AVG blocks Dead Space 2.exe because of a Win32/heur virus

Solved
By jmvanluijk
Mar 13, 2011
Topic Status:
Not open for further replies.
  1. Hey there,

    I have been away on vacation for a week and turn on my computer. First thing I do is run updates for my AVG and windows. Then I put some photo's from my vacation from my SD-card onto my pc and shortly after I pulled the SD card out, I get a warning that AVG detected a Win32/Heur virus in my DeadSpace2.exe (game is legit).

    I read on the forum about false positive warnings, but even after updating my AVG and rebooting a couple of times AVG keeps sending off warnings.

    I ran the scans as described in the "updated 8-step" post and got the following results:

    The GMER log was completely blank, so nothing to post from that log. The other logs are posted below

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6046

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    14-3-2011 0:50:54
    mbam-log-2011-03-14 (00-50-54).txt

    Scan type: Quick scan
    Objects scanned: 166431
    Time elapsed: 2 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)





    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Mr. van Luijk at 1:26:24,09 on ma 14-03-2011
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.8183.6298 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    D:\Steam\Steam.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
    C:\Program Files (x86)\Razer\Lachesis\OSD.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Razer\Lachesis\razertra.exe
    C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Windows\SysWOW64\svchost.exe -k HPHNDUService
    C:\Users\Mr. van Luijk\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [Steam] "D:\Steam\Steam.exe" -silent
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\MRE29A~1.VAN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\MRE29A~1.VAN\AppData\Roaming\Mozilla\Firefox\Profiles\we5364l0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl&source=iglk
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\np32asw.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Mr. van Luijk\AppData\Roaming\Mozilla\Firefox\Profiles\we5364l0.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
    FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
    FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
    FF - Ext: Woordenboek Nederlands: nl-NL@dictionaries.addons.mozilla.org - %profile%\extensions\nl-NL@dictionaries.addons.mozilla.org
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
    R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2011-1-6 23080]
    R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-7-1 293416]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 HPHNDUSVC;HP Home Network Diagnostic Support Service;C:\Windows\system32\svchost.exe -k HPHNDUService [2009-7-14 27136]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
    R3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-1-18 155752]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-6 344680]
    R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2011-1-8 29952]
    S0 acs6nts;acs6nts;C:\Windows\System32\drivers\acs6nts.sys [2010-6-1 29744]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
    S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-18 136176]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2011-1-11 25832]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-7 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-13 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-8 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-03-13 23:48:13 -------- d-----w- C:\Users\MRE29A~1.VAN\AppData\Roaming\Malwarebytes
    2011-03-13 23:48:09 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-13 23:48:09 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-13 23:48:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-13 23:48:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-13 22:05:43 -------- d-----w- C:\Windows\System32\SPReview
    2011-03-13 22:05:06 -------- d-----w- C:\Windows\System32\EventProviders
    2011-03-13 22:03:59 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
    2011-03-13 22:02:58 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
    2011-03-13 22:02:57 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
    2011-03-13 22:01:52 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2011-03-13 22:01:52 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2011-03-13 22:01:52 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
    2011-03-13 22:01:51 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
    2011-03-13 22:01:51 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
    2011-03-13 22:01:49 422912 ----a-w- C:\Windows\System32\drvstore.dll
    2011-03-13 22:01:49 399872 ----a-w- C:\Windows\System32\dpx.dll
    2011-02-23 11:44:45 -------- d-----w- C:\Windows\SysWow64\spool
    2011-02-23 11:44:01 -------- d-----w- C:\Program Files (x86)\Common Files\HP
    2011-02-23 10:49:48 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-02-23 10:49:48 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-02-23 10:49:48 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-02-23 10:49:48 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-02-23 10:49:46 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2011-02-23 10:49:46 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2011-02-23 10:49:46 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2011-02-23 10:49:46 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2011-02-16 10:35:02 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2011-02-16 10:35:02 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2011-02-16 10:34:58 3129344 ----a-w- C:\Windows\System32\win32k.sys
    2011-02-16 10:34:57 612864 ----a-w- C:\Windows\System32\vbscript.dll
    2011-02-16 10:34:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-02-16 10:34:56 214016 ----a-w- C:\Windows\System32\winsrv.dll
