -> launches: {FE285C8C-5360-41C1-A700-045501C740DE} [InProcServer32 entry not found]
C:\Windows\System32\Tasks\Microsoft\Windows\ExploitGuard
ExploitGuard MDM policy Refresh -> launches: {711001CD-CC1D-4470-9B7E-1EF73849C79E}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\MitigationConfiguration.dll [MS]
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\MitigationConfiguration.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Feedback\Siuf
DmClient -> launches: %windir%\system32\dmclient.exe [MS]
DmClientOnScenarioDownload -> launches: %windir%\system32\dmclient.exe utcwnf [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory
File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A}
-> {HKLM...CLSID} = FhTaskHandler Class
\InProcServer32\(Default) = C:\WINDOWS\System32\fhtask.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig
ReconcileFeatures -> launches: {59EECBFE-C2F5-4419-9B99-13FE05FF2675}
-> {HKLM...CLSID} = Feature Configuration Reconciliation Task Handler
\InProcServer32\(Default) = C:\Windows\System32\fcon.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Flighting\OneSettings
RefreshCache -> launches: {E07647F7-AED2-48D9-9720-939BC24A8A3C}
-> {HKLM...CLSID} = OneSettings Refresh Cache Task Handler
\InProcServer32\(Default) = C:\Windows\System32\wosc.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\HelloFace
FODCleanupTask -> (HIDDEN!) launches: %WinDir%\System32\WinBioPlugIns\FaceFodUninstaller.exe [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\InstallService
ScanForUpdates -> launches: {A558C6A5-B42B-4C98-B610-BF9559143139}
-> {HKLM...CLSID} = ScanForUpdates InstallService Task
\InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS]
-> {HKLM...Wow...CLSID} = ScanForUpdates InstallService Task
\InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS]
ScanForUpdatesAsUser -> launches: {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB}
-> {HKLM...CLSID} = ScanForUpdates InstallService Task
\InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS]
-> {HKLM...Wow...CLSID} = ScanForUpdates InstallService Task
\InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS]
SmartRetry -> launches: {F3A219C3-2698-4CBF-9C07-037EDB8E72E6}
-> {HKLM...CLSID} = SmartRetry InstallService Task
\InProcServer32\(Default) = C:\Windows\System32\InstallServiceTasks.dll [MS]
-> {HKLM...Wow...CLSID} = SmartRetry InstallService Task
\InProcServer32\(Default) = C:\Windows\SysWOW64\InstallServiceTasks.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller
Installation -> launches: {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE}
-> {HKLM...CLSID} = Language Components Installer
\InProcServer32\(Default) = C:\Windows\System32\LanguageComponentsInstaller.dll [MS]
ReconcileLanguageResources -> launches: {D0582E3B-3126-4CAA-9155-AC37C912A489} [InProcServer32 entry not found]
C:\Windows\System32\Tasks\Microsoft\Windows\License Manager
TempSignedLicenseExchange -> (HIDDEN!) launches: {77646A68-AD14-4D53-897D-7BE4DDE5F929}
-> {HKLM...CLSID} = TempSignedLicenseExchangeTask
\InProcServer32\(Default) = C:\Windows\System32\TempSignedLicenseExchangeTask.dll [MS]
-> {HKLM...Wow...CLSID} = TempSignedLicenseExchangeTask
\InProcServer32\(Default) = C:\Windows\SysWOW64\TempSignedLicenseExchangeTask.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotificationWindows.exe [MS]
WindowsActionDialog -> launches: %windir%\System32\WindowsActionDialog.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Management\Provisioning
Cellular -> (HIDDEN!) launches: %windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTask [MS]
Logon -> (HIDDEN!) launches: %windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTask [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Maps
MapsToastTask -> (HIDDEN!) launches: {9885AEF2-BD9F-41E0-B15E-B3141395E803}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\mapstoasttask.dll [MS]
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\mapstoasttask.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [file not found]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [file not found]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [file not found]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [file not found]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [file not found]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [file not found]
mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [file not found]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [file not found]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [file not found]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [file not found]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [file not found]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [file not found]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [file not found]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [file not found]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [file not found]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [file not found]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [file not found]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [file not found]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [file not found]
StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [file not found]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [file not found]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
-> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS]
RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
-> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts
MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} [InProcServer32 entry not found]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\NlaSvc
WiFiTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe nla [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\PI
Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
-> {HKLM...CLSID} = TPM Maintenance Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
