Zoek.exe Version 4.0.0.2 Updated 28-03-2013
Tool run by Hilaire on za 30/03/2013 at 10:29:44,59.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Hilaire\Downloads\zoek.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe

==== Installed Programs ======================

7-Zip 9.20  
Adobe Flash Player 11 ActiveX  
Adobe Flash Player 11 Plugin  
Aldfaer  
Angry Birds Rio  
Angry Birds Seasons  
Angry Birds Star Wars  
avast Free Antivirus  
Belgium e-ID middleware 4.0.4 (build 7251)  
CCleaner  
D3DX10  
Epson Event Manager  
EPSON Scan  
EPSON SX218 Series Printer Uninstall  
Eusing Free Registry Cleaner  
File Shredder 2.5  
Google Chrome  
Google Earth  
Google Talk Plugin  
Google Translator  
Google Update Helper  
Harry Potter TM  
HiJackThis  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)  
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)  
Internet Explorer (Enable DEP)  
IObit Apps Toolbar v7.0  
IPM_PSP_CL  
IPM_PSP_COM  
Java 7 Update 17  
Java Auto Updater  
Malwarebytes Anti-Malware versie 1.65.1.1000  
Messenger Companion  
MFC RunTime files  
Microsoft .NET Framework 3.5 Language Pack SP1 - nld  
Microsoft .NET Framework 3.5 SP1  
Microsoft .NET Framework 4 Client Profile  
Microsoft .NET Framework 4 Client Profile NLD Language Pack  
Microsoft .NET Framework 4 Extended  
Microsoft .NET Framework 4 Extended NLD Language Pack  
Microsoft Application Error Reporting  
Microsoft Office Excel Viewer  
Microsoft PowerPoint Viewer  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft XML Parser  
MSVCRT  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
Nero ControlCenter Help (CHM)  
Nero Core Components  
Nero SoundTrax Help (CHM)  
Nero Update  
Nitro Reader 3  
NVIDIA-configuratiescherm 306.97  
NVIDIA Drivers  
NVIDIA Grafisch stuurprogramma 306.97  
NVIDIA Install Application  
NVIDIA Update 1.10.8  
NVIDIA Update Components  
OpenOffice.org 3.4.1  
Opera 12.14  
PhotoScape  
Prerequisite installer  
Realtek High Definition Audio Driver  
Recuva  
Revo Uninstaller 1.94  
Scan2PDF 1.6  
Security Update for CAPICOM (KB931906)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)  
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)  
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)  
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)  
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)  
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)  
SetPoint  
Skype™ 6.2  
Smart Defrag 2  
SoftPerfect WiFi Guard version 1.0.2  
Steganos Password Manager Free  
Stuurprogrammapakket voor Windows - Fedict SmartCard  (10/04/2011 4.0.0.5)  
SumatraPDF  
Taalpakket voor Microsoft .NET Framework 4 Extended - NLD  
TuneUp Utilities Language Pack (nl-NL)  
Unlocker 1.9.1  
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)  
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)  
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)  
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)  
Update for Microsoft .NET Framework 4 Extended (KB2468871)  
Update for Microsoft .NET Framework 4 Extended (KB2533523)  
Update for Microsoft .NET Framework 4 Extended (KB2600217)  
VC80CRTRedist - 8.0.50727.6195  
Visual C++ 9.0 CRT (x86) WinSXS MSM  
Visual C++ CRT 9.0 SP1  
VLC media player 2.0.5  
Windows Live ID Sign-in Assistant  
Windows Live Installer  
Windows Live Mail  
Windows Live Mesh  
Windows Live Messenger  
Windows Live Messenger Companion Core  
Windows Live MIME IFilter  
Windows Live Movie Maker  
Windows Live Photo Common  
Windows Live Photo Gallery  
Windows Live PIMT Platform  
Windows Live Remote Client  
Windows Live Remote Client Resources  
Windows Live Remote Service  
Windows Live Remote Service Resources  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
127.0.0.1       localhost 
::1             localhost 

==== System Specs ======================

Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002)
Internet Explorer: 9.0.8112.16421
Memory (RAM): 1982 MB
CPU Info: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
CPU Speed: 2152,6 MHz
Sound Card: Luidsprekers (Realtek High Defi | 
Display Adapters: NVIDIA GeForce 6150SE nForce 430 | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; Dell SE198WFP(Analog) | 
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: NVIDIA nForce 10/100 Mbps Ethernet
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVD+-RW GSA-H31N
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 12 Button Wheel Mouse Present
Hard Disks: C:  239,2GB | D:  10,0GB | F:  48,8GB | G:  698,6GB
Hard Disks - Free: C:  143,5GB | D:  5,1GB | F:  21,3GB | G:  682,2GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 02/09/09 | DELL   - 42302e31
Time Zone: West-Europa (standaardtijd)
Motherboard *: Dell Inc. 0RY206
Sun Java version: 1.7.0_17 
Country: België 
Language: NLB 

