Logfile of random's system information tool 1.10 (written by random/random) Run by Gebruiker at 2014-05-27 16:28:35 Microsoft Windows 7 Home Premium System drive C: has 98 GB (43%) free of 230 GB Total RAM: 4023 MB (28% free) HijackThis download failed ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler C:\Windows\tasks\Packard Bell Registration Reminder.job - C:\Program Files (x86)\Packard Bell\Registration\GREG.exe RR C:\Windows\tasks\ReclaimerUpdateFiles_Gebruiker.job - C:\Users\Gebruiker\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe /UpdateFiles C:\Windows\tasks\ReclaimerUpdateXML_Gebruiker.job - C:\Users\Gebruiker\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe /UpdateXML C:\Windows\tasks\RMSchedule.job - C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe /SF C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Gebruiker.job - C:\Users\Gebruiker\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe /prompt os_boot ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-07-07 426736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll [2010-05-13 394608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL [2010-05-14 79224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-03-04 1143168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-11-09 1219352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc264a72-fa75-4948-b881-ea8eff8e5dd2}] webget - C:\Program Files (x86)\webget\webgetbho.dll [2014-05-26 249624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll [2010-05-13 394608] {8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-11-09 1219352] {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-03-04 1143168] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-01-14 98304] "SSDMonitor"=C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2011-10-25 103896] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-07-05 421888] "TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2012-07-07 296096] "AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-04-28 3774312] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "20140526"=C:\Program Files\AVAST Software\Avast\setup\emupdate\f3c282db-2584-49f7-ad97-80a9df3d176e.exe [2014-05-27 182720] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background [] "BitTorrent DNA"=C:\Users\Gebruiker\Program Files (x86)\DNA\btdna.exe [2012-05-17 342336] "NexonPlug"=C:\Nexon\NexonPlug\NexonPlug.exe [2014-04-23 2115928] "Pando Media Booster"=C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2013-12-07 4287536] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm "vidc.cvid"=iccvid.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "msacm.l3codecp"=l3codecp.acm "vidc.mjpg"=bdmjpeg.dll "vidc.mpeg"=bdmpegv.dll "msacm.bdmpeg"=bdmpega.acm ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-05-27 16:28:35 ----D---- C:\rsit 2014-05-27 16:28:35 ----D---- C:\Program Files (x86)\trend micro 2014-05-26 22:05:12 ----D---- C:\Program Files (x86)\webget 2014-05-26 22:05:10 ----D---- C:\Users\Gebruiker\AppData\Roaming\Systweak 2014-05-25 14:52:59 ----D---- C:\Users\Gebruiker\AppData\Roaming\Windows Live Writer 2014-05-06 22:02:26 ----D---- C:\NetGame ======List of files/folders modified in the last 1 month====== 2014-05-27 16:29:06 ----D---- C:\Windows\Temp 2014-05-27 16:28:35 ----D---- C:\Program Files (x86) 2014-05-27 15:41:13 ----D---- C:\Program Files (x86)\NosTale(UK) 2014-05-27 14:47:45 ----D---- C:\Windows\SysWOW64\drivers 2014-05-27 14:29:48 ----A---- C:\Windows\win.ini 2014-05-27 13:39:15 ----D---- C:\Users\Gebruiker\AppData\Roaming\DNA 2014-05-27 03:27:12 ----D---- C:\Windows\Tasks 2014-05-26 22:08:46 ----SHD---- C:\Windows\Installer 2014-05-26 22:05:46 ----HD---- C:\ProgramData 2014-05-26 22:05:45 ----D---- C:\Windows\System32 2014-05-25 23:34:46 ----SD---- C:\Users\Gebruiker\AppData\Roaming\Microsoft 2014-05-25 16:44:55 ----SHD---- C:\System Volume Information 2014-05-06 16:04:36 ----D---- C:\Windows\inf 2014-04-28 08:13:27 ----D---- C:\Windows\Prefetch ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 aswRvrt;avast! Revert; C:\Windows\SysWOW64\drivers\aswRvrt.sys [] R0 aswVmm;avast! VM Monitor; C:\Windows\SysWOW64\drivers\aswVmm.sys [] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [] R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [] R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS [] R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS [] R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64;{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [] R1 aswKbd;aswKbd; C:\Windows\SysWOW64\drivers\aswKbd.sys [] R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [] R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [] R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [] R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys [] R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091013.001\BHDrvx64.sys [2009-10-09 643632] R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NISx64\1107000.00C\ccHPx64.sys [] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2010-04-19 475696] R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20090911.001\IDSVia64.sys [2009-10-09 466480] R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS [] R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1107000.00C\Ironx64.SYS [] R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS [] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [] R3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys [] R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [] R3 X6va021;X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [] S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [] S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20111117.002\ENG64.SYS [] S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20111117.002\EX64.SYS [] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [] S3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1107000.00C\SRTSP64.SYS [] S3 uqk;uqk; \??\C:\koramgame\STOnline\avital\wyqku64.sys [] S3 usj;usj; \??\C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [2013-12-15 89560] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [] S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [] S3 X6va005;X6va005; \??\C:\Users\GEBRUI~1\AppData\Local\Temp\005677.tmp [] S3 X6va006;X6va006; \??\C:\Users\GEBRUI~1\AppData\Local\Temp\0063B30.tmp [] S3 X6va008;X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [] S3 X6va011;X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [] S3 X6va012;X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [] S3 X6va013;X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [] S3 X6va015;X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [] S3 X6va016;X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [] S3 X6va017;X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-03-04 50344] R2 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] R2 Greg_Service;GRegService; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496] R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-10-13 354840] R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2014-01-27 773968] R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-10-25 793048] R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344] R2 Update webget;Update webget; C:\Program Files (x86)\webget\updatewebget.exe [2014-05-27 317720] R2 Updater Service;Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-29 243232] R2 USBS3S4Detection;USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320] R2 Util webget;Util webget; C:\Program Files (x86)\webget\bin\utilwebget.exe [2014-05-27 317720] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] S2 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-11-09 196376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 135664] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-10-13 867080] S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-13 135664] S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208] S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2013-08-25 5434008] S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [] S4 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [] -----------------EOF-----------------