-> {HKLM...CLSID} = TPM Maintenance Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play
Device Install Group Policy -> (HIDDEN!) launches: {60400283-B242-4FA8-8C25-CAF695B88209}
-> {HKLM...CLSID} = Device Installation Group Policy Task Handler
\InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS]
Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6A1F-47B9-BD52-1D5F95D49C1B}
-> {HKLM...CLSID} = Device Installation Reboot Dialog Task
\InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS]
Plug and Play Cleanup -> launches: {DEF03232-9688-11E2-BE7F-B4B52FD966FF} [InProcServer32 entry not found]
Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: {927EA2AF-1C54-43D5-825E-0074CE028EEE}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\WINDOWS\System32\energytask.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Printing
EduPrintProv -> launches: %windir%\system32\eduprintprov.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\PushToInstall
Registration -> launches: %windir%\system32\sc.exe start pushtoinstall registration [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {C463A0FC-794F-4FDF-9201-01938CEACAFA}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\WINDOWS\system32\rasmbmgr.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {CA767AA8-9157-4604-B64B-40747123D5F2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\regidle.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Servicing
StartComponentCleanup -> launches: {752073A1-23F2-4396-85F0-8FDB879ED0ED} [InProcServer32 entry not found]
C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync
BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87}
-> {HKLM...CLSID} = Delayed Background Upload Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
-> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20}
-> {HKLM...CLSID} = Network State Change Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
-> {HKLM...Wow...CLSID} = Network State Change Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Shell
CreateObjectTask -> (HIDDEN!) launches: {990A9F8F-301F-45F7-8D0E-68C5952DBA43}
-> {HKLM...CLSID} = Shell Create Object Task Delegate
\InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS]
-> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate
\InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS]
FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS]
FamilySafetyRefreshTask -> launches: {C844C79D-AED8-4DCE-AB25-4D359BED84F8}
-> {HKLM...CLSID} = FamilySafetyRefreshTask
\InProcServer32\(Default) = C:\WINDOWS\System32\WpcRefreshTask.dll [MS]
IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}
-> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
\InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS]
-> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
\InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4F47-879B-29A80C355D61} [InProcServer32 entry not found]
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
-> {HKLM...CLSID} = SppSvcRestartTaskHandler Class
\InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS]
-> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class
\InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort
SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS]
SpaceManagerTask -> launches: %windir%\system32\spaceman.exe /Work [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Speech
HeadsetButtonPress -> launches: %windir%\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask [MS]
SpeechModelDownloadTask -> launches: %windir%\system32\speech_onecore\common\SpeechModelDownload.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\StateRepository
MaintenanceTasks -> launches: %windir%\system32\rundll32.exe %windir%\system32\Windows.StateRepositoryClient.dll,StateRepositoryDoMaintenanceTasks [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Storage Tiers Management
Storage Tiers Management Initialization -> launches: {5C9AB547-345D-4175-9AF6-65133463A100} [InProcServer32 entry not found]
C:\Windows\System32\Tasks\Microsoft\Windows\Subscription
EnableLicenseAcquisition -> (HIDDEN!) launches: %SystemRoot%\system32\ClipRenew.exe -e [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain
ResPriStaticDbSync -> launches: {297EE78C-BA95-4E94-81D3-D6E7F089C7B5}
-> {HKLM...CLSID} = Reserved Priority Static Db Sync Task
\InProcServer32\(Default) = C:\WINDOWS\system32\sysmain.dll [MS]
WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855FEC53-D2E4-4999-9E87-3414E9CF0FF4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9}
-> {HKLM...CLSID} = Time Synchronization Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\TimeSyncTask.dll [MS]
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone
SynchronizeTimeZone -> launches: %windir%\system32\tzsync.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TPM
Tpm-HASCertRetr -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
-> {HKLM...CLSID} = TPM Maintenance Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
-> {HKLM...CLSID} = TPM Maintenance Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator
Backup Scan -> launches: %systemroot%\system32\usoclient.exe StartScan [MS]
MusUx_UpdateInterval -> launches: %systemroot%\system32\MusNotification.exe Display [MS]
Reboot -> launches: %systemroot%\system32\MusNotification.exe Reboot [MS]
Schedule Scan -> launches: %systemroot%\system32\usoclient.exe StartScan [MS]
Schedule Scan Static Task -> launches: %systemroot%\system32\usoclient.exe StartScan [MS]
Universal Orchestrator Start -> launches: %systemroot%\system32\usoclient.exe StartUWork [MS]
UpdateModelTask -> launches: %systemroot%\system32\usoclient.exe StartModelUpdates [MS]
USO_Broker_Display -> launches: %systemroot%\system32\MusNotification.exe Display [MS]
USO_UxBroker -> launches: %systemroot%\system32\MusNotification.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\USB
Usb-Notifications -> (HIDDEN!) launches: {E05BE1C8-92A8-4757-B575-ACAECB4E6A40}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Windows\System32\UsbTask.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WaaSMedic