    2011-02-16 10:34:13 366592 ----a-w- C:\Windows\System32\atmfd.dll
    2011-02-16 10:34:13 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-02-16 10:34:12 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
    2011-02-16 10:34:12 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-02-16 10:34:12 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-02-16 10:34:12 100864 ----a-w- C:\Windows\System32\fontsub.dll
    .
    ==================== Find3M ====================
    .
    2011-03-13 22:08:22 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-03-13 22:08:22 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-01-12 14:28:26 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
    2011-01-10 20:08:51 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-01-07 19:50:14 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
    2011-01-07 19:50:08 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
    2011-01-07 19:49:50 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
    2011-01-07 19:49:28 117864 ----a-w- C:\Windows\System32\nvmctray.dll
    2011-01-07 19:49:26 2558568 ----a-w- C:\Windows\System32\nvsvcr.dll
    2011-01-07 19:49:26 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
    2010-12-23 10:42:53 1118720 ----a-w- C:\Windows\System32\sbe.dll
    2010-12-23 10:42:51 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-12-23 10:42:51 723968 ----a-w- C:\Windows\System32\EncDec.dll
    2010-12-23 10:36:02 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-12-23 05:54:18 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
    2010-12-23 05:54:17 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-12-23 05:54:17 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2010-12-23 05:50:23 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    .
    ============= FINISH: 1:26:36,73 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6-1-2011 12:49:38
    System Uptime: 14-3-2011 0:42:51 (1 hours ago)
    .
    Motherboard: MSI | | P55-GD65 (MS-7585)
    Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz | CPU1 | 2934/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 278 GiB total, 225,185 GiB free.
    D: is FIXED (NTFS) - 653 GiB total, 552,549 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Officejet Pro 8500 A909g
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Officejet Pro 8500 A909g
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet Pro 8500 A909g
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet Pro 8500 A909g
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e97b-e325-11ce-bfc1-08002be10318}
    Description: ACS-6xxxx
    Device ID: PCI\VEN_10B5&DEV_8608&SUBSYS_860810B5&REV_BA\4&2F7627D0&0&00E4
    Manufacturer: Accusys Inc.
    Name: ACS-6xxxx
    PNP Device ID: PCI\VEN_10B5&DEV_8608&SUBSYS_860810B5&REV_BA\4&2F7627D0&0&00E4
    Service: acs6nts
    .
    ==== System Restore Points ===================
    .
    RP60: 13-3-2011 23:05:27 - Windows 7 Service Pack 1
    .
    ==== Installed Programs ======================
    .
    8500A909_eDocs
    8500A909_Help
    8500A909g
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1) - Nederlands
    Advertising Center
    Alien Swarm
    Apple Application Support
    Apple Software Update
    µTorrent
    BPD_DSWizards
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    CameraHelperMsi
    Combined Community Codec Pack 2010-10-10
    Company of Heroes
    Crysis
    Crysis Warhead
    Crysis Wars
    D3DX10
    Dead Space™ 2
    Destinations
    DeviceDiscovery
    DocMgr
    DocProc
    DolbyFiles
    Dragon Age: Origins
    Dropbox
    erLT
    Fax
    GameSpy Comrade
    Google Earth Plug-in
    Google Update Helper
    GPBaseService2
    Heroes of Newerth
    HP Product Detection
    HP Update
    HPProductAssistant
    HPSSupply
    ImagXpress
    Java Auto Updater
    Java(TM) 6 Update 23
    JMicron JMB36X Driver
    Junk Mail filter update
    Left 4 Dead
    Logitech Vid HD
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes' Anti-Malware
    MarketResearch
    marvell 91xx driver
    Mesh Runtime
    Messenger Companion
    Metro 2033
    Microsoft .NET Framework 1.1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (Dutch) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (Dutch) 2007
    Microsoft Office PowerPoint MUI (Dutch) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proofing (Dutch) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (Dutch) 2007
    Microsoft Office Word MUI (Dutch) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.13)
    MPM
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9 Essentials
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero PhotoSnap
    Nero PhotoSnap Help
    Nero Recode
    Nero Recode Help
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero StartSmart OEM
    Nero Vision
    Nero Vision Help
    NeroExpress
    neroxml
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    ProductContext
    QuickTime
    Razer Lachesis
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype™ 5.1
    SmartWebPrinting
    SolutionCenter
    Spotify
    StarCraft II
    Status
    Steam
    Toolbox
    TrayApp
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update voor Microsoft Office Excel 2007 Help (KB963678)
    Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
    Update voor Microsoft Office Word 2007 Help (KB963665)
    Visual Studio 2008 x64 Redistributables
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    World of Goo
    .
    ==== Event Viewer Messages From Past Week ========
    .
    14-3-2011 0:43:54, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: acs6nts
    14-3-2011 0:42:55, Error: acs6nts [11] - The driver detected a controller error on \Device\RaidPort0.
    .
    ==== End Of File ===========================

    Above are the 4 logs asked about, as written, the gmer.log file is completely blank and the program gave the pop up that no alterations in the system were detected.

