Logfile of random's system information tool 1.10 (written by random/random) Run by Leo at 2014-07-01 21:14:16 Microsoft Windows 8 Pro System drive C: has 289 GB (76%) free of 381 GB Total RAM: 2046 MB (12% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:14:34, on 1-7-2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Windows\system32\taskhostex.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Program Files\BlockAndSurfS\BlockAndSurfA.exe C:\Windows\Explorer.EXE C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x86__8wekyb3d8bbwe\LiveComm.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files\BlockAndSurfS\BlockAndSurf.exe C:\Program Files\CCleaner\CCleaner.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Norpalla\bin\Norpalla.BrowserAdapter.exe C:\Program Files\Hp\HP Software Update\hpwuschd2.exe C:\Windows\WinStore\WSHost.exe C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe C:\Windows\system32\RunDll32.exe C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\BingBar\7.1.355.0\BingApp.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Microsoft\BingBar\7.1.355.0\BingBar.exe C:\Program Files\Microsoft\BingBar\7.1.355.0\BingSurrogate.exe C:\Program Files\Microsoft\BingBar\7.1.355.0\BingSurrogate.exe C:\Program Files\Microsoft\BingBar\7.1.355.0\BingSurrogate.exe C:\Program Files\Microsoft\BingBar\7.1.355.0\BingSurrogate.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Leo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHQXG00E\RSIT.exe C:\Program Files\trend micro\Leo.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1403009016&from=epom3&uid=ST3400820AS_9QH0BB3KXXXX9QH0BB3K R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1403009016&from=epom3&uid=ST3400820AS_9QH0BB3KXXXX9QH0BB3K&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1403009016&from=epom3&uid=ST3400820AS_9QH0BB3KXXXX9QH0BB3K&q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1403009016&from=epom3&uid=ST3400820AS_9QH0BB3KXXXX9QH0BB3K R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1403009016&from=epom3&uid=ST3400820AS_9QH0BB3KXXXX9QH0BB3K R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1403009016&from=epom3&uid=ST3400820AS_9QH0BB3KXXXX9QH0BB3K&q={searchTerms} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1403009016&from=epom3&uid=ST3400820AS_9QH0BB3KXXXX9QH0BB3K&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1403009016&from=epom3&uid=ST3400820AS_9QH0BB3KXXXX9QH0BB3K R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13798;https=127.0.0.1:13798 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\PROGRA~1\Linkey\IEEXTE~1\iedll.dll O2 - BHO: EnjoyaCouipon - {4E43204A-3744-FFA3-D26B-18AFC4C23753} - C:\ProgramData\EnjoyaCouipon\Tvw57.dll O2 - BHO: CostMin - {6A4D6DD2-B838-2F8F-E7BB-21FB2EF5B579} - C:\Program Files\CostMin\S2Lw.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: BlockAndSurf - {B9F96C29-EF68-DC05-B0EA-18D228284D82} - C:\Program Files\BlockAndSurfS\174.dll O2 - BHO: NetoCoupon - {D267CD08-5708-5511-2A1C-4191EC8A2CE9} - C:\ProgramData\NetoCoupon\lM98nyb9w.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll" (file missing) O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [SpeedUpMyComputer] C:\Program Files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as O4 - HKCU\..\Run: [BlockAndSurf] C:\Program Files\BlockAndSurfS\BlockAndSurf.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKCU\..\Run: [HP Officejet 6600 (NET)] "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN42B8S21705RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1 O4 - S-1-5-21-4088184675-2439656771-513542991-1002 User Startup: RUN.CMD (User 'UpdatusUser') O4 - .DEFAULT User Startup: RUN.CMD (User 'Default user') O4 - Startup: Inktwaarschuwingen controleren - HP Officejet 6600 (netwerk).lnk = ? O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL O23 - Service: BlockAndSurf - Unknown owner - C:\Program Files\BlockAndSurfS\BlockAndSurfbx174.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Update Norpalla - Unknown owner - C:\Program Files\Norpalla\updateNorpalla.exe O23 - Service: Util Norpalla - Unknown owner - C:\Program Files\Norpalla\bin\utilNorpalla.exe O23 - Service: Service Component of VO (vosr) - Unknown owner - C:\Users\Leo\AppData\Roaming\VOPackage\VOsrv.exe O23 - Service: WindowsProtectManger Service (WindowsProtectManger) - Fuyu LIMITED - C:\ProgramData\WindowsProtectManger\wprotectmanager.exe -- End of file - 10993 bytes ======Scheduled tasks folder====== C:\Windows\tasks\APSnotifierPP1.job - C:\Program Files\AnyProtectEx\AnyProtect.exe --notifier 3A C:\Windows\tasks\APSnotifierPP2.job - C:\Program Files\AnyProtectEx\AnyProtect.exe --notifier 4 C:\Windows\tasks\APSnotifierPP3.job - C:\Program Files\AnyProtectEx\AnyProtect.exe --notifier 6 C:\Windows\tasks\BlockAndSurf Update.job - C:\Program Files\BlockAndSurfS\BlockAndSurfB72.exe /update C:\Windows\tasks\BlockAndSurf_wd.job - C:\Program Files\BlockAndSurfS\BlockAndSurfA.exe C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce4706633a55ea.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce7fb63e44e884.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler C:\Windows\tasks\WpsNotifyTask_Leo.job - C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe -from=task C:\Windows\tasks\WpsUpdateTask_Leo.job - C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe -from=task ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] IETabPage Class - C:\Program Files\SupTab\SupTab.dll [2014-05-08 513648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] Linkey - C:\PROGRA~1\Linkey\IEEXTE~1\iedll.dll [2014-04-08 182800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E43204A-3744-FFA3-D26B-18AFC4C23753}] EnjoyaCouipon - C:\ProgramData\EnjoyaCouipon\Tvw57.dll [2014-06-24 371200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A4D6DD2-B838-2F8F-E7BB-21FB2EF5B579}] CostMin - C:\Program Files\CostMin\S2Lw.dll [2014-06-17 367616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-16 461216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-01 194504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9F96C29-EF68-DC05-B0EA-18D228284D82}] BlockAndSurf - C:\Program Files\BlockAndSurfS\174.dll [2014-06-17 191488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D267CD08-5708-5511-2A1C-4191EC8A2CE9}] NetoCoupon - C:\ProgramData\NetoCoupon\lM98nyb9w.dll [2014-07-01 371200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25 1253144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-16 170912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-01 194504] {8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25 1253144] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848] "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-03-14 2565520] "CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1612920] "IJNetworkScannerSelectorEX"=C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2011-01-15 452016] "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28 49208] ""= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912] "SpeedUpMyComputer"=C:\Program Files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe [2013-07-22 2054776] "BlockAndSurf"=C:\Program Files\BlockAndSurfS\BlockAndSurf.exe [2014-06-17 131584] "CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2014-05-20 4529944] "HP Officejet 6600 (NET)"=C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2012-10-17 1837672] C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Inktwaarschuwingen controleren - HP Officejet 6600 (netwerk).lnk - C:\Windows\system32\RunDll32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\PROGRA~1\SupTab\SEARCH~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "PromptOnSecureDesktop"=0 "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoResolveSearch"=1 "NoResolveTrack"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] "Debugger="tasklist.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "msacm.msgsm610"=msgsm32.acm "msacm.msg711"=msg711.acm "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.yuy2"=msyuv.dll "vidc.i420"=iyuv_32.dll "vidc.cvid"=iccvid.dll "vidc.yvyu"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "wavemapper"=msacm32.drv "midimapper"=midimap.dll "vidc.uyvy"=msyuv.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "vidc.VP60"=C:\Windows\system32\vp6vfw.dll "vidc.VP61"=C:\Windows\system32\vp6vfw.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-07-01 21:14:17 ----D---- C:\Program Files\trend micro 2014-07-01 21:14:16 ----D---- C:\rsit 2014-07-01 14:58:21 ----D---- C:\ProgramData\NetoCoupon 2014-06-30 17:48:14 ----D---- C:\Program Files\Microsoft 2014-06-30 17:47:55 ----D---- C:\Users\Leo\AppData\Roaming\HpUpdate 2014-06-30 17:47:49 ----N---- C:\Windows\system32\HPDiscoPM5D12.dll 2014-06-30 17:47:31 ----D---- C:\ProgramData\HP 2014-06-30 17:47:30 ----D---- C:\Program Files\HP 2014-06-30 17:47:27 ----A---- C:\ProgramData\Ament.ini 2014-06-24 04:22:56 ----D---- C:\ProgramData\EnjoyaCouipon 2014-06-20 20:46:25 ----A---- C:\Windows\system32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}w.sys 2014-06-17 21:10:14 ----D---- C:\Program Files\CCleaner 2014-06-17 14:55:11 ----D---- C:\Program Files\AnyProtectEx 2014-06-17 14:49:30 ----D---- C:\Program Files\BlockAndSurfS 2014-06-17 14:49:24 ----A---- C:\Windows\system32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw.sys 2014-06-17 13:44:36 ----D---- C:\Program Files\Norpalla 2014-06-17 13:44:18 ----D---- C:\Users\Leo\AppData\Roaming\SupTab 2014-06-17 13:44:16 ----D---- C:\ProgramData\WindowsProtectManger 2014-06-17 13:44:16 ----D---- C:\ProgramData\IePluginServices 2014-06-17 13:44:16 ----D---- C:\Program Files\SupTab 2014-06-17 13:44:05 ----D---- C:\Users\Leo\AppData\Roaming\omiga-plus 2014-06-17 13:44:03 ----D---- C:\Users\Leo\AppData\Roaming\VOPackage 2014-06-17 13:43:53 ----D---- C:\Program Files\Supporter 2014-06-17 13:43:46 ----D---- C:\ProgramData\CostMin 2014-06-17 13:43:46 ----D---- C:\ProgramData\11fe017ace6a7a84 2014-06-17 13:43:43 ----D---- C:\Program Files\CostMin 2014-06-15 20:56:19 ----A---- C:\Windows\system32\LMRTREND.dll 2014-06-15 20:56:19 ----A---- C:\Windows\system32\LMRT.dll 2014-06-15 20:56:18 ----A---- C:\Windows\system32\strmdll.dll 2014-06-15 20:56:18 ----A---- C:\Windows\system32\dxtmsft3.dll 2014-06-15 20:56:17 ----A---- C:\Windows\system32\unam4ie.exe 2014-06-15 20:56:16 ----A---- C:\Windows\system32\vidx16.dll 2014-06-15 20:56:16 ----A---- C:\Windows\system32\qcut.dll 2014-06-15 20:56:16 ----A---- C:\Windows\system32\danim.dll 2014-06-15 20:56:15 ----A---- C:\Windows\system32\w95inf32.dll 2014-06-15 20:56:15 ----A---- C:\Windows\system32\w95inf16.dll 2014-06-15 20:56:09 ----A---- C:\trace.ini 2014-06-15 20:55:16 ----A---- C:\Windows\err.txt 2014-06-10 23:09:52 ----D---- C:\Windows\Minidump 2014-06-10 23:09:19 ----ASH---- C:\pagefile.sys 2014-06-10 21:02:25 ----SHD---- C:\found.000 2014-06-09 22:32:28 ----D---- C:\Program Files\Auralog 2014-06-04 12:51:49 ----D---- C:\ProgramData\Electronic Arts 2014-06-04 12:50:08 ----D---- C:\Program Files\Microsoft WSE 2014-06-04 12:36:34 ----HD---- C:\Program Files\InstallShield Installation Information 2014-06-04 12:36:34 ----D---- C:\Program Files\Electronic Arts ======List of files/folders modified in the last 1 month====== 2014-07-01 21:14:17 ----RD---- C:\Program Files 2014-07-01 20:00:00 ----D---- C:\Windows\system32\sru 2014-07-01 14:58:23 ----D---- C:\Windows\Prefetch 2014-07-01 14:58:21 ----HD---- C:\ProgramData 2014-07-01 12:24:59 ----RD---- C:\Windows\System32 2014-07-01 10:30:56 ----D---- C:\Windows\Temp 2014-06-30 18:03:38 ----SD---- C:\Users\Leo\AppData\Roaming\Microsoft 2014-06-30 17:59:06 ----D---- C:\Windows\system32\Tasks 2014-06-30 17:55:00 ----D---- C:\Windows\system32\Drivers 2014-06-30 17:55:00 ----D---- C:\Windows\inf 2014-06-30 17:49:01 ----SHD---- C:\Windows\Installer 2014-06-30 17:48:43 ----SD---- C:\ProgramData\Microsoft 2014-06-30 17:47:45 ----D---- C:\Windows\system32\catroot 2014-06-30 17:47:44 ----D---- C:\Windows\system32\DriverStore 2014-06-30 17:47:31 ----D---- C:\Windows\twain_32 2014-06-30 13:51:39 ----D---- C:\Windows\Microsoft.NET 2014-06-30 12:24:25 ----A---- C:\Windows\win.ini 2014-06-30 12:18:04 ----HD---- C:\Program Files\WindowsApps 2014-06-30 12:18:03 ----D---- C:\Windows\AUInstallAgent 2014-06-28 03:02:02 ----SHD---- C:\System Volume Information 2014-06-20 20:49:19 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-06-18 19:45:24 ----D---- C:\Windows 2014-06-18 13:30:50 ----D---- C:\ProgramData\systemk 2014-06-18 06:38:37 ----D---- C:\Windows\SoftwareDistribution 2014-06-17 21:30:28 ----D---- C:\Users\Leo\AppData\Roaming\DAEMON Tools Lite 2014-06-17 21:30:24 ----D---- C:\Users\Leo\AppData\Roaming\uTorrent 2014-06-17 21:30:10 ----D---- C:\Windows\Panther 2014-06-17 21:30:09 ----D---- C:\Windows\Logs 2014-06-17 21:30:09 ----D---- C:\Windows\debug 2014-06-17 15:12:50 ----D---- C:\Windows\Tasks 2014-06-17 14:49:24 ----RSD---- C:\Windows\assembly 2014-06-17 13:43:42 ----HD---- C:\Windows\system32\GroupPolicy 2014-06-17 13:43:41 ----D---- C:\Program Files\Google 2014-06-17 13:43:38 ----RD---- C:\Users 2014-06-15 20:56:19 ----D---- C:\Program Files\Windows Media Player 2014-06-15 20:56:18 ----D---- C:\Windows\Help 2014-06-13 10:34:23 ----D---- C:\ProgramData\CanonIJPLM 2014-06-11 13:47:30 ----D---- C:\Windows\system32\config 2014-06-10 23:00:56 ----D---- C:\Windows\system32\wbem 2014-06-10 23:00:56 ----D---- C:\Windows\registration 2014-06-10 23:00:54 ----D---- C:\Windows\WinSxS 2014-06-10 22:55:46 ----D---- C:\Windows\system32\LogFiles ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 dtsoftbus01;@oem17.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\Windows\System32\drivers\dtsoftbus01.sys [2014-04-25 243128] R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-10-08 170656] R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-10-08 121216] R1 F06DEFF2-5B9C-490D-910F-35D3A91196222;F06DEFF2-5B9C-490D-910F-35D3A91196222; \??\C:\Program Files\Settings Manager\systemk\systemkmgrc1.cfg [2014-05-18 31120] R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 104712] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2012-10-18 10837352] R3 RTL85n86;@net8185.inf,%Realtek.Service.DispName%;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat; C:\Windows\system32\DRIVERS\RTL85n86.sys [2012-06-02 311808] R3 StillCam;@sti.inf,%StillCam.SvcDesc%;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [2012-10-11 9216] R3 WUDFSensorLP;@locationprovider.inf,%WudfLocationProviderDisplayName%;UMDF-reflectorservice voor LocationProvider; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136] R3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136] R3 WUDFWpdMtp;WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136] R3 yukonw8;@netmyk32.inf,%yk63x86.DriverDesc%;NDIS6.3 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk63x86.sys [2012-07-25 238080] S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2013-03-02 40448] S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 93696] S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2013-03-02 990208] S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2013-01-09 56320] S3 dg_ssudbus;@oem15.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-08-20 84248] S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-02 123904] S3 ssudmdm;@oem16.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-08-20 182680] S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Stuurprogramma voor USB-scanner; C:\Windows\System32\drivers\usbscan.sys [2013-07-01 36864] S3 WinUsb;@oem12.inf,%WinUSB_SvcDesc%;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2012-07-26 46592] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 40030ae4;Supporter; c:\progra~1\suppor~1\SupporterSvc.dll [2014-06-17 179536] R2 BlockAndSurf;BlockAndSurf; C:\Program Files\BlockAndSurfS\BlockAndSurfbx174.exe [2014-06-17 179712] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376] R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-11-26 1329304] R2 IePluginServices;IePlugin Services; C:\ProgramData\IePluginServices\PluginService.exe [2014-05-08 704112] R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2011-02-07 138192] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 645992] R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-18 1258856] R2 Update Norpalla;Update Norpalla; C:\Program Files\Norpalla\updateNorpalla.exe [2014-06-30 318752] R2 Util Norpalla;Util Norpalla; C:\Program Files\Norpalla\bin\utilNorpalla.exe [2014-06-30 318752] R2 vosr;Service Component of VO; C:\Users\Leo\AppData\Roaming\VOPackage\VOsrv.exe [2014-06-17 55808] R2 WindowsProtectManger;WindowsProtectManger Service; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [2014-06-12 591776] R3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe [2012-01-25 240408] R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.355.0\BBSvc.exe [2012-01-25 192792] S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe /svc [] S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2012-07-06 43616] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc [] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-05-02 194032] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] -----------------EOF-----------------