PerformRemediation -> launches: {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32} [InProcServer32 entry not found]
C:\Windows\System32\Tasks\Microsoft\Windows\WCM
WiFiTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -upload [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem
Calibration Loader -> launches: {B210D694-C8DF-490D-9576-9E20CDBC20BD}
-> {HKLM...CLSID} = Color Calibration Loader
\InProcServer32\(Default) = C:\Windows\System32\mscms.dll [MS]
-> {HKLM...Wow...CLSID} = Color Calibration Loader
\InProcServer32\(Default) = C:\Windows\SysWOW64\mscms.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate
Scheduled Start -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS]
sihpostreboot -> launches: %systemroot%\system32\sihclient.exe /PostReboot [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask -> launches: {0358B920-0AC7-461F-98F4-58E32CD89148}
-> {HKLM...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS]
-> {HKLM...Wow...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WlanSvc
CDSSync -> launches: {B0D2B535-12E1-439F-86B3-BADA289510F0}
-> {HKLM...CLSID} = WlanSyncTaskCommon
\InProcServer32\(Default) = C:\Windows\System32\WiFiCloudStore.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WOF
WIM-Hash-Management -> launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1}
-> {HKLM...CLSID} = WOF Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\WofTasks.dll [MS]
WIM-Hash-Validation -> launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1}
-> {HKLM...CLSID} = WOF Task Handler
\InProcServer32\(Default) = C:\WINDOWS\system32\WofTasks.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders
Work Folders Logon Synchronization -> launches: {97D47D56-3777-49FB-8E8F-90D7E30E1A1E}
-> {HKLM...CLSID} = Work Folder Logon Trigger Class
\InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS]
Work Folders Maintenance Work -> launches: {63260BCE-A3FB-4A34-AA51-D4D8E877B62B}
-> {HKLM...CLSID} = Work Folder Maintenance Task Class
\InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WwanSvc
NotificationTask -> (HIDDEN!) launches: %SystemRoot%\System32\WiFiTask.exe wwan [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
-> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]
C:\Windows\System32\Tasks\Microsoft\XblGameSave
XblGameSaveTask -> launches: %windir%\System32\XblGameSaveTask.exe standby [MS]
XblGameSaveTaskLogon -> launches: %windir%\System32\XblGameSaveTask.exe logon [MS]
C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-2410118792-1310059698-778459309-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000006\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000006\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 14
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 14
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{C500C267-63BF-451F-8797-4D720C9A2ED9} = (no title provided)
-> {HKLM...CLSID} = Kaspersky Protection Toolbar
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [AO Kaspersky Lab]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{C500C267-63BF-451F-8797-4D720C9A2ED9} = (no title provided)
-> {HKLM...Wow...CLSID} = Kaspersky Protection Toolbar
\InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [AO Kaspersky Lab]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll [MS]
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\
ButtonText = Lync — kliknij, aby połączyć
MenuText = Lync — kliknij, aby połączyć
CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
-> {HKLM...CLSID} = Skype for Business Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\OCHelper.dll [MS]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll [MS]
{A95FE080-8F5D-11D2-A20B-00AA003C157A}\
ButtonText = @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101
MenuText = @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101
Script = C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html [file not found]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll [MS]
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\
ButtonText = Lync Click to Call
MenuText = Lync Click to Call
CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
-> {HKLM...Wow...CLSID} = Skype for Business Browser Helper
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [MS]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...Wow...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Adapter odbiornika Net.Msmq, NetMsmqActivator, "C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [MS]
Adapter odbiornika Net.Pipe, NetPipeActivator, C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS]
Adapter odbiornika Net.Tcp, NetTcpActivator, C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS]
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems]
AMD External Events Utility, AMD External Events Utility, C:\WINDOWS\System32\DriverStore\FileRepository\c0348309.inf_amd64_da0b285cf0c5a651\B348293\atiesrxx.exe [AMD]
Broker monitorów czasu wykonywania funkcji System Guard, SgrmBroker, C:\WINDOWS\system32\SgrmBroker.exe [MS]
ExpressVPN Service, ExpressVPNService, "C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe" [ExpressVPN]
GamingApp_Service, GamingApp_Service, "C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe" [null data]
HuaweiHiSuiteService64.exe, HuaweiHiSuiteService64.exe, "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [null data]
Intel(R) Capability Licensing Service Interface, Intel(R) Capability Licensing Service Interface, "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [Intel(R) Corporation]
Intel(R) Dynamic Application Loader Host Interface Service, jhi_service, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [Intel Corporation]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Intel(R) ME Service, Intel(R) ME Service, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [Intel Corporation]
Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
MSI Gaming Hotkey Service, GamingHotkey_Service, "C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe" [Micro-Star INT'L CO., LTD.]