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Hilaire\AppData\Local\Temp ====
====== C:\Windows\system32 =====
2013-03-29 15:43:59	020B8B9B7D34DF7B7094B88CB896219E	29528	----a-w-	C:\Windows\System32\SmartDefragBootTime.exe
2013-03-17 17:05:11	6428A1B56B4F426F35A029231FF0BB1E	65024	----a-w-	C:\Windows\System32\jsproxy.dll
2013-03-17 17:05:11	35AAE2E841AA1A949775168E119482C9	161792	----a-w-	C:\Windows\System32\msls31.dll
2013-03-17 17:05:11	03728C624D05C2F157BBD46F6B7F6EA0	1129472	----a-w-	C:\Windows\System32\wininet.dll
2013-03-17 17:05:10	EE9D715AF1B928982F417238B9914484	434176	----a-w-	C:\Windows\System32\ieapfltr.dll
2013-03-17 17:05:10	EE0AFCEE88098F754212F9069E80A766	86528	----a-w-	C:\Windows\System32\iesysprep.dll
2013-03-17 17:05:10	D3EAB9BCB2B92EFCA615781C215644C0	9738240	----a-w-	C:\Windows\System32\ieframe.dll
2013-03-17 17:05:10	CA493A92DA9880B6F1A89C3DBD54BA5B	223232	----a-w-	C:\Windows\System32\dxtrans.dll
2013-03-17 17:05:10	C0B8B96D018849FD8CCF15FED84E8782	74240	----a-w-	C:\Windows\System32\ie4uinit.exe
2013-03-17 17:05:10	83F5D4B41BB12CE146786E97F6AAD75E	3695416	----a-w-	C:\Windows\System32\ieapfltr.dat
2013-03-17 17:05:10	7AC9B18F1BE210702DA5E586224B1571	66048	----a-w-	C:\Windows\System32\icardie.dll
2013-03-17 17:05:10	76EB0222590D5DCD050CF862237F414A	63488	----a-w-	C:\Windows\System32\tdc.ocx
2013-03-17 17:05:10	76E987D8CF0683337CF165363B6FDFD9	48640	----a-w-	C:\Windows\System32\mshtmler.dll
2013-03-17 17:05:10	73BDB1C0801D44BEA5F6749FD340CC0F	1796096	----a-w-	C:\Windows\System32\iertutil.dll
2013-03-17 17:05:10	736D1B28224F9DF8008BE8B0DEDFC9EF	76800	----a-w-	C:\Windows\System32\SetIEInstalledDate.exe
2013-03-17 17:05:10	6B036492120E65C0C367DC31D01088A1	74752	----a-w-	C:\Windows\System32\RegisterIEPKEYs.exe
2013-03-17 17:05:10	4312DEBDACBE338F0B90E7F08E7672BE	353792	----a-w-	C:\Windows\System32\dxtmsft.dll
2013-03-17 17:05:10	180D098704551DE37C6299AA888D6821	1103872	----a-w-	C:\Windows\System32\urlmon.dll
2013-03-17 17:05:10	15CF0E37F2B406BDE06CBA4F507B25DE	176640	----a-w-	C:\Windows\System32\ieui.dll
2013-03-17 17:05:10	0B8FE658BD033EC8B1F6FBC305CC65E7	162304	----a-w-	C:\Windows\System32\msrating.dll
2013-03-17 17:05:10	09C9E7F477FB225FDB3B6DE8FED0AA9B	367104	----a-w-	C:\Windows\System32\html.iec
2013-03-17 17:05:09	F83865A3007357A5E498EB9E3BED273D	31744	----a-w-	C:\Windows\System32\iernonce.dll
2013-03-17 17:05:09	F0FEFB0B5D25A75D478A4317139D937E	353584	----a-w-	C:\Windows\System32\iedkcs32.dll
2013-03-17 17:05:09	E7E671A2A0159ED8D86CA98DF134BB70	73216	----a-w-	C:\Windows\System32\mshtmled.dll
2013-03-17 17:05:09	D0F2CB059B2A89AD5B24FD9EB8D784BE	231936	----a-w-	C:\Windows\System32\url.dll
2013-03-17 17:05:09	C9A2D460FD5E409C9320B4CE68A81549	420864	----a-w-	C:\Windows\System32\vbscript.dll
2013-03-17 17:05:09	C798EB903A4FA90D2961E164518090C5	607744	----a-w-	C:\Windows\System32\msfeeds.dll
2013-03-17 17:05:09	C43AFA13B552BCC4352106193F008229	142848	----a-w-	C:\Windows\System32\ieUnatt.exe
2013-03-17 17:05:09	802B0229D904E28C1EA9A5274AB457FC	74752	----a-w-	C:\Windows\System32\iesetup.dll
2013-03-17 17:05:09	6B4701D3D9724812E8C3801E7BF87157	23552	----a-w-	C:\Windows\System32\licmgr10.dll
2013-03-17 17:05:09	67BC2BA6F94D2D0C51213691FBFEEBB1	152064	----a-w-	C:\Windows\System32\wextract.exe
2013-03-17 17:05:09	60D6B33E77A297AA1B14BF0452C20471	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2013-03-17 17:05:09	60B4F624BB87A3B21D3EC68F38DA6B61	78848	----a-w-	C:\Windows\System32\inseng.dll
2013-03-17 17:05:09	5B37190F79F5D63C1033ED88C006080C	123392	----a-w-	C:\Windows\System32\occache.dll
2013-03-17 17:05:09	51AF0A12CD86E22E1A027C38CC021AC6	150528	----a-w-	C:\Windows\System32\iexpress.exe
2013-03-17 17:05:09	5193DE33F3284C447E0D31DAFBF92570	203776	----a-w-	C:\Windows\System32\webcheck.dll
2013-03-17 17:05:09	4B333D3CC96AE66BD754329FD2989EE2	72822	----a-w-	C:\Windows\System32\ieuinit.inf
2013-03-17 17:05:09	49729570B7FD369BBDEC16D7683324A0	227840	----a-w-	C:\Windows\System32\ieaksie.dll
