Logfile of random's system information tool 1.10 (written by random/random)
Run by Meesters at 2014-07-13 17:05:45
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 599 GB (64%) free of 937 GB
Total RAM: 4095 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:05:53, on 13-7-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Users\Meesters\AppData\Roaming\MSDCSC\msdcsc.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Users\Meesters\AppData\Roaming\MSDCSC\msdcsc.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Meesters.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MicroUpdate] C:\Users\Meesters\AppData\Roaming\MSDCSC\msdcsc.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: vseamps - Commtouch, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Commtouch, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Commtouch, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 7392 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
taskeng.exe {85E52021-2124-4B42-A492-07EAECE4E276}
"C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
KHALMNPR.EXE /API
"C:\Users\Meesters\AppData\Roaming\MSDCSC\msdcsc.exe"
"C:\Program Files\Logitech\SetPointG\SetPointII.exe"
"C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" /FORCE
"C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" /logon
"C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe"
"C:\Users\Meesters\AppData\Roaming\MSDCSC\msdcsc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
notepad
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe"
"C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-be852b39-8710-4e57-83c7-89694cfc045c -SystemEventPortName:HostProcess-29d6fe74-bf2b-4377-8074-941b7e6eaf9b -IoCancelEventPortName:HostProcess-ecc21d37-66d0-4ade-914f-5e3981ce73e0 -NonStateChangingEventPortName:HostProcess-466d0902-0447-4bb6-87d0-575ecd5ab9d2 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4b53b50c-7172-4aca-b52e-ee89c9e5d8e4 -DeviceGroupId:WpdFsGroup
C:\Windows\splwow64.exe 8192
"C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1400.0.855061079\1082566612" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --gpu-vendor-id=0x1002 --gpu-device-id=0x68b8 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.251.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_15/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="1400.2.668257002\567889896" /prefetch:673131151
"C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="1400.3.915042231\427521617" --ppapi-flash-args --lang=nl --ignored=" --type=renderer " /prefetch:-632637702
"C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_15/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="1400.4.784467624\1201155598" /prefetch:673131151
"C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_15/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="1400.5.308871888\763254061" /prefetch:673131151
"C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_15/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="1400.6.1675135255\1131211578" /prefetch:673131151
"C:\Users\Meesters\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=BrowserPreReadExperiment/100-pct-default/DeferBackgroundExtensionCreation/RateLimited/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_15/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="1400.7.333938323\243945204" /prefetch:673131151
"C:\Users\Meesters\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Digital Sites.job - C:\Users\Meesters\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE /Check
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2930457502-4171832609-1148051504-1000Core.job - C:\Users\Meesters\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2930457502-4171832609-1148051504-1000UA.job - C:\Users\Meesters\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ae07101b-46d4-4a98-af68-0333ea26e113}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{ae07101b-46d4-4a98-af68-0333ea26e113}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-06-24 1744152]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
"MicroUpdate"=C:\Users\Meesters\AppData\Roaming\MSDCSC\msdcsc.exe [2014-04-14 290313379]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-12-06 766208]
"IJNetworkScannerSelectorEX"=C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2012-03-26 449168]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2014-03-25 1284680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-06-17 68376]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AMP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AMPSE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BITS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventSystem]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ioloSystemService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vseamps]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsedsps]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vseqrts]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1
