Logfile of random's system information tool 1.10 (written by random/random) Run by frans at 2015-03-21 21:23:50 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 4 GB (7%) free of 52 GB Total RAM: 2037 MB (50% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:24:09, on 21-3-2015 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16633) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Launch Manager\LManager.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe C:\Program Files\AVG\AVG2015\avgui.exe C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe C:\Program Files\BUFFALO\BFRD4G\BRDUtilTray.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\igfxsrvc.exe C:\Users\frans.PC_van_hannah\Desktop\RSIT.exe C:\Program Files\trend micro\frans.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [BuffaloTools] C:\Program Files\BUFFALO\BuffaloTools\BuffaloTools.exe O4 - HKLM\..\Run: [Backup Utility TaskTray Tool] "C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN43B7C4SX0602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1 O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1426946188 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3560068522-3834445045-2274803871-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'hannah') O4 - HKUS\S-1-5-21-3560068522-3834445045-2274803871-1000\..\RunOnce: [Adobe Speed Launcher] 1426624998 (User 'hannah') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - S-1-5-21-3560068522-3834445045-2274803871-1000 Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'hannah') O4 - S-1-5-21-3560068522-3834445045-2274803871-1000 User Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'hannah') O4 - S-1-5-21-3560068522-3834445045-2274803871-1000 User Startup: Seagate NA44CYKD Product Registration.lnk = hannah\AppData\Roaming\Leadertech\PowerRegister\Seagate NA44CYKD Product Registration.exe (User 'hannah') O4 - Startup: Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk = ? O4 - Global Startup: BUFFALO RAMDISK Tray Utility.lnk = C:\Program Files\BUFFALO\BFRD4G\BRDUtilTray.exe O4 - Global Startup: BUFFALO RAMDISK Utility.lnk = C:\Program Files\BUFFALO\BFRD4G\BRDUtil.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll O20 - AppInit_DLLs: eNetHook.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe O23 - Service: Backup Utility Service (BFBackupUtilityService) - BUFFALO INC. - C:\Program Files\BUFFALO\Backup_Utility\BUService.exe O23 - Service: Backup Utility VSS Service (BFBackupUtilityVSSService) - BUFFALO INC. - C:\Program Files\BUFFALO\Backup_Utility\BUVSSService.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: vToolbarUpdater18.3.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9282 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe =========Mozilla firefox========= ProfilePath - C:\Users\frans.PC_van_hannah\AppData\Roaming\Mozilla\Firefox\Profiles\edolajb8.default-1425675150229 "{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Program Files\Real\RealPlayer\browserrecord "avg@toolbar"=C:\ProgramData\AVG Secure Search\FireFoxExt\18.3.0.885\ [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 16.0.0.305 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] "Description"= "Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Windows\system32\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69] "Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In "Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69] "Description"=RealJukebox Netscape Plugin "Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69] "Description"=6.0.12.69 "Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=] "Description"= "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ {AB2CE124-6272-4b12-94A9-7303C7397BD1} {B13721C7-F507-4982-B2E5-502A71474FED} {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} C:\Program Files\Mozilla Firefox\components\ nppl3260.xpt nsIQTScriptablePlugin.xpt nsJSRealPlayerPlugin.xpt C:\Program Files\Mozilla Firefox\plugins\ np-mswmp.dll NPOFFICE.DLL nppdf32.dll nppl3260.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll nprjplug.dll nprpjplug.dll QuickTimePlugin.class WMP Firefox Plugin License.rtf WMP Firefox Plugin RelNotes.txt C:\Users\frans.PC_van_hannah\AppData\Roaming\Mozilla\Firefox\Profiles\edolajb8.default-1425675150229\extensions\ {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-30 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-04 463272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] AVG Security Toolbar - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll [2014-08-28 3627032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-04 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552] {95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll [2014-08-28 3627032] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216] "LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-07-16 768520] "WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424] "vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2015-03-05 2503704] "BuffaloTools"=C:\Program Files\BUFFALO\BuffaloTools\BuffaloTools.exe [2011-03-29 169336] "Backup Utility TaskTray Tool"=C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe [2011-03-29 2712952] "AVG_UI"=C:\Program Files\AVG\AVG2015\avgui.exe [2015-02-19 3710416] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20 1021128] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2014-01-17 421888] "APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HP Photosmart 5520 series (NET)"=C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2012-10-17 1837672] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Adobe Speed Launcher"=1426946188 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] C:\Program Files\Apoint2K\Apoint.exe [2007-06-06 159744] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] C:\Windows\system32\igfxpers.exe [2008-02-11 133656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Windows\RtHDVCpl.exe [2007-07-06 4669440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] C:\Windows\Skytel.exe [2007-06-15 1826816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^frans.PC_van_hannah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2012-08-13 1199104] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup BUFFALO RAMDISK Tray Utility.lnk - C:\Program Files\BUFFALO\BFRD4G\BRDUtilTray.exe BUFFALO RAMDISK Utility.lnk - C:\Program Files\BUFFALO\BFRD4G\BRDUtil.exe