Logfile of random's system information tool 1.10 (written by random/random) Run by Bart&Chris at 2015-10-31 14:43:17 Microsoft Windows 7 Starter System drive C: has 174 GB (77%) free of 225 GB Total RAM: 1013 MB (9% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:46:20, on 31/10/2015 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16476) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Norton 360\Engine\22.5.2.15\N360.exe C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\NST.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Launch Manager\LMworker.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\Users\Bart&Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Video Web Camera\VideoWebCamera.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Microsoft Office 15\root\office15\winword.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\igfxext.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe C:\Program Files\Norton 360\Engine\22.5.2.15\conathst.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Bart&Chris\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Bart&Chris\Downloads\RSIT.exe C:\Windows\system32\taskmgr.exe C:\Program Files\trend micro\Bart&Chris.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\22.5.2.15\coIEPlg.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\22.5.2.15\coIEPlg.dll O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe O4 - HKLM\..\Run: [OMEA] "C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe" O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Bart&Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [OneDrive] "C:\Users\Bart&Chris\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKCU\..\RunOnce: [Application Restart #5] C:\Program Files\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session http://buy.norton.com/rd/directrenewal?ECOMMERCEACTION=RENEW&SSLT=4&spefsku=21138015&SKUf=21138015&spskup=21148216&SKUp=21148216&TARGETPRODUCTLINE=161&serviceID=161&TARGETPRODUCTLINEGROUP=4&TARGETPSN=P66RVK7PWGXQ&psn=P66RVK7PWGXQ&PRODUCTTREE=CiQKNlAMVlI2UDdLWEdXCBJRMTEyMjg0GjYxMTIIODMxNTEwEgEgOAkWEBCTAAEx9xAA%2F%2F%2F9%2F%2F%2F%2FAf%2F%2FGgIYAgoOEkxOMTIIODQxNjEyMgEoAAgIGAEQASAASAFAAA%3D%3D&pid=287&partnerID=0&oslang=iso:DUT&oslocale=iso:BEL&vendid=&vendtag=&epid={34892013-8B9D-11E0-B1C6-1C7508E06CCF}&pifcamid=0_0_0_9859_52613_0&product=Norton%20360%20Premier%20Edition&version=21.7.0.11&plang=sym:NL&layouttype=ESD&buildname=Retail&heartbeatID=34892013-8B9D-11E0-B1C6-1C7508E06CCF&env=prod&vendorid=&plid=161&plgid=4&skup=21148216&skum=21297793&endpointid=%7B34892013-8B9D-11E0-B1C6-1C7508E06CCF%7D&lic_type=16&lic_attr=1094915090&psn=P66RVK7PWGXQ&osv O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Bart&Chris\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bart&Chris\AppData\Local\Microsoft\OneDrive\17.3.5951.0827" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: VideoWebCamera.exe.lnk = C:\Program Files\Video Web Camera\VideoWebCamera.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Packard Bell\Registration\GREGsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\22.5.4.24\N360.exe O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\NST.exe O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files\Online Games Manager\ogmservice.exe O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- End of file - 12987 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4230029206-3916453398-640079195-1000Core.job - C:\Users\Bart&Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4230029206-3916453398-640079195-1000UA.job - C:\Users\Bart&Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Norton Identity Protection - C:\Program Files\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10 798008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-23 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}] Norton Identity Protection - C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05 664376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}] Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31 364824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-12 710872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-23 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10 798008] {A13C2648-91D4-4bf3-BC6D-0079707C4389} - Norton Identity Safe Toolbar - C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05 664376] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LManager"=C:\Program Files\Launch Manager\LManager.exe [2010-08-10 975952] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-11-19 9874024] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-06-16 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-06-16 173592] "Persistence"=C:\Windows\system32\igfxpers.exe [2010-06-16 150552] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-05 1692968] "Acer ePower Management"=C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2010-06-11 715296] "OMEA"=C:\Program Files\PackardBellXSync\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe [2009-06-05 184320] "Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072] "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-05-10 49208] ""= [] "EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2013-07-31 2296600] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-18 271744] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504] "GoogleDriveSync"=C:\Program Files\Google\Drive\googledrivesync.exe [2015-10-12 22568216] "Facebook Update"=C:\Users\Bart [2015-01-26 72] "OneDrive"=C:\Users\Bart [2015-01-26 72] "CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2015-04-23 6278424] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #5"=C:\Program Files\Google\Chrome\Application\chrome.exe [2015-10-20 811848] "Uninstall C:\Users\Bart&Chris\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"=C:\Windows\system32\cmd.exe [2009-07-14 301568] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe VideoWebCamera.exe.lnk - C:\Program Files\Video Web Camera\VideoWebCamera.exe C:\Users\Bart&Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OpenOffice.org 3.3 .lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2010-04-19 218112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2013-06-13 64280] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "SoftwareSASGeneration"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=l3codeca.acm "vidc.cvid"=iccvid.dll "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "msacm.siren"=sirenacm.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2015-10-31 10:06:58 ----D---- C:\Windows\system32\SPReview 2015-10-31 09:49:17 ----HD---- C:\OneDriveTemp 2015-10-18 22:01:32 ----A---- C:\Windows\system32\appraiser.dll 2015-10-18 22:01:31 ----A---- C:\Windows\system32\invagent.dll 2015-10-18 22:01:31 ----A---- C:\Windows\system32\generaltel.dll 2015-10-18 22:01:31 ----A---- C:\Windows\system32\devinv.dll 2015-10-18 22:01:31 ----A---- C:\Windows\system32\CompatTelRunner.exe 2015-10-18 22:01:31 ----A---- C:\Windows\system32\aeinv.dll 2015-10-18 22:01:31 ----A---- C:\Windows\system32\acmigration.dll 2015-10-18 20:51:48 ----A---- C:\Windows\system32\FlashPlayerInstaller.exe ======List of files/folders modified in the last 1 month====== 2015-10-31 14:45:09 ----D---- C:\Program Files\trend micro 2015-10-31 14:25:04 ----D---- C:\Windows\Temp 2015-10-31 14:21:32 ----D---- C:\Windows\system32\config 2015-10-31 10:08:38 ----SHD---- C:\System Volume Information 2015-10-31 10:06:58 ----D---- C:\Windows\System32 2015-10-31 09:58:54 ----A---- C:\Windows\system32\PerfStringBackup.INI 2015-10-31 09:58:48 ----D---- C:\Windows\inf 2015-10-31 09:38:03 ----D---- C:\Windows\Prefetch 2015-10-31 09:33:07 ----A---- C:\Windows\system32\FlashPlayerApp.exe 2015-10-25 23:17:54 ----SHD---- C:\Windows\Installer 2015-10-25 23:17:54 ----HD---- C:\Config.Msi 2015-10-25 23:17:25 ----RSD---- C:\Windows\assembly 2015-10-25 23:17:22 ----D---- C:\ProgramData\boost_interprocess 2015-10-25 23:16:57 ----D---- C:\ProgramData\regid.1991-06.com.microsoft 2015-10-25 23:13:01 ----D---- C:\Windows\winsxs 2015-10-25 23:05:31 ----SD---- C:\Windows\system32\CompatTel 2015-10-25 23:05:19 ----D---- C:\Windows\system32\appraiser 2015-10-25 23:05:16 ----D---- C:\Windows\AppPatch 2015-10-25 23:05:15 ----D---- C:\Program Files\Microsoft Office 15 2015-10-22 18:45:05 ----D---- C:\Windows\system32\MRT 2015-10-20 17:01:47 ----A---- C:\Windows\system32\MRT.exe 2015-10-18 21:54:30 ----D---- C:\Windows\system32\catroot 2015-10-18 21:32:36 ----D---- C:\Windows\system32\Tasks ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-06-08 435736] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-06-16 44944] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-06-19 173440] R0 SymEFASI;Symantec Extended File Attributes (SI); C:\Windows\system32\drivers\N360\1605040.018\SYMEFASI.SYS [2015-07-11 1286896] R1 BHDrvx86;BHDrvx86; \??\C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20151022.001\BHDrvx86.sys [2015-10-08 1193032] R1 ccSet_N360;N360 Settings Manager; C:\Windows\system32\drivers\N360\1605040.018\ccSetx86.sys [2015-07-11 137456] R1 ccSet_NST;Norton Identity Safe Settings Manager; C:\Windows\system32\drivers\NST\7DE070B0.02A\ccSetx86.sys [2013-09-27 127064] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2015-07-28 389456] R1 IDSVix86;IDSVix86; \??\C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20151023.001\IDSvix86.sys [2015-10-23 580344] R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\1605020.00F\SRTSP.SYS [2015-07-11 711408] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\1605040.018\SRTSPX.SYS [2015-07-11 44792] R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360\1605040.018\Ironx86.SYS [2015-07-11 234744] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2010-07-15 1906024] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-07-28 122192] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-04-19 4806144] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-11-19 3248168] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208] R3 NAVENG;NAVENG; \??\C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151025.001\NAVENG.SYS [2015-10-25 104440] R3 NAVEX15;NAVEX15; \??\C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151025.001\NAVEX15.SYS [2015-10-25 1645432] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2015-07-28 103152] R3 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\N360\1605020.00F\SYMNETS.SYS [2015-07-11 429816] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-02-05 242992] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864] S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [] S3 EUCR;EUCR; C:\Windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768] S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2013-05-23 43800] S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2013-05-23 37528] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-05-06 114904] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 15872] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-14 82128] R2 ClickToRunSvc;Microsoft Office ClickToRun Service; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2015-09-11 1879640] R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2010-08-10 321104] R2 ePowerSvc;Acer ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 735776] R2 GREGService;GREGService; C:\Program Files\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] R2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200] R2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\22.5.4.24\N360.exe [2015-09-24 282016] R2 NCO;Norton Identity Safe; C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [2015-03-05 131144] R2 NOBU;Norton Online Backup; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2014-11-18 3537224] R2 ogmservice;Online Games Manager; C:\Program Files\Online Games Manager\ogmservice.exe [2014-03-27 581568] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 Updater Service;Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-29 243232] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-31 269000] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-05-31 867080] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2013-06-13 293144] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-10-17 150600] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2013-10-17 4846168] -----------------EOF-----------------