    Thank you for your time!
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot!

    Yes, AVG gave us all quite a run with that bad update! But this isn't being done by AVG. After reading 'fixes' on several game forums, it appears that the culprits are either NOD32 or Spyware Doctor causing problems for some users. If you have these, try disabling to see if it runs.

    Let me know> I am checking the logs you left.

    Disabling either or both appears to allow the executable to run okay.
  3. jmvanluijk

    jmvanluijk Newcomer, in training Topic Starter

    Thank you for the welcome, I think I have had an older account some 3 years ago when I had some trouble with a nasty virus, but since I don't have much knowledge about this stuff... Here I am again!

    Thanks for the reply, but alas I don't have SpywareDoctor nor NOD32 installed. I ran those scans, and they all seem to be ok, but AVG keeps poppin up and putting my executable file in the virusvault. :'(

    By the way. If I remove the ds2.exe file from the virus vault and try to run it as administrator I get an error saying: "this file is not a valid Win32 file" And so DS2 will not boot.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Run these please:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ===================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  5. jmvanluijk

    jmvanluijk Newcomer, in training Topic Starter

    Ok, I ran the tests you asked me to, but had to uninstall AVG to run combofix. I installed avast after completing the scans since I read in some other posts that Broni, one of the other members and helpers advised that one over AVG.

    Here are the logs:

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=d5915e549c09884e9fdd91a7cfab2beb
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-03-15 08:36:18
    # local_time=2011-03-15 09:36:18 (+0100, W. Europe Standard Time)
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1032 16777213 100 87 83898 43469882 0 0
    # compatibility_mode=5893 16776574 100 94 125252 51805740 0 0
    # compatibility_mode=8192 67108863 100 0 3711 3711 0 0
    # scanned=199605
    # found=0
    # cleaned=0
    # scan_time=2288
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=d5915e549c09884e9fdd91a7cfab2beb
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-03-15 12:25:34
    # local_time=2011-03-15 01:25:34 (+0100, W. Europe Standard Time)
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1032 16777213 100 87 14243 43483605 0 0
    # compatibility_mode=5893 16776574 100 94 138975 51819463 0 0
    # compatibility_mode=8192 67108863 100 0 17434 17434 0 0
    # scanned=199717
    # found=0
    # cleaned=0
    # scan_time=2321