2013-03-17 17:05:09	3F7A8BCF37433A69CEEDE1E6AEE79784	101888	----a-w-	C:\Windows\System32\admparse.dll
2013-03-17 17:05:09	2A324C44A1B2352EF5F2E1C8984935C0	1427968	----a-w-	C:\Windows\System32\inetcpl.cpl
2013-03-17 17:05:09	263963D93A3CA8F685EFA5966F1E6581	12321792	----a-w-	C:\Windows\System32\mshtml.dll
2013-03-17 17:05:09	061CBB1058A10C0875D18CAFF835AE97	11776	----a-w-	C:\Windows\System32\mshta.exe
2013-03-17 17:05:09	04A8B2F67825380BC0C7C46D56776133	54272	----a-w-	C:\Windows\System32\pngfilt.dll
2013-03-17 17:05:08	ED6F6FBBCDEC95483B7351E23F4FCDF6	110592	----a-w-	C:\Windows\System32\IEAdvpack.dll
2013-03-17 17:05:08	DB754FF5F6ADBA2A25EC1B6672D1C91E	163840	----a-w-	C:\Windows\System32\ieakui.dll
2013-03-17 17:05:08	90A57CA422923286838AAC7DE2D41B92	118784	----a-w-	C:\Windows\System32\iepeers.dll
2013-03-17 17:05:08	69F42E40A0C4344939437D86A8893DA6	1800704	----a-w-	C:\Windows\System32\jscript9.dll
2013-03-17 17:05:08	68563AC389F92EE79F1C714288BA1DCE	35840	----a-w-	C:\Windows\System32\imgutil.dll
2013-03-17 17:05:08	4B80D1F847C0658977E1E8051A4DE002	41472	----a-w-	C:\Windows\System32\msfeedsbs.dll
2013-03-17 17:05:08	1E7094AFAD0C369DD6D400C7047E4AB2	130560	----a-w-	C:\Windows\System32\ieakeng.dll
2013-03-17 17:05:08	1D3EE28BA231CBB9600F5D102EAF4EA7	10752	----a-w-	C:\Windows\System32\msfeedssync.exe
2013-03-17 17:05:08	1895402C57C32BF8281E8F6C65522253	717824	----a-w-	C:\Windows\System32\jscript.dll
2013-03-16 18:40:51	031DA76A5A7DC13F015DD3491394865E	114176	----a-w-	C:\Windows\System32\advpack.dll
2013-03-16 15:39:51	9972A6ED4F2388DBFA8E0A96F6F3FDF1	344064	----a-w-	C:\Windows\System32\msvcr70.dll
2013-03-16 15:39:50	09AEF167EB1531E965053D0DCF6CC573	974848	----a-w-	C:\Windows\System32\mfc70.dll
====== C:\Windows\system32\drivers =====
2013-03-29 15:43:33	46B40982AF166BF89C3F51FB13E60D6D	15672	----a-w-	C:\Windows\System32\drivers\SmartDefragDriver.sys
2013-03-22 13:55:37	8D31A140B55021BBD3A608F5A7AA2E18	15872	----a-w-	C:\Windows\System32\drivers\usb8023.sys
2013-03-01 15:06:41	EDB0C9BA44B748E420CCA989FD8B826E	164736	----a-w-	C:\Windows\System32\drivers\aswVmm.sys
2013-03-01 15:06:40	657A61979F40D67CA29716149766FFA7	49248	----a-w-	C:\Windows\System32\drivers\aswRvrt.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-03-29 18:12:48	--------	d-----w-	C:\Program Files\7-Zip
2013-03-29 15:43:33	--------	d-----w-	C:\Program Files\Application Updater
2013-03-29 15:43:30	--------	d-----w-	C:\Program Files\IObit Apps Toolbar
2013-03-29 15:43:30	--------	d-----w-	C:\Program Files\Common Files\Spigot
2013-03-28 16:48:08	--------	d-----w-	C:\Program Files\Pointstone
2013-03-28 16:45:26	--------	d-----w-	C:\Program Files\SoftPerfect WiFi Guard
2013-03-25 18:08:38	--------	d-----w-	C:\Program Files\Eusing Free Registry Cleaner
2013-03-25 18:00:29	--------	d-----w-	C:\Program Files\AML Products
2013-03-16 15:25:07	--------	d-----w-	C:\Program Files\Amazon
2013-03-01 13:28:46	--------	d-----w-	C:\Program Files\Spybot - Search & Destroy 2
======= C: =====
2013-03-29 14:40:36	6BD5A55F82C711A995C6C864BF23D843	2366	----a-w-	C:\AdwCleaner[S4].txt
====== C:\Users\Hilaire\AppData\Roaming ======
2013-03-29 18:18:51	--------	d-----w-	C:\users\Hilaire\AppData\Local\Opera
2013-03-29 15:43:42	--------	d-----w-	C:\users\Hilaire\AppData\Locallow\Search Settings
2013-03-28 16:45:30	--------	d-----w-	C:\users\Hilaire\AppData\Local\WiFi Guard
2013-03-16 14:32:54	--------	d-----w-	C:\users\Hilaire\AppData\Roaming\uTorrent
2013-03-01 15:17:51	--------	d-----w-	C:\users\Hilaire\AppData\Roaming\vlc
====== C:\Users\Hilaire ======
2013-03-29 16:02:07	--------	d-----w-	C:\ProgramData\APN
2013-03-29 15:43:47	--------	d-----w-	C:\ProgramData\IObit
2013-03-28 16:39:18	--------	d-----w-	C:\ProgramData\firebird
2013-03-28 16:24:12	--------	d-----w-	C:\ProgramData\PassMark
2013-03-16 15:24:57	7E9181251A33F1CF894B35B1D9B12F39	129536	----a-w-	C:\Users\Public\AlexaNSISPlugin.5372.dll
2013-03-16 15:20:28	02C1EE40968BAA67C3A785CDA9807125	262	--sha-r-	C:\Users\Hilaire\ntuser.pol
2013-03-01 13:29:12	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy

====== C: exe-files ==
2013-03-29 18:18:45	6B57E3CB21C9A25DCB16A7041B425DD0	1198432	----a-w-	C:\Program Files\Opera\updatechecker\opera_autoupdate.exe
2013-03-29 18:18:45	2ABD166EC31BE154D8CBEEC5D7F5714C	879456	----a-w-	C:\Program Files\Opera\opera.exe
2013-03-29 18:15:57	D7CA13C9034D2E696A8B80F5E00FFCF8	13169040	----a-w-	C:\Users\Hilaire\Downloads\Opera_1214_int_Setup.exe
2013-03-29 18:12:50	78E662D435A8E1F5B9CED236FD331856	58641	----a-w-	C:\Program Files\7-Zip\Uninstall.exe
2013-03-29 18:12:29	B3FDF6E7B0AECD48CA7E4921773FB606	1110476	----a-w-	C:\Users\Hilaire\Downloads\7z920.exe
2013-03-29 16:01:29	842AAEF8281D3BC0EABC9DB14015413E	1607248	----a-w-	C:\Users\Hilaire\Downloads\musicwallpapers.exe
2013-03-29 15:43:59	020B8B9B7D34DF7B7094B88CB896219E	29528	----a-w-	C:\Windows\System32\SmartDefragBootTime.exe
2013-03-29 15:43:32	55BAC1668759932950725053ECBB39CF	1015128	----a-w-	C:\Program Files\IObit\Smart Defrag 2\Freeware\SD_FreeSoftwareDownloader.exe
2013-03-29 15:43:32	55BAC1668759932950725053ECBB39CF	1015128	----a-w-	C:\Program Files\IObit\Smart Defrag 2\Freeware\ASC_FreeSoftwareDownloader.exe
2013-03-29 15:43:31	39199339993DAAC4953CDCF8BEF23659	1262976	----a-w-	C:\Program Files\IObit\Smart Defrag 2\UninstallPromote.exe
2013-03-29 15:43:30	F74B05113BA0D0A652108404F26DCD81	1611216	----a-w-	C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
2013-03-29 15:43:30	F3D270CDBC78E388F4C3C3F1B7EE6063	691584	----a-w-	C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe
2013-03-29 15:43:30	2F1A2370A8A07AEC59F7BDC346A18A5C	29528	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\win8_x86\SmartDefragBootTime.exe
2013-03-29 15:43:30	09E9402132226936ABA25A11D1AD6485	32600	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\win8_x64\SmartDefragBootTime.exe
2013-03-29 15:43:29	D4311A326B9C4C7F6AA671273475D9E5	32600	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\win7_x64\SmartDefragBootTime.exe
2013-03-29 15:43:29	884517A8728F9181CC57A50952078DBD	32600	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\wlh_x64\SmartDefragBootTime.exe
2013-03-29 15:43:29	6982DF7EDAEE14BB7B4C4A32492334E8	29528	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\win7_x86\SmartDefragBootTime.exe
2013-03-29 15:43:29	020B8B9B7D34DF7B7094B88CB896219E	29528	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\wlh_x86\SmartDefragBootTime.exe
2013-03-29 15:43:28	6389CE8893030CBC1EE304AC2E184515	32600	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\wxp_x64\SmartDefragBootTime.exe
2013-03-29 15:43:28	5C05F15D19BCE595493964BA01DDE696	29528	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\wnet_x86\SmartDefragBootTime.exe
2013-03-29 15:43:28	49EE60355F973046D5067FABC66F7D42	32600	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\wnet_x64\SmartDefragBootTime.exe
2013-03-29 15:43:28	0D247DD272FBA1C5C84B5078429C3B79	29528	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\wxp_x86\SmartDefragBootTime.exe
2013-03-29 15:43:23	756AFEBD233C69C5088F47506427B7AE	240000	----a-w-	C:\Program Files\IObit\Smart Defrag 2\SDInit.exe
2013-03-29 15:43:22	6CA14382E4B8C66B0FBAEE91CDA625E2	1184128	----a-w-	C:\Program Files\IObit\Smart Defrag 2\unins000.exe
2013-03-29 15:40:21	A57230848899CF83751B1D5B4E63CE5C	4977272	----a-w-	C:\Users\Hilaire\Downloads\defragsetup.exe
2013-03-29 14:38:09	EC4961D7E0F6ACEF4E8446E062048D88	609993	----a-w-	C:\Users\Hilaire\Downloads\adwcleaner.exe
2013-03-28 16:45:27	5E3AA326CF6AB7B6DAAC963004D4907C	2884496	----a-w-	C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe
2013-03-28 16:45:26	C8C0ADAB83ED13D2EB2EE8262017DF14	1186161	----a-w-	C:\Program Files\SoftPerfect WiFi Guard\unins000.exe
2013-03-28 16:29:42	D13879F9A51F6F8C6AC33A5B86694E9F	24449680	----a-w-	C:\Program Files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-7.0.3.8542.exe
2013-03-28 16:15:26	0A63845940748D8079C915D50F37D83D	44594760	----a-w-	C:\Users\Hilaire\Downloads\osf.exe
2013-03-25 18:08:39	F3D41FEB2B02EC4DA63D8CF7F631CDB4	1489408	----a-w-	C:\Program Files\Eusing Free Registry Cleaner\Regcleaner.exe
2013-03-25 18:08:38	973567B98CDFC147DF4E60471D9DF072	153088	----a-w-	C:\Program Files\Eusing Free Registry Cleaner\UNWISE.EXE
2013-03-25 17:58:51	EDD73A67A23250BE02A23775BBE8FAB8	393080	----a-w-	C:\Users\Hilaire\Downloads\SoftonicDownloader_voor_aml-free-registry-cleaner.exe
=== C: other files ==
2013-03-29 18:20:07	9D044D1BE549E62672D3C67ED924E5B3	448973	----a-w-	C:\Users\Hilaire\AppData\Roaming\Opera\Opera\skin\blue-mountains-1.0-1.zip
2013-03-29 18:18:47	E565B6C58E276B88CBD93F7805DB17FD	240918	----a-w-	C:\Program Files\Opera\locale\en\en.zip
2013-03-29 18:18:47	607B4FBF97300A4922EE4E90DBAE25AC	1414175	----a-w-	C:\Program Files\Opera\skin\standard_skin.zip
2013-03-29 15:43:33	46B40982AF166BF89C3F51FB13E60D6D	15672	----a-w-	C:\Windows\System32\drivers\SmartDefragDriver.sys
2013-03-29 15:43:30	DD0443BC6CC78A19FD399817F8C51401	17720	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\win8_x64\SmartDefragDriver.sys
2013-03-29 15:43:30	BF302072DC8374CF4E118FD88AA817A2	15672	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\win8_x86\SmartDefragDriver.sys
2013-03-29 15:43:29	DD0443BC6CC78A19FD399817F8C51401	17720	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\win7_x64\SmartDefragDriver.sys
2013-03-29 15:43:29	BF302072DC8374CF4E118FD88AA817A2	15672	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\win7_x86\SmartDefragDriver.sys
2013-03-29 15:43:29	B68385FD0CB677A1BB3EAB0BEB2999B7	17720	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\wlh_x64\SmartDefragDriver.sys
2013-03-29 15:43:29	46B40982AF166BF89C3F51FB13E60D6D	15672	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\wlh_x86\SmartDefragDriver.sys
2013-03-29 15:43:28	FD7E99CA739D7B677EEDE3724DF9F660	15672	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\wnet_x86\SmartDefragDriver.sys
2013-03-29 15:43:28	BFEB28534E2F92DC850968FBF2FCC3D9	17720	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\wnet_x64\SmartDefragDriver.sys
2013-03-29 15:43:28	42B56490B55116C6C37A3C96D2D42AEE	17720	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\wxp_x64\SmartDefragDriver.sys
2013-03-29 15:43:28	14BB60A4F1C5291217A05D5728C403E6	14776	----a-w-	C:\Program Files\IObit\Smart Defrag 2\drivers\wxp_x86\SmartDefragDriver.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3610711996-1769753261-2712777353-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_USERS\S-1-5-21-3610711996-1769753261-2712777353-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
"SearchSettings"="C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccleaner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccleaner"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /AUTO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Hilaire\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ABBYY.Licensing.FineReader.Sprint.9.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ASKService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ASKUpgrade]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BthServ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CertPropSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Common Toolkit Tools]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IDriverT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LBTServ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PSI_SVC_2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RoxMediaDB9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RoxWatch9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\sdAuxService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\sdCoreService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SPAMfighter Update Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\sprtsvc_DellSupportCenter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Suite Service]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13/03/2013 10:04]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03/03/2010 16:49]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03/03/2010 16:49]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3610711996-1769753261-2712777353-1000Core.job --a------ C:\Users\Hilaire\AppData\Local\Google\Update\GoogleUpdate.exe [02/04/2012 09:58]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3610711996-1769753261-2712777353-1000UA.job --a------ C:\Users\Hilaire\AppData\Local\Google\Update\GoogleUpdate.exe [02/04/2012 09:58]
C:\Windows\tasks\User_Feed_Synchronization-{7DF20E1A-0DCE-461E-A17B-4A27F5EBEB49}.job --ah----- C:\Windows\system32\msfeedssynC:.exe []
C:\Windows\tasks\User_Feed_Synchronization-{E44D27E0-7B62-432F-8035-1BBB9729ED05}.job --a------ C:\Windows\system32\msfeedssynC:.exe []