======List of files/folders created in the last 1 month======
2014-07-13 17:05:46 ----D---- C:\Program Files\trend micro
2014-07-13 17:05:45 ----D---- C:\rsit
2014-07-10 15:40:48 ----D---- C:\Users\Meesters\AppData\Roaming\dclogs
2014-07-10 15:40:18 ----D---- C:\Users\Meesters\AppData\Roaming\MSDCSC
2014-07-09 20:00:16 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-07-09 20:00:16 ----A---- C:\Windows\system32\qedit.dll
2014-07-09 20:00:15 ----A---- C:\Windows\SYSWOW64\osk.exe
2014-07-09 20:00:15 ----A---- C:\Windows\system32\win32k.sys
2014-07-09 20:00:15 ----A---- C:\Windows\system32\osk.exe
2014-07-09 20:00:12 ----A---- C:\Windows\system32\drivers\afd.sys
2014-07-09 20:00:08 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-07-09 20:00:08 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-07-09 20:00:08 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-07-09 20:00:08 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-07-09 20:00:08 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-07-09 20:00:08 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-07-09 20:00:08 ----A---- C:\Windows\system32\jscript9.dll
2014-07-09 20:00:08 ----A---- C:\Windows\system32\dxtrans.dll
2014-07-09 20:00:07 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-07-09 20:00:07 ----A---- C:\Windows\system32\wininet.dll
2014-07-09 20:00:07 ----A---- C:\Windows\system32\jsproxy.dll
2014-07-09 20:00:06 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-07-09 20:00:06 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-07-09 20:00:04 ----A---- C:\Windows\system32\vbscript.dll
2014-07-09 20:00:04 ----A---- C:\Windows\system32\mshtmled.dll
2014-07-09 20:00:04 ----A---- C:\Windows\system32\ieui.dll
2014-07-09 20:00:04 ----A---- C:\Windows\system32\dxtmsft.dll
2014-07-09 20:00:03 ----A---- C:\Windows\system32\mshtml.dll
2014-07-09 20:00:03 ----A---- C:\Windows\system32\jscript.dll
2014-07-09 20:00:02 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-07-09 20:00:02 ----A---- C:\Windows\SYSWOW64\mshta.exe
2014-07-09 20:00:02 ----A---- C:\Windows\system32\mshta.exe
2014-07-09 20:00:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-07-09 20:00:02 ----A---- C:\Windows\system32\ieUnatt.exe
2014-07-09 20:00:01 ----A---- C:\Windows\SYSWOW64\url.dll
2014-07-09 20:00:01 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2014-07-09 20:00:01 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-07-09 20:00:01 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-07-09 20:00:01 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-07-09 20:00:01 ----A---- C:\Windows\system32\urlmon.dll
2014-07-09 20:00:01 ----A---- C:\Windows\system32\url.dll
2014-07-09 20:00:01 ----A---- C:\Windows\system32\msfeeds.dll
2014-07-09 20:00:01 ----A---- C:\Windows\system32\iertutil.dll
2014-07-09 20:00:00 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-07-09 20:00:00 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-07-09 20:00:00 ----A---- C:\Windows\system32\ieframe.dll
2014-07-09 19:59:59 ----A---- C:\Windows\system32\msfeedssync.exe
2014-07-09 19:59:58 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2014-07-09 19:59:46 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-07-09 19:59:46 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-07-09 19:59:46 ----A---- C:\Windows\system32\lsasrv.dll
2014-07-06 18:05:36 ----HD---- C:\ProgramData\CanonIJScan
2014-07-06 18:05:34 ----D---- C:\Users\Meesters\AppData\Roaming\Canon
2014-07-06 11:00:35 ----HD---- C:\ProgramData\CanonIJEGV
2014-07-06 10:57:42 ----D---- C:\ProgramData\Canon IJ Network Tool
2014-07-06 10:57:18 ----A---- C:\Windows\SYSWOW64\CNHMCA.dll
2014-07-06 10:57:16 ----A---- C:\Windows\SYSWOW64\CNC_B9U.dll
2014-07-06 10:57:16 ----A---- C:\Windows\SYSWOW64\CNC_B9L.dll
2014-07-06 10:56:12 ----D---- C:\Program Files\Common Files\CANON
2014-07-06 10:56:03 ----D---- C:\ProgramData\CanonIJWSpt
2014-07-06 10:55:38 ----D---- C:\Program Files\Canon
2014-07-06 10:53:36 ----A---- C:\Windows\system32\CNMLMB9.DLL
2014-07-06 10:53:07 ----D---- C:\Windows\system32\STRING
2014-07-06 10:53:07 ----A---- C:\Windows\system32\CNMN6UI.DLL
2014-07-06 10:53:07 ----A---- C:\Windows\system32\CNMN6PPM.DLL
======List of files/folders modified in the last 1 month======