    ComboFix 11-03-14.07 - Mr. van Luijk 15-03-2011 13:55:08.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.8183.6661 [GMT 1:00]
    Gestart vanuit: c:\users\Mr. van Luijk\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-02-15 to 2011-03-15 ))))))))))))))))))))))))))))))
    .
    .
    2011-03-15 12:58 . 2011-03-15 12:58 -------- d-----w- c:\users\MRE29A~1~VAN\AppData\Local\temp
    2011-03-15 12:58 . 2011-03-15 12:58 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-15 07:56 . 2011-03-15 07:56 -------- d-----w- c:\program files (x86)\ESET
    2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\users\Mr. van Luijk\AppData\Roaming\Malwarebytes
    2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-13 23:48 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-13 23:48 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-13 22:05 . 2011-03-13 22:05 -------- d-----w- c:\windows\system32\SPReview
    2011-03-13 22:05 . 2011-03-13 22:05 -------- d-----w- c:\windows\system32\EventProviders
    2011-03-13 22:03 . 2010-11-20 13:27 1110016 ----a-w- c:\windows\system32\schedsvc.dll
    2011-03-13 22:02 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
    2011-03-13 22:02 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
    2011-03-13 22:01 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-03-13 22:01 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2011-03-13 22:01 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2011-03-13 22:01 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
    2011-03-13 22:01 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
    2011-03-13 22:01 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
    2011-03-13 22:01 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
    2011-02-23 11:45 . 2011-02-23 11:45 -------- d-----w- c:\programdata\HP Product Assistant
    2011-02-23 11:44 . 2011-02-23 11:44 -------- d-----w- c:\windows\SysWow64\spool
    2011-02-23 11:44 . 2011-02-23 11:44 -------- d-----w- c:\program files (x86)\Common Files\HP
    2011-02-23 10:49 . 2011-01-07 12:17 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-23 10:49 . 2011-01-07 12:17 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-02-23 10:49 . 2011-01-07 07:46 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-02-23 10:49 . 2011-01-07 07:46 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-02-23 10:49 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-02-23 10:49 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2011-02-23 10:49 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-02-23 10:49 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2011-02-16 10:35 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll
    2011-02-16 10:35 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
    2011-02-16 10:34 . 2011-01-05 06:56 3129344 ----a-w- c:\windows\system32\win32k.sys
    2011-02-16 10:34 . 2011-01-05 10:34 612864 ----a-w- c:\windows\system32\vbscript.dll
    2011-02-16 10:34 . 2011-01-05 05:55 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-02-16 10:34 . 2010-12-17 11:42 214016 ----a-w- c:\windows\system32\winsrv.dll
    2011-02-16 10:34 . 2011-01-07 09:20 366592 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-16 10:34 . 2011-01-07 05:43 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2011-02-16 10:34 . 2011-01-07 12:14 46080 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-16 10:34 . 2011-01-07 07:45 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-02-16 10:34 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
    2011-02-16 10:34 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
    2011-02-14 16:22 . 2011-02-14 16:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-13 22:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-13 22:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-01-12 14:28 . 2011-01-12 14:28 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2011-01-10 20:08 . 2011-01-10 20:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-01-10 11:26 . 2011-01-10 11:26 53248 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\URLShortcut_French_B2DF3553895D431AB898FB0282944C9C.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\URLShortcut_Chines_CFF6DF6B00EE45B8B465C664E9FAB224.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut9_0FAD206E1F464F8E8BE69FCCE55FAFA6.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut5_E01CD6F3A0E142BF9B4985380CD4D26F.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut30_BB32F6C7D22042C19D3FF156495B8A12.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut3_055A98894B264E2EAF6EC38AD18728B6.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut29_CDEE2EF4C1AB4C2D8DD490B5C5DAF025.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut28_3C855621488B49628651DA4E89827E7D.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut27_3CD2C90DBE6A48E49BB0B40D5A9250EA.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut26_2674B6C359FC470E8B12F9A0DA6FB7AA.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut25_5D0DAECEA51C4DF485593AA3DA32F6C5.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut20_43CC5C1D8FFE458284228F0371A1345F.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut2_68D1FC9F32664D42816C073FF0A6B2E0.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut19_C15366935BE349BBA724FED9EF4B3C65.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut18_489002970B524AE1AE40C981FD7FE347.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut17_E5109E6678F84DB8B8B29E3164157467.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut14_11F09D42B7404B0F99FC528BBF68F743.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut12_A838C323FB8248159EBAED29849D2C8B.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut11_36378CC6ECF34AA1BF5A6C1C697C27C9.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut10_B8178294B07C454AAD6BF2382E51712E.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut1_67E0F1E5AB8E49B5AA3AAE20EB50D182.exe
    2011-01-08 03:27 . 2011-01-18 20:32 67176 ----a-w- c:\windows\system32\OpenCL.dll
    2011-01-08 03:27 . 2011-01-18 20:32 6604904 ----a-w- c:\windows\system32\nvcuda.dll
    2011-01-08 03:27 . 2011-01-18 20:32 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-01-08 03:27 . 2011-01-18 20:32 5653096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-01-08 03:27 . 2011-01-18 20:32 4941928 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-01-08 03:27 . 2011-01-18 20:32 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-01-08 03:27 . 2011-01-18 20:32 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-01-08 03:27 . 2011-01-18 20:32 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-01-08 03:27 . 2011-01-18 20:32 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-01-08 03:27 . 2011-01-18 20:32 20471912 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-01-08 03:27 . 2011-01-18 20:32 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
    2011-01-08 03:27 . 2011-01-18 20:32 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-01-08 03:27 . 2011-01-18 20:32 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
    2011-01-08 03:27 . 2011-01-18 20:32 12961640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-01-08 03:27 . 2011-01-18 20:32 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-01-08 03:27 . 2011-01-18 20:32 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-01-08 03:27 . 2011-01-18 20:32 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-01-08 03:27 . 2010-07-09 22:38 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-01-08 03:27 . 2010-07-09 22:38 2200680 ----a-w- c:\windows\system32\nvapi64.dll
    2011-01-08 03:27 . 2010-07-09 22:38 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-01-08 03:27 . 2010-07-09 22:38 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-01-07 19:50 . 2011-01-07 19:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2011-01-07 19:50 . 2011-01-07 19:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-07 19:49 . 2011-01-07 19:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-01-07 19:49 . 2011-01-07 19:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-07 19:49 . 2011-01-07 19:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-01-07 19:49 . 2011-01-07 19:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
    @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
    [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
    2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
    "Steam"="d:\steam\Steam.exe" [2011-01-10 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    .
    c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"
    .
    R0 acs6nts;acs6nts;c:\windows\system32\DRIVERS\acs6nts.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 136176]
    R2 HPHNDUSVC;HP Home Network Diagnostic Support Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [x]
    R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [x]
    R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [x]
    R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [x]
    R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [x]
    R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [x]
    R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [x]
    R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [x]
    R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [x]
    R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [x]