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bpegkgagfojjbcpkihigfmkojdmmimdf - No path found[]
ehgldbbpchgpcfagfpfjgoomddhccfgh - No path found[]
hbcennhacfaagdopikcegfcobcadeocj - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx[22/11/2012 14:47]
icdlfehblmklkikfigmjhbmmpmkmpooj - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx[23/02/2013 19:17]
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07/03/2013 00:29]
jbolfgndggfhhpbnkgnpjkfhinclbigj - No path found[]
mhkaekfpcppmmioggniknbnbdbcigpkk - C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx[16/10/2012 13:08]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 14:13]
pfndaklgolladniicklehhancnlgocpp - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx[22/11/2012 15:00]

Cirque du Soleil - Hilaire - Default\Extensions\bambdhnebihakocbdlomklpnieneajmo
YouTube - Hilaire - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - Hilaire - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
http //www.hna.de/lokales/melsungen/ - Hilaire - Default\Extensions\cgckpnfmcemdfipfgoifnloidldpfgjl
http //www.kapaza.be/ - Hilaire - Default\Extensions\chiopncjgmnoijhhopkmdociikbnoidd
http //www.delijn.be/index.htm - Hilaire - Default\Extensions\dfbcaikfkednpfffkoiblmpgfiephohc
http //webmail.base.be/?_task=logout - Hilaire - Default\Extensions\dmkhiibdbaefinbibjpocecgejngafbe
http //www.facebook.com/ - Hilaire - Default\Extensions\dnknkgccldocdogpnhbaddbdhhjiindo
http //www.cm.be//index.jsp - Hilaire - Default\Extensions\ebannkigldfcbgndfmpijmahggddhgdo
http //www.demorgen.be/ - Hilaire - Default\Extensions\fgoookejgoefoaehjdpmhadjkmkkbjef
Vertalen.nu - Hilaire - Default\Extensions\giapagjeblcapfphboclikepoeelhgkj
Ebay Shopping Assistant by Spigot - Hilaire - Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
http //www.de8.be/index.html - Hilaire - Default\Extensions\hdgbccgfdjahcjeblpgnklmgminabneg
http //www.gvagroup.be/website/svzwcm20.nsf/a - Hilaire - Default\Extensions\higfbgcdmliingimbedbfhmnhpjjgkgj
http //www.google.be/ - Hilaire - Default\Extensions\hnlkomidliifcdghkkldmeopenoldldj
Windows Media Player Extension for HTML5 - Hilaire - Default\Extensions\hokdglbhghcebcopdbanieangmcamaak
Domain Error Assistant - Hilaire - Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
http //www.medi-c.be/ - Hilaire - Default\Extensions\ijognegfmakmkdjdblbcaiomnnnfeohn
The easy way to view your real IP Address - Hilaire - Default\Extensions\ikbgmfgkdplpkdnamkjbdanfcgfeejmg
http //www.standaard.be/ - Hilaire - Default\Extensions\jdoeimbaimhjmkkeikhbkgjmgakjndif
Neerslagalarm - Hilaire - Default\Extensions\jlhabpjomliflpffmhbdolblceidbkni
http //www.infobel.com/nl/belgium - Hilaire - Default\Extensions\keimanmlkdhhnfdjkilokmefgamjeaci
http //www.nieuwsblad.be/ - Hilaire - Default\Extensions\kfahphnfdcllmbbenabdncblfnniaihm
http //nl.wikipedia.org/wiki/Wiki - Hilaire - Default\Extensions\ldbhhknemkgdmcblefimhmdafiepmdbe
https //twitter.com/ - Hilaire - Default\Extensions\lddagfjihimnacaabfnfagjcokfmnekc
http //www.2dehands.be/ - Hilaire - Default\Extensions\mfhhpaeihkilnfehnlliehamhjmclieg
Savings-Slider - Hilaire - Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
http //maps.google.nl/ - Hilaire - Default\Extensions\nmdffimlpchpijiglkejlilegobjaokn
Amazon Shopping Assistant by Spigot - Hilaire - Default\Extensions\pfndaklgolladniicklehhancnlgocpp
World Clocks - Hilaire - Default\Extensions\pjgoijhajhaahklokegbfnohialajpej
Gmail - Hilaire - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
YouTube - Hilaire - Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Hilaire - Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast WebRep - Hilaire - Profile 2\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Gmail - Hilaire - Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Silent Runners ======================