2014-07-13 17:05:53 ----D---- C:\Windows\Prefetch
2014-07-13 17:05:50 ----D---- C:\Windows\Temp
2014-07-13 17:05:46 ----RD---- C:\Program Files
2014-07-13 13:53:56 ----A---- C:\Windows\SYSWOW64\iolo.ini.txt
2014-07-13 13:53:56 ----A---- C:\Windows\SYSWOW64\iolo.ini
2014-07-13 13:53:56 ----A---- C:\Windows\system32\iolo.ini
2014-07-13 13:51:44 ----D---- C:\Windows\system32\config
2014-07-13 11:16:03 ----D---- C:\Windows
2014-07-13 11:14:30 ----D---- C:\Users\Meesters\AppData\Roaming\DAEMON Tools Lite
2014-07-13 11:14:17 ----D---- C:\Windows\inf
2014-07-13 11:14:17 ----D---- C:\Windows\debug
2014-07-13 11:03:14 ----HD---- C:\ProgramData
2014-07-13 10:35:41 ----SHD---- C:\Windows\Installer
2014-07-13 10:35:41 ----SHD---- C:\Config.Msi
2014-07-13 10:35:35 ----RD---- C:\Program Files (x86)
2014-07-13 10:34:39 ----SHD---- C:\System Volume Information
2014-07-13 10:31:12 ----D---- C:\ProgramData\Nero
2014-07-13 10:30:55 ----D---- C:\Windows\system32\Tasks
2014-07-10 21:08:26 ----D---- C:\Windows\winsxs
2014-07-10 21:08:23 ----D---- C:\Windows\SysWOW64
2014-07-10 21:06:52 ----D---- C:\Windows\rescache
2014-07-10 16:30:36 ----D---- C:\Users\Meesters\AppData\Roaming\Nero
2014-07-10 16:28:27 ----D---- C:\Windows\system32\catroot2
2014-07-10 16:02:34 ----D---- C:\Windows\Cursors
2014-07-10 15:48:17 ----D---- C:\Program Files (x86)\MSXML 4.0
2014-07-10 15:30:30 ----D---- C:\Program Files (x86)\Common Files
2014-07-09 21:48:00 ----D---- C:\Program Files (x86)\Internet Explorer
2014-07-09 21:47:58 ----D---- C:\Windows\SYSWOW64\migration
2014-07-09 21:47:57 ----D---- C:\Windows\system32\migration
2014-07-09 21:47:57 ----D---- C:\Windows\System32
2014-07-09 21:47:56 ----D---- C:\Program Files\Internet Explorer
2014-07-09 21:47:55 ----D---- C:\Program Files\Windows Journal
2014-07-09 21:47:50 ----D---- C:\Windows\ehome
2014-07-09 21:47:49 ----D---- C:\Windows\system32\drivers
2014-07-09 21:42:21 ----D---- C:\Windows\system32\MRT
2014-07-09 21:42:20 ----A---- C:\Windows\system32\MRT.exe
2014-07-09 21:42:11 ----D---- C:\ProgramData\Microsoft Help
2014-07-09 19:59:24 ----D---- C:\Windows\system32\catroot
2014-07-08 13:56:12 ----SD---- C:\Users\Meesters\AppData\Roaming\Microsoft
2014-07-06 11:00:33 ----D---- C:\Program Files (x86)\Canon
2014-07-06 10:57:18 ----RSD---- C:\Windows\Media
2014-07-06 10:57:08 ----D---- C:\Windows\twain_32
2014-07-06 10:56:12 ----D---- C:\Program Files\Common Files
2014-07-06 10:54:14 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2014-07-06 10:54:12 ----D---- C:\Windows\system32\DriverStore
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-03-11 564824]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-18 283200]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [2008-12-09 23464]
R2 AMP;Active Malware Protection Minifilter Driver; \??\C:\Windows\system32\Drivers\amp.sys [2012-08-24 173408]
R2 AMPSE;Active Malware Protection Support Driver; \??\C:\Windows\system32\Drivers\ampse.sys [2012-08-24 1504608]
R2 PDFsFilter;PDFsFilter; C:\Windows\system32\DRIVERS\PDFsFilter.sys [2014-04-07 82160]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-12-06 13207552]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-12-06 626176]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-09-24 94208]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-04-30 66840]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-04-30 60184]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-02-18 901848]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2010-01-11 1290752]
S3 az2wsrdg;az2wsrdg; C:\Windows\system32\drivers\az2wsrdg.sys []
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS [2010-09-27 35840]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2011-04-26 353000]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-12-06 239616]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ioloSystemService;iolo System Service; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-04-30 4492776]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-04-22 76888]
R2 vseamps;vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2012-08-24 121696]
R2 vsedsps;vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2012-08-24 119136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-06-17 359192]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-02-25 568512]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 vseqrts;vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2012-08-24 181600]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-30 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-09 51648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]
-----------------EOF-----------------