    R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
    R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [x]
    R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [x]
    R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [x]
    R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [x]
    R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [x]
    R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [x]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2011-01-10 25832]
    R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [x]
    R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [x]
    R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [x]
    R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [x]
    R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [x]
    R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [x]
    R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [x]
    R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [x]
    R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [x]
    R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [x]
    R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [x]
    R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [x]
    R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [x]
    R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [x]
    R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [x]
    R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [x]
    R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [x]
    R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [x]
    R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 MsRPC;MsRPC; [x]
    R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [x]
    R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [x]
    R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [x]
    R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [x]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [x]
    R3 PerfHost;Performance Counter DLL Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992]
    R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [x]
    R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [x]
    R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [x]
    R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [x]
    R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [x]
    R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [x]
    R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [x]
    R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [x]
    R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [x]
    R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
    R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [x]
    R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [x]
    R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [x]
    R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [x]
    R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [x]
    R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [x]
    R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [x]
    R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [x]
    R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [x]
    R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
    R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
    R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [x]
    S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [x]
    S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [x]
    S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [x]
    S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [x]
    S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [x]
    S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [x]
    S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [x]
    S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
    S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [x]
    S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [x]
    S0 spldr;Security Processor Loader Driver; [x]
    S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [x]
    S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [x]
    S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [x]
    S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [x]
    S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [x]
    S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [x]
    S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [x]
    S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [x]
    S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [x]
    S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [x]
    S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [x]
    S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [x]
    S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [x]
    S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [x]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
    S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [x]
    S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
    S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [x]
    S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [x]
    S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [x]
    S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [x]
    S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [x]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
    S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [x]
    S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [x]
    S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [x]
    S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [x]
    S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [x]
    S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [x]
    S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [x]
    S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [x]
    S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
    S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
    DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
    wcssvc REG_MULTI_SZ WcsPlugInService
    HPHNDUService REG_MULTI_SZ HPHNDUSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    AeLookupSvc
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    AudioSrv
    FastUserSwitchingCompatibility
    Nla
    NWCWorkstation
    SRService
    Wmi
    WmdmPmSp
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    iphlpsvc
    msiscsi
    schedule
    SessionEnv
    winmgmt
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    sppuinotify
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
    BthHFSrv
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
    .
    2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
    @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
    [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
    2010-11-20 13:27 509952 ----a-w- c:\windows\System32\ntshrui.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    AeLookupSvc
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    IKEEXT
    AudioSrv
    FastUserSwitchingCompatibility
    Nla
    NWCWorkstation
    SRService
    Wmi
    WmdmPmSp
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    iphlpsvc
    seclogon
    AppInfo
    msiscsi
    MMCSS
    winmgmt
    SessionEnv
    browser
    EapHost
    schedule
    hkmsvc
    wercplsupport
    ProfSvc
    Themes
    BDESVC
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
    homegrouplistener
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    WdiServiceHost
    sppuinotify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
    lanmanworkstation
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
    BthHFSrv
    homegroupprovider
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Mr. van Luijk\AppData\Roaming\Mozilla\Firefox\Profiles\we5364l0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl&source=iglk
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
    FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
    FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
    FF - Ext: Woordenboek Nederlands: nl-NL@dictionaries.addons.mozilla.org - %profile%\extensions\nl-NL@dictionaries.addons.mozilla.org
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    SafeBoot-sacsvr
    SafeBoot-vmms
    .
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:34,d0,66,90,29,e9,46,a9,b7,60,25,fe,bc,c5,5d,cb,5c,a3,b8,62,ed,6a,22,
    a9,d5,d8,ff,d9,c5,16,f0,bb,74,78,30,1b,b6,f8,7c,fd,af,a5,c6,f1,e0,8b,87,de,\
    "??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    "datasecu"=hex:38,3a,20,4d,eb,b4,8f,91,d1,ec,74,83,09,f3,d9,0a,a1,9d,3c,b3,90,
    2a,66,cd,b7,1c,33,89,3d,07,6c,ac,08,8e,e2,e0,38,dc,eb,6d,01,9e,36,43,2d,78,\
    "rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2011-03-15 13:59:15
    ComboFix-quarantined-files.txt 2011-03-15 12:59
    .
    Pre-Run: 240.105.656.320 bytes free
    Post-Run: 239.744.053.248 bytes free
    .
    - - End Of File - - 5FA276038C6DBF9D259FDF1BB5E2DFB8
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I am not sure what has been done with NetServices in the Registry. There is a long list of Services, but nothing following the Service name. Normally, following the name is the status code. On yours, there is nothing. In fact, most of the Registry settings don't resemble a 'normal' log.