"Silent Runners.vbs", revision 69, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
ehTray.exe = C:\Windows\ehome\ehTray.exe [MS]
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software]
SearchSettings = "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" [Spigot, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\(Default) = (no title provided)
  -> {HKLM…CLSID} = IObit Apps Toolbar
                 \InProcServer32\(Default) = C:\Program Files\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll [Spigot, Inc.]

{326E768D-4182-46FD-9C16-1449A49795F4}\(Default) = Increase performance and video formats for your HTML5 <video>
  -> {HKLM…CLSID} = DivX Plus Web Player HTML5 <video>
                 \InProcServer32\(Default) = C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [DivX, LLC]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM…CLSID} = Java(tm) Plug-In SSV Helper
                 \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided)
  -> {HKLM…CLSID} = avast! WebRep
                 \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM…CLSID} = Windows Live ID Sign-in Helper
                 \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM…CLSID} = Java(tm) Plug-In 2 SSV Helper
                 \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM…CLSID} = avast
                 \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice.org Property Handler
  -> {HKCU…CLSID} = OpenOffice.org Property Handler
                 \InProcServer32\(Default) = C:\Program Files\Basis\program\shlxthdl\propertyhdl.dll [Apache Software Foundation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
  -> {HKLM…CLSID} = 7-Zip Shell Extension
                 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}
  -> {HKLM…CLSID} = IEProtocolHandler Class
                 \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll [Skype Technologies]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM…CLSID} = 7-Zip Shell Extension
                 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM…CLSID} = avast
                 \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM…CLSID} = avast
                 \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

DeleteFiles\(Default) = {736AF091-C361-49B4-A928-87C586130D33}
  -> {HKLM…CLSID} = Delete Files
                 \InProcServer32\(Default) = C:\PROGRA~1\File Shredder\fsshell.dll [null data]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM…CLSID} = MBAMShlExt Class
                 \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
  -> {HKLM…CLSID} = UnlockerShellExtension
                 \InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM…CLSID} = 7-Zip Shell Extension
                 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM…CLSID} = 7-Zip Shell Extension
                 \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
  -> {HKLM…CLSID} = NVIDIA CPL Context Menu Extension
                 \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

HKCU\Software\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
  -> {HKCU…CLSID} = (no title provided)
                 \InProcServer32\(Default) = C:\Program Files\Basis\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM…CLSID} = avast
                 \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM…CLSID} = MBAMShlExt Class
                 \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
  -> {HKLM…CLSID} = UnlockerShellExtension
                 \InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data]


Default executables:
--------------------

.bat
HKCU\Software\Classes\.bat\(Default) = batfile

.cmd
HKCU\Software\Classes\.cmd\(Default) = cmdfile

.com
HKCU\Software\Classes\.com\(Default) = comfile

.exe
HKCU\Software\Classes\.exe\(Default) = exefile

.pif
HKCU\Software\Classes\.pif\(Default) = piffile


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDesktopCleanupWizard = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoRecentDocsHistory = (REG_DWORD) dword:0x00000000
{unrecognized setting}

ClearRecentDocsOnExit = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoResolveTrack = (REG_DWORD) dword:0x00000001
{unrecognized setting}

NoPropertiesMyComputer = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoFileAssociate = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoClose = (REG_DWORD) dword:0x00000000
{unrecognized setting}

StartMenuLogoff = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoSMHelp = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Policies\Microsoft\Windows\System\

disablecmd = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

NoDispBackgroundPage = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoDispSettingsPage = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoDispScrSavPage = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Hilaire\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\Windows\system32\ssText3d.scr [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]

VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]

VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

WIA_{19C197FD-4171-4C28-A2AF-D3BE13F3B8CA}\
Provider = OmniPage SE 4.0
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
  -> {HKLM…CLSID} = WPDShextAutoplay
                 \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{383BDEDC-DE11-416B-9636-D460EAC2C5EB}\
Provider = Epson Event Manager
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files\Epson Software\Event Manager\EEventManager.exe /StiDevice:%1 /StiEvent:%2;
  -> {HKLM…CLSID} = WPDShextAutoplay
                 \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{5DAB2CA2-1289-4069-9DA6-0CB109501AF6}\
Provider = Picasa2
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
  -> {HKLM…CLSID} = WPDShextAutoplay
                 \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{99BCFBEE-EE91-468A-ACF3-CCBBCED76201}\
Provider = Picasa3
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
  -> {HKLM…CLSID} = WPDShextAutoplay
                 \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{A44AC5E3-A893-403E-9144-F2EF6A66C383}\
Provider = WinZip
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
  -> {HKLM…CLSID} = WPDShextAutoplay
                 \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{C309860D-FC58-4B82-A4FB-0C9CEFB017CA}\
Provider = ABBYY FineReader
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
  -> {HKLM…CLSID} = WPDShextAutoplay
                 \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{F025914D-A1BA-4C16-8082-290CED319D63}\
Provider = EPSON Scan
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Windows\twain_32\escndv\escndv.exe /StiDevice:%1 /StiEvent:%2;
  -> {HKLM…CLSID} = WPDShextAutoplay
                 \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]


Windows Sidebar Gadgets: {++}
------------------------

C:\Users\Hilaire\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CUsers%5CHilaire%5CAppData%5CLocal%5CTemp%5CMiniTV.gadget.~0001"
"C:%5CUsers%5CHilaire%5CAppData%5CLocal%5CTemp%5CGmail.Gadget.~0000"


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Flash Player Updater ->  launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
avast! Emergency Update -> (HIDDEN!) launches: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software]
BrowserProtect ->  launches: C:\Windows\system32\sc.exe start BrowserProtect [MS]
CCleanerSkipUAC ->  launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-3610711996-1769753261-2712777353-1000Core ->  launches: C:\Users\Hilaire\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-3610711996-1769753261-2712777353-1000UA ->  launches: C:\Users\Hilaire\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
Java Update Scheduler ->  launches: C:\Program Files\Common Files\Java\Java Update\jusched.exe [Sun Microsystems, Inc.]
RealUpgradeScheduledTaskS-1-5-21-3610711996-1769753261-2712777353-1000 ->  launches: C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck [file not found]
Run RoboForm TaskBar Icon ->  launches: C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [file not found]
Scheduled Update for Ask Toolbar ->  launches: C:\Program Files\Ask.com\UpdateTask.exe [file not found]
SmartDefragUpdate ->  launches: C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe /autorun [IObit]
TuneUpUtilities_Task_BkGndMaintenance2013 ->  launches: C:\Program Files\TuneUp Utilities 2013\OneClick.exe $(Arg0) [file not found]
User_Feed_Synchronization-{7DF20E1A-0DCE-461E-A17B-4A27F5EBEB49} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]
User_Feed_Synchronization-{D3EEBBA7-B1A0-4FE2-AB22-B30C5457BA84} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]
User_Feed_Synchronization-{E44D27E0-7B62-432F-8035-1BBB9729ED05} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]
{1F7A0E69-B31F-4D8E-A1B2-D13BC0AEE900} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Hilaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWBWZRQS\dotnetfx3setup[1].exe" -d C:\Users\Hilaire\Desktop [MS]
{41CB5E25-DEB4-4441-A80D-CBB7B9A46D73} ->  launches: C:\Windows\system32\pcalua.exe -a L:\Downloads\OOo_3.1.0_Win32Intel_install_nl.exe -d L:\Downloads [MS]
{5AE2AF46-6F55-4267-AF5B-98695100287F} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" -c /uninstall [MS]
{60158FB0-2292-4F76-BACF-3C632ED30056} ->  launches: C:\Windows\system32\pcalua.exe -a E:\Setup.EXE -d E:\ [MS]
{66E5227E-9AF7-46C3-A6CC-9FF01C9DDF20} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe" [MS]
{8C69C0A6-BBD8-4749-A095-70AF9118058E} ->  launches: "c:\program files\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/6.2.0.106/nl/abandoninstall?source=lightinstaller&page=tsProgressBar [file not found]
{999745A1-B00A-4CE1-A7AE-AE52CE4C79D8} ->  launches: C:\Windows\system32\pcalua.exe -a C:\Users\Hilaire\Downloads\solutoinstaller.exe -d C:\Users\Hilaire\Downloads [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                 \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM…CLSID} = Certificate Services Client Task Handler
                 \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM…CLSID} = Certificate Services Client Task Handler
                 \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask-Roam ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM…CLSID} = Certificate Services Client Task Handler
                 \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
OptinNotification ->  launches: %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0 [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ManualDefrag ->  launches: %windir%\system32\defrag.exe \\?\Volume{6cbbcfc3-6a01-11de-8ba6-806e6f6e6963}\ [MS]
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c -i -g [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) -gc [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM…CLSID} = HotStart User Agent
                 \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]
TMM ->  launches: {35EF4182-F900-4632-B072-8639E4478A61}
  -> {HKLM…CLSID} = Transient Multi-Monitor Manager
                 \InProcServer32\(Default) = C:\Windows\System32\TMM.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM…CLSID} = Microsoft PlaySoundService Class
                 \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
NAPStatus UI ->  launches: {f09878a1-4652-4292-aa63-8c7d4fd7648f}
  -> {HKLM…CLSID} = Nap ITask Handler Implementation
                 \InProcServer32\(Default) = C:\Windows\System32\QAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RACAgent -> (HIDDEN!) launches: %windir%\system32\RacAgent.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RestartManager
{90DFABDE-AD49-45a7-90EF-8301726A13A0} -> (HIDDEN!) launches: C:\Windows\system32\rmclient.exe \\.\pipe\RestartManager-{AEA2F241-5923-4f52-89BB-443C6537C3E6} [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
CrawlStartPages ->  launches: {51653423-e62d-4ff7-894a-dabb2b8e21e2}
  -> {HKLM…CLSID} = CrawlStartPages Task Handler
                 \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM…CLSID} = GadgetsManager Class
                 \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
WSHReset -> (HIDDEN!) launches: %systemroot%\system32\netsh.exe interface tcp set heuristic wsh=default [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM…CLSID} = MsCtfMonitor task handler
                 \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wired
GatherWiredInfo ->  launches: %windir%\system32\gatherWiredInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
GatherWirelessInfo ->  launches: %windir%\system32\gatherWirelessInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges [MS]
MP Scheduled Signature Update -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe SignatureUpdate [MS]

C:\Windows\System32\Tasks\NCH Swift Sound
expressripShakeIcon ->  launches: C:\Program Files\NCH Swift Sound\ExpressRip\ExpressRip.exe -shakeicon [file not found]
goldenShakeIcon ->  launches: C:\Program Files\NCH Swift Sound\Golden\Golden.exe -shakeicon [file not found]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-3610711996-1769753261-2712777353-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 29


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

{F2CF5485-4E02-4F68-819C-B92DE9277049}
  -> {HKLM…CLSID} = &Links
                 \InProcServer32\(Default) = C:\Windows\system32\ieframe.dll [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided)
  -> {HKLM…CLSID} = avast! WebRep
                 \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

{03EB0E9C-7A91-4381-A220-9B52B641CDB1} = IObit Apps Toolbar
  -> {HKLM…CLSID} = IObit Apps Toolbar
                 \InProcServer32\(Default) = C:\Program Files\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll [Spigot, Inc.]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{0000036B-C524-4050-81A0-243669A86B9F}\
ButtonText = @C:\Program Files\Windows Live\Companion\companionlang.dll,-600
CLSIDExtension = {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3}

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} = (no title provided)
  -> {HKLM…CLSID} = IObit Apps Toolbar
                 \InProcServer32\(Default) = C:\Program Files\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll [Spigot, Inc.]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Andrea RT Filters Service, AERTFilters, C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe [Andrea Electronics Corporation]
Application Updater, Application Updater, "C:\Program Files\Application Updater\ApplicationUpdater.exe" [Spigot, Inc.]
avast! Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [AVAST Software]
Nero Update, NAUpdate, "C:\Program Files\Nero\Update\NASvc.exe" [Nero AG]
NitroPDFReaderDriverCreatorReadSpool3, NitroReaderDriverReadSpool3, "C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe" [Nitro PDF Software]
NVIDIA Display Driver Service, nvsvc, C:\Windows\system32\nvvsvc.exe [NVIDIA Corporation]
NVIDIA Update Service Daemon, nvUpdatusService, C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [NVIDIA Corporation]
TuneUp Thema-uitbreiding, UxTuneUp, C:\Windows\System32\svchost.exe -k netsvcs {C:\Windows\System32\uxtuneup.dll [TuneUp Software]}
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> !SASCORE, 
<<!>> fsproflt, 
<<!>> Lavasoft Ad-Aware Service, Service
<<!>> PEVSystemStart, Service
<<!>> procexp90.Sys, Driver
<<!>> SolutoService, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> !SASCORE, 
<<!>> fsproflt, 
<<!>> Lavasoft Ad-Aware Service, Service
<<!>> PEVSystemStart, Service
<<!>> procexp90.Sys, Driver
<<!>> SolutoService, Service


Accessibility Tools:
--------------------

HKCU\Software\Microsoft\Windows NT\CurrentVersion\AccessibilityTemp\
narrator = dword:0x00000000
magnifierpane = dword:0x00000000

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\Narrator\
Description = Screen Reader
StartExe = C:\Windows\System32\Narrator.exe [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\magnifierpane\
Description = Screen Magnifier
StartExe = C:\Windows\System32\Magnify.exe [MS]


Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<<!>> UpperFilters = <<!>> aswKbd [AVAST Software],kbdclass [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor3_3\Driver = CNBLM3_3.DLL [CANON INC.]
Canon BJ Language Monitor MP510\Driver = CNMLM85.DLL [CANON INC.]
EPSON SX218 Series 32MonitorBE\Driver = E_FLBGDE.DLL [SEIKO EPSON CORPORATION]
Nitro PDF Port Monitor\Driver = nitrolocalmon2.dll [Nitro PDF Software]


<<H>>: Suspicious data at a browser hijack point.