MSI Live Update Service, MSI_LiveUpdate_Service, "C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe" [Micro-Star INT'L CO., LTD.]
MSI_ActiveX_Service, MSI_ActiveX_Service, "C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe" [null data]
MSIREGISTER_MR, MSIREGISTER_MR, C:\MSI\MSIRegister\MSIRegisterService.exe [Micro-Star INT'L CO., LTD.]
Usługa AVCTP, BthAvctpSvc, C:\WINDOWS\system32\svchost.exe -k LocalService -p {C:\WINDOWS\System32\BthAvctpSvc.dll [MS]}
Usługa infrastruktury zadań w tle, BrokerInfrastructure, C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p {C:\WINDOWS\System32\psmsrv.dll [MS]}
Usługa Kaspersky Anti-Virus 19.0.0, AVP19.0.0, "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe" -r [AO Kaspersky Lab]
Usługa Kaspersky Secure Connection 3.0.0, KSDE3.0.0, "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe" -r [AO Kaspersky Lab]
Usługa koordynatora aktualizacji, UsoSvc, C:\WINDOWS\system32\svchost.exe -k netsvcs -p {C:\WINDOWS\system32\usosvc.dll [MS]}
Usługa Szybka instalacja pakietu Microsoft Office, ClickToRunSvc, "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service [MS]
Usługa udostępniania portów Net.Tcp, NetTcpPortSharing, C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [MS]
Usługa zasad wyświetlania, DispBrokerDesktopSvc, C:\WINDOWS\system32\svchost.exe -k LocalService -p {C:\WINDOWS\System32\DispBroker.Desktop.dll [MS]}
Xbox Accessory Management Service, XboxGipSvc, C:\WINDOWS\system32\svchost.exe -k netsvcs -p {C:\WINDOWS\System32\XboxGipSvc.dll [MS]}
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
<<!>> AudioEndpointBuilder, Service
<<!>> AudioSrv, Service
<<!>> CBDHSvc, Service
<<!>> HdAudAddService.Sys, Driver
<<!>> HdAudBus.Sys, Driver
<<!>> iai2c.sys, Driver
<<!>> SerCx2.sys, Driver
<<!>> usbaudio.sys, Driver
<<!>> {4D36E96C-E325-11CE-BFC1-08002BE10318}, Media
<<!>> {F2E7DD72-6468-4E36-B6F1-6488F42C1B52}, Firmware
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> AudioEndpointBuilder, Service
<<!>> AudioSrv, Service
<<!>> CBDHSvc, Service
<<!>> HdAudAddService.Sys, Driver
<<!>> HdAudBus.Sys, Driver
<<!>> NetSetupSvc, Service
<<!>> SerCx2.sys, Driver
<<!>> usbaudio.sys, Driver
<<!>> WinQuic, Driver
<<!>> {4D36E96C-E325-11CE-BFC1-08002BE10318}, Media
<<!>> {F2E7DD72-6468-4E36-B6F1-6488F42C1B52}, Firmware
Accessibility Tools:
--------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\SessionTransit\
Configuration =
Keyboard Driver Filters:
------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<<!>> UpperFilters = <<!>> klkbdflt [AO Kaspersky Lab],<<!>> ikbevent [null data],kbdclass [MS]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Appmon\Driver = AppMon.dll [MS]
WSD Port\Driver = APMon.dll [MS]
---------- (launch time: 2019-12-05 00:03:30)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 51 seconds, including 7 seconds for message boxes)
|