Logfile of random's system information tool 1.10 (written by random/random) Run by willy at 2015-06-07 10:39:26 WIN_8 System drive C: has 1831 GB (97%) free of 1893 GB Total RAM: 8131 MB (79% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:39:30, on 7/06/2015 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Users\willy\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\Program Files (x86)\AVG Web TuneUp\vprot.exe C:\windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\trend micro\willy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1417012200&from=slb2&uid=ST2000DM001-1CH164_Z1E369Z1&q={searchTerms} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1417012200&from=slb2&uid=ST2000DM001-1CH164_Z1E369Z1&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll O2 - BHO: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O2 - BHO: (no name) - {f236ca79-3123-4afb-9f74-e98117ad5625} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe O4 - HKLM\..\Run: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe O4 - HKLM\..\Run: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe O4 - HKLM\..\Run: [FromDocToPDF EPM Support] "C:\PROGRA~2\FROMDO~2\bar\2.bin\65medint.exe" T8EPMSUP.DLL,S O4 - HKLM\..\Run: [FromDocToPDF AppIntegrator 32-bit] C:\PROGRA~2\FROMDO~2\bar\2.bin\AppIntegrator.exe O4 - HKLM\..\Run: [FromDocToPDF AppIntegrator 64-bit] C:\PROGRA~2\FROMDO~2\bar\2.bin\AppIntegrator64.exe O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" O4 - HKCU\..\Run: [EPSON SX410 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Users\willy\AppData\Local\Temp\E_S4946.tmp" /EF "HKCU" O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [OneDrive] "C:\Users\willy\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKUS\S-1-5-21-1927741247-2299308354-3686797543-1001\..\Run: [EPSON SX410 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Users\willy\AppData\Local\Temp\E_S4946.tmp" /EF "HKCU" (User '?') O4 - HKUS\S-1-5-21-1927741247-2299308354-3686797543-1001\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" (User '?') O4 - HKUS\S-1-5-21-1927741247-2299308354-3686797543-1001\..\Run: [OneDrive] "C:\Users\willy\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (User '?') O4 - Global Startup: WinTV Recording Status.lnk = C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - (no file) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater18.4.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe -- End of file - 12650 bytes ======Listing Processes====== ======Scheduled tasks folder====== C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler C:\windows\tasks\HPCeeScheduleForwilly.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForwilly (null) C:\windows\tasks\Start Driver Reviver for WB@willy(logon).job - C:\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe StartAndScan ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2011-02-12 6718864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-05-30 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 689040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-02-12 4220304] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] AVG Web TuneUp - C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-05-29 2424856] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}] Rich Media Downloader [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-05-30 194128] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-05-30 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-05-30 194128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-07-20 7174728] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON SX410 Series"=C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE [2008-10-01 223232] "OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [] "OneDrive"=C:\Users\willy\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-05-22 382664] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "BATINDICATOR"=C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2011-12-14 2068992] "BATINDICATORHL"=C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [2010-07-23 557056] "OSDTool"=C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe [2012-06-13 2101248] "FromDocToPDF EPM Support"=C:\PROGRA~2\FROMDO~2\bar\2.bin\65medint.exe [2014-11-12 12872] "FromDocToPDF AppIntegrator 32-bit"=C:\PROGRA~2\FROMDO~2\bar\2.bin\AppIntegrator.exe [2014-11-12 229960] "FromDocToPDF AppIntegrator 64-bit"=C:\PROGRA~2\FROMDO~2\bar\2.bin\AppIntegrator64.exe [2014-11-12 264264] "BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520] "AVG_UI"=C:\Program Files (x86)\AVG\AVG2015\avgui.exe [2015-05-18 3745744] "vProt"=C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2015-05-29 3033112] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup WinTV Recording Status.lnk - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2011-02-12 6718864] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-02-12 4220304] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "VIDC.YUY2"=msyuv.dll "vidc.i420"=iyuv_32.dll "msacm.msgsm610"=msgsm32.acm "msacm.msg711"=msg711.acm "VIDC.YVYU"=msyuv.dll "VIDC.YVU9"=tsbyuv.dll "wavemapper"=msacm32.drv "midimapper"=midimap.dll "VIDC.UYVY"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.mrle"=msrle32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "vidc.msvc"=msvidc32.dll "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* .scr - open - "C:\windows\system32\notepad.exe" "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 month====== 2015-06-07 10:29:35 ----HD---- C:\OneDriveTemp 2015-06-06 13:18:55 ----D---- C:\rsit 2015-06-06 13:18:55 ----D---- C:\Program Files\trend micro 2015-06-02 10:15:19 ----D---- C:\Program Files (x86)\Belarc 2015-06-02 09:43:44 ----HD---- C:\$WINDOWS.~BT 2015-06-01 20:42:05 ----A---- C:\Recovery.txt 2015-06-01 11:45:08 ----D---- C:\Program Files (x86)\Hp 2015-05-31 11:40:10 ----D---- C:\windows\SoftwareDistribution 2015-05-30 17:50:06 ----D---- C:\Program Files\Google 2015-05-30 17:49:52 ----D---- C:\ProgramData\Google 2015-05-30 17:48:44 ----D---- C:\Program Files (x86)\Adobe 2015-05-30 17:48:34 ----D---- C:\ProgramData\Adobe 2015-05-29 20:53:15 ----D---- C:\windows\softwaredistribution.bak12 2015-05-29 15:37:08 ----D---- C:\ProgramData\AVG Security Toolbar 2015-05-29 15:36:48 ----D---- C:\ProgramData\AVG Secure Search 2015-05-29 15:36:44 ----D---- C:\ProgramData\AVG Web TuneUp 2015-05-29 15:36:34 ----D---- C:\Program Files (x86)\AVG Web TuneUp 2015-05-28 15:59:22 ----D---- C:\ProgramData\iolo 2015-05-28 10:43:56 ----D---- C:\Users\willy\AppData\Roaming\Opera Software 2015-05-28 10:37:45 ----D---- C:\Users\willy\AppData\Roaming\MiniGet 2015-05-28 10:37:45 ----D---- C:\Program Files (x86)\MiniGet 2015-05-28 10:37:36 ----D---- C:\Program Files (x86)\Opera 2015-05-20 15:37:15 ----D---- C:\windows\softwaredistribution.bak11 ======List of files/folders modified in the last 1 month====== 2015-06-07 10:39:28 ----D---- C:\windows\Temp 2015-06-07 10:39:20 ----D---- C:\windows\Prefetch 2015-06-07 10:34:44 ----D---- C:\ProgramData\MFAData 2015-06-07 10:30:46 ----D---- C:\windows\system32\sru 2015-06-06 18:40:11 ----D---- C:\windows\Tasks 2015-06-06 18:40:11 ----D---- C:\windows\system32\Tasks 2015-06-06 18:40:10 ----RD---- C:\Program Files (x86) 2015-06-06 17:08:53 ----SHD---- C:\windows\Installer 2015-06-06 13:18:55 ----D---- C:\Program Files 2015-06-06 11:41:00 ----RD---- C:\windows\System32 2015-06-06 11:41:00 ----D---- C:\windows\Inf 2015-06-06 11:41:00 ----A---- C:\windows\system32\PerfStringBackup.INI 2015-06-05 14:30:07 ----D---- C:\windows\system32\LogFiles 2015-06-05 09:53:48 ----D---- C:\windows\Microsoft.NET 2015-06-04 12:52:08 ----D---- C:\ProgramData\Recovery 2015-06-03 14:48:03 ----SHD---- C:\System Volume Information 2015-06-02 10:14:40 ----D---- C:\windows\SysWOW64 2015-06-01 17:57:25 ----D---- C:\Windows 2015-06-01 16:07:40 ----D---- C:\Program Files (x86)\Common Files 2015-06-01 11:45:10 ----RSD---- C:\windows\Fonts 2015-06-01 10:55:53 ----HD---- C:\ProgramData 2015-05-31 17:18:48 ----D---- C:\windows\Logs 2015-05-30 18:13:58 ----D---- C:\Users\willy\AppData\Roaming\Adobe 2015-05-30 17:56:18 ----SD---- C:\Users\willy\AppData\Roaming\Microsoft 2015-05-30 17:50:06 ----D---- C:\Program Files (x86)\Google 2015-05-29 15:18:22 ----D---- C:\windows\system32\Drivers 2015-05-29 15:17:33 ----D---- C:\ProgramData\AVG2015 2015-05-29 14:55:25 ----HD---- C:\windows\ELAMBKUP 2015-05-29 14:55:21 ----D---- C:\windows\system32\DriverStore 2015-05-29 14:55:01 ----HD---- C:\$AVG 2015-05-29 14:54:33 ----D---- C:\Program Files (x86)\AVG 2015-05-29 12:13:04 ----D---- C:\ProgramData\Microsoft Help 2015-05-29 10:45:02 ----D---- C:\windows\CbsTemp 2015-05-28 12:27:07 ----A---- C:\windows\win.ini 2015-05-14 09:57:50 ----D---- C:\windows\softwaredistribution.bak10 2015-05-14 09:57:45 ----D---- C:\windows\AUInstallAgent 2015-05-14 09:55:25 ----HD---- C:\Program Files\WindowsApps ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AVGIDSHA;AVGIDSHA; C:\windows\system32\DRIVERS\avgidsha.sys [2015-05-07 253920] R0 Avgloga;AVG Logging Driver; C:\windows\system32\DRIVERS\avgloga.sys [2015-05-07 378336] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\windows\system32\DRIVERS\avgmfx64.sys [2015-05-07 220128] R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\windows\system32\DRIVERS\avgrkx64.sys [2015-03-20 40928] R1 Avgdiska;AVG Disk Driver; C:\windows\system32\DRIVERS\avgdiska.sys [2015-03-11 162784] R1 Avgfwfd;@oem26.inf,%AvgfwfdService_Desc%;AVG network filter service; C:\windows\system32\DRIVERS\avgfwd6a.sys [2015-03-20 67040] R1 AVGIDSDriver;AVGIDSDriver; C:\windows\system32\DRIVERS\avgidsdrivera.sys [2015-04-27 284128] R1 Avgldx64;AVG AVI Loader Driver; C:\windows\system32\DRIVERS\avgldx64.sys [2015-04-15 256992] R1 Avgwfpa;AVG Firewall Driver; C:\windows\system32\DRIVERS\avgwfpa.sys [2015-05-04 293856] R1 CLVirtualDrive;CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536] R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2013-07-20 3381960] R3 MEIx64;@oem31.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\windows\System32\drivers\HECIx64.sys [2013-07-13 64624] R3 netr28x;@oem34.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\windows\system32\DRIVERS\netr28x.sys [2013-11-26 2505904] R3 nvlddmkm;nvlddmkm; C:\windows\system32\DRIVERS\nvlddmkm.sys [2012-08-28 13419128] R3 RSPCIESTOR;@oem12.inf,%Rts5208%;Realtek PCIE CardReader Driver; C:\windows\system32\DRIVERS\RtsPStor.sys [2013-11-16 353864] R3 RTL8168;@oem33.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\windows\system32\DRIVERS\Rt630x64.sys [2013-07-13 801864] R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB-videoapparaat (WDM); C:\windows\System32\Drivers\usbvideo.sys [2012-10-12 210304] R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920] S0 Avgboota;AVG Early Launch Anti-Malware Driver; C:\windows\system32\DRIVERS\avgboota.sys [2015-03-27 21152] S3 e1iexpress;@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\windows\system32\DRIVERS\e1i63x64.sys [2012-06-02 333824] S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [] S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-06-02 10627744] S3 nmwcd;@oem17.inf,%MFG% %SVC%;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968] S3 nmwcdc;@oem21.inf,%MFG% %SVC%;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-11 26112] S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216] S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;Stuurprogramma voor USB-audio (WDM); C:\windows\system32\drivers\usbaudio.sys [2012-07-26 121856] S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Stuurprogramma voor USB-scanner; C:\windows\system32\DRIVERS\usbscan.sys [2012-10-11 43008] S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2012-07-26 33280] S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-18 98208] R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\windows\system32\svchost.exe [2012-10-12 29696] R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [2015-05-18 1522664] R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-05-18 3438544] R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-05-18 311792] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184] R2 HauppaugeTVServer;HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [2012-10-02 578048] R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2015-05-19 99128] R2 HPConnectedRemote;HP Connected Remote Service; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2013-01-10 38712] R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-03-28 89840] R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160] R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-07-13 129336] R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-07-13 167736] R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-07-13 364856] R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2012-08-18 891240] R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-07-20 239176] R2 vToolbarUpdater18.4.0;vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [2015-05-29 1875480] R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616] S2 51cdb72;Optimizer Pro Crash Monitor; C:\windows\syswow64\rundll32.exe [2012-07-26 48640] S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30 116648] S3 aspnet_state;aspnet_state; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-12 51648] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30 116648] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-05-30 194032] S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2013-05-13 1129760] S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376] S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\windows\system32\svchost.exe [2012-10-12 29696] -----------------EOF-----------------