    There are also multiple Drivers and Services indicating stopped and not used. In fact, there are 126 of them! Clearly this is not a normal system

    Allow me to ask if this is a legitimate Windows 7 operating system.
  7. jmvanluijk

    jmvanluijk Newcomer, in training Topic Starter

    Yes it is a legitimate windows 7 system. Have the legit key and registered with Microsoft.

    Did not installed it myself, but let it do at a local PC shop though.

    Well I'm pretty curious what's wrong with my system apart from being infected or not with a win32/heur virus... If you can see if it's clean I would be glad. If you've any other advise concerning my (apparently) weird registry I would be glad too.
    Would a registry cleaning program do the trick (like tune up utilities) or should I completely reinstall my pc?
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I realize it's an inconvenience, but I'd like you to uninstall the Combofix you have now, reinstall again from the website and run a new scan. We've noticed that Services may not be scanning correctly- we don't know at this point whether there is a glitch with the AMD processors and Combofix.

    No, please don't use a Registry cleaning program! We don't even recommend this type of program.

    Have you purposely reconfigured the registry or system to handle apps any different that usual? I ask because, in addition to the unusual Service settings, I am seeing over 30 of the following:

    The top 2 lines of the following are the same and all have same date of 1/8/2011:
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming
    but the\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}

    But they are followed by this:
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut9_0FAD206E1F464F8E8BE69FCCE55FAFA6.exe
    These 'new shortcuts' are numbered 1-30, not in numerical order, all the same 1/8/2011 date and I can't identify any of them.

    As I see now, both the Registry and the Services do not look 'normal.' But I don't want to have to move or remove anything until I confirm whether it's your system or the scan.
    ==================================[
    The Eset scan is clean so I don't think you have to worry about Win32/Heur./b]
    ===========================================
    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    ===============================
    Reboot the computer
    ================================
    Then download Combofix and run the scan again. Leave the new log.
  9. jmvanluijk

    jmvanluijk Newcomer, in training Topic Starter

    Hey there,

    Sorry for my late reply, in the weekends I'm mostly not at home so I could not reply any sooner.
    As I said before I'm not good with PC's in terms of configuring the registry and handling malware etc. so I did not install my PC to handle the registry different then usual. I have this PC since the 8th of january this year (2011) so the registry references that go from 8-1-2011 are all installed when I first booted my computer I think...


    By the way, I see all those shortcuts in the log. Maybe they refer to the different shortcuts I added to my pc? For example I configured "My Documents" to save all files on my D:\ partition instead of C:\mydocuments. And did that with "my pictures", "my video's" etc. etc. But can't remember changing 23 of em.


    I reinstalled combofix as you asked. Here is the log:

    ComboFix 11-03-21.02 - Mr. van Luijk 22-03-2011 14:00:29.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.8183.6593 [GMT 1:00]
    Gestart vanuit: c:\users\Mr. van Luijk\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-02-22 to 2011-03-22 ))))))))))))))))))))))))))))))
    .
    .
    2011-03-22 13:03 . 2011-03-22 13:03 -------- d-----w- c:\users\MRE29A~1~VAN\AppData\Local\temp
    2011-03-22 13:03 . 2011-03-22 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-15 13:16 . 2011-02-23 14:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-15 13:16 . 2011-02-23 14:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-03-15 13:16 . 2011-02-23 14:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-03-15 13:16 . 2011-02-23 14:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-03-15 13:16 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-03-15 13:16 . 2011-02-23 15:04 238968 ----a-w- c:\windows\system32\aswBoot.exe
    2011-03-15 13:16 . 2011-02-23 14:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-03-15 13:16 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
    2011-03-15 13:16 . 2011-02-23 15:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-03-15 13:16 . 2011-03-15 13:16 -------- d-----w- c:\programdata\AVAST Software
    2011-03-15 13:16 . 2011-03-15 13:16 -------- d-----w- c:\program files\AVAST Software
    2011-03-15 07:56 . 2011-03-15 07:56 -------- d-----w- c:\program files (x86)\ESET
    2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\users\Mr. van Luijk\AppData\Roaming\Malwarebytes
    2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-13 23:48 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-13 23:48 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-13 22:05 . 2011-03-13 22:05 -------- d-----w- c:\windows\system32\SPReview
    2011-03-13 22:05 . 2011-03-13 22:05 -------- d-----w- c:\windows\system32\EventProviders
    2011-03-13 22:03 . 2010-11-20 13:27 1110016 ----a-w- c:\windows\system32\schedsvc.dll
    2011-03-13 22:02 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
    2011-03-13 22:02 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
    2011-03-13 22:01 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-03-13 22:01 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2011-03-13 22:01 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2011-03-13 22:01 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
    2011-03-13 22:01 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
    2011-03-13 22:01 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
    2011-03-13 22:01 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
    2011-02-23 11:45 . 2011-02-23 11:45 -------- d-----w- c:\programdata\HP Product Assistant
    2011-02-23 11:44 . 2011-02-23 11:44 -------- d-----w- c:\windows\SysWow64\spool
    2011-02-23 11:44 . 2011-02-23 11:44 -------- d-----w- c:\program files (x86)\Common Files\HP
    2011-02-23 10:49 . 2011-01-07 12:17 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-23 10:49 . 2011-01-07 12:17 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-02-23 10:49 . 2011-01-07 07:46 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-02-23 10:49 . 2011-01-07 07:46 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-02-23 10:49 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-02-23 10:49 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2011-02-23 10:49 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-02-23 10:49 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-13 22:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-13 22:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-01-12 14:28 . 2011-01-12 14:28 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2011-01-10 20:08 . 2011-01-10 20:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-01-10 11:26 . 2011-01-10 11:26 53248 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\URLShortcut_French_B2DF3553895D431AB898FB0282944C9C.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\URLShortcut_Chines_CFF6DF6B00EE45B8B465C664E9FAB224.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut9_0FAD206E1F464F8E8BE69FCCE55FAFA6.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut5_E01CD6F3A0E142BF9B4985380CD4D26F.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut30_BB32F6C7D22042C19D3FF156495B8A12.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut3_055A98894B264E2EAF6EC38AD18728B6.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut29_CDEE2EF4C1AB4C2D8DD490B5C5DAF025.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut28_3C855621488B49628651DA4E89827E7D.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut27_3CD2C90DBE6A48E49BB0B40D5A9250EA.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut26_2674B6C359FC470E8B12F9A0DA6FB7AA.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut25_5D0DAECEA51C4DF485593AA3DA32F6C5.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut20_43CC5C1D8FFE458284228F0371A1345F.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut2_68D1FC9F32664D42816C073FF0A6B2E0.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut19_C15366935BE349BBA724FED9EF4B3C65.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut18_489002970B524AE1AE40C981FD7FE347.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut17_E5109E6678F84DB8B8B29E3164157467.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut14_11F09D42B7404B0F99FC528BBF68F743.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut12_A838C323FB8248159EBAED29849D2C8B.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut11_36378CC6ECF34AA1BF5A6C1C697C27C9.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut10_B8178294B07C454AAD6BF2382E51712E.exe
    2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut1_67E0F1E5AB8E49B5AA3AAE20EB50D182.exe
    2011-01-08 03:27 . 2011-01-18 20:32 67176 ----a-w- c:\windows\system32\OpenCL.dll
    2011-01-08 03:27 . 2011-01-18 20:32 6604904 ----a-w- c:\windows\system32\nvcuda.dll
    2011-01-08 03:27 . 2011-01-18 20:32 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-01-08 03:27 . 2011-01-18 20:32 5653096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-01-08 03:27 . 2011-01-18 20:32 4941928 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-01-08 03:27 . 2011-01-18 20:32 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-01-08 03:27 . 2011-01-18 20:32 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-01-08 03:27 . 2011-01-18 20:32 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-01-08 03:27 . 2011-01-18 20:32 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-01-08 03:27 . 2011-01-18 20:32 20471912 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-01-08 03:27 . 2011-01-18 20:32 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
    2011-01-08 03:27 . 2011-01-18 20:32 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-01-08 03:27 . 2011-01-18 20:32 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
    2011-01-08 03:27 . 2011-01-18 20:32 12961640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-01-08 03:27 . 2011-01-18 20:32 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-01-08 03:27 . 2011-01-18 20:32 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-01-08 03:27 . 2011-01-18 20:32 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-01-08 03:27 . 2010-07-09 22:38 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-01-08 03:27 . 2010-07-09 22:38 2200680 ----a-w- c:\windows\system32\nvapi64.dll
    2011-01-08 03:27 . 2010-07-09 22:38 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-01-08 03:27 . 2010-07-09 22:38 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-01-07 19:50 . 2011-01-07 19:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2011-01-07 19:50 . 2011-01-07 19:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-07 19:49 . 2011-01-07 19:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-01-07 19:49 . 2011-01-07 19:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-07 19:49 . 2011-01-07 19:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-01-07 19:49 . 2011-01-07 19:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-01-07 12:14 . 2011-02-16 10:34 46080 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 09:20 . 2011-02-16 10:34 366592 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-07 07:45 . 2011-02-16 10:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-07 05:43 . 2011-02-16 10:34 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2011-01-05 10:34 . 2011-02-16 10:34 612864 ----a-w- c:\windows\system32\vbscript.dll
    2011-01-05 06:56 . 2011-02-16 10:34 3129344 ----a-w- c:\windows\system32\win32k.sys
    2011-01-05 05:55 . 2011-02-16 10:34 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
    @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
    [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
    2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
    "Steam"="d:\steam\Steam.exe" [2011-01-10 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
    .
    c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"
    .
    R0 acs6nts;acs6nts;c:\windows\system32\DRIVERS\acs6nts.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 136176]
    R2 HPHNDUSVC;HP Home Network Diagnostic Support Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [x]
    R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [x]
    R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [x]
    R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [x]
    R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [x]
    R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [x]
    R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [x]
    R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [x]
    R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [x]
    R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [x]
    R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
    R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [x]
    R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [x]
    R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [x]
    R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [x]
    R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [x]
    R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [x]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2011-01-10 25832]
    R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [x]
    R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [x]
    R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [x]
    R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [x]
    R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [x]
    R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [x]
    R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [x]
    R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [x]
    R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [x]
    R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [x]
    R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [x]
    R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [x]
    R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [x]
    R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [x]
    R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [x]
    R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [x]
    R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [x]
    R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [x]
    R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 MsRPC;MsRPC; [x]
    R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [x]
    R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [x]
    R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [x]
    R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [x]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [x]
    R3 PerfHost;Performance Counter DLL Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992]
    R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [x]
    R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [x]
    R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [x]
    R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [x]
    R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [x]
    R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [x]
    R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [x]
    R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [x]
    R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [x]
    R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
    R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [x]
    R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [x]
    R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [x]
    R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [x]
    R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [x]
    R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [x]
    R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [x]
    R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [x]
    R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [x]
    R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
    R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
    R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [x]
    S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [x]
    S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [x]
    S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [x]
    S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [x]
    S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [x]
    S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [x]
    S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [x]
    S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
    S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [x]
    S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [x]
    S0 spldr;Security Processor Loader Driver; [x]
    S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [x]
    S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [x]
    S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [x]
    S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [x]
    S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [x]
    S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [x]
    S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [x]
    S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [x]
    S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [x]
    S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [x]
    S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [x]
    S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [x]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
    S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [x]
    S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
    S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [x]
    S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [x]
    S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [x]
    S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [x]
    S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [x]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
    S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [x]
    S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [x]
    S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [x]
    S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [x]
    S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [x]
    S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [x]
    S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [x]
    S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [x]
    S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
    S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
    DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
    wcssvc REG_MULTI_SZ WcsPlugInService
    HPHNDUService REG_MULTI_SZ HPHNDUSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    AeLookupSvc
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    AudioSrv
    FastUserSwitchingCompatibility
    Nla
    NWCWorkstation
    SRService
    Wmi
    WmdmPmSp
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    iphlpsvc
    msiscsi
    schedule
    SessionEnv
    winmgmt
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    sppuinotify
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
    BthHFSrv
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
    .
    2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 15:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
    @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
    [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
    2010-11-20 13:27 509952 ----a-w- c:\windows\System32\ntshrui.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    AeLookupSvc
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    IKEEXT
    AudioSrv
    FastUserSwitchingCompatibility
    Nla
    NWCWorkstation
    SRService
    Wmi
    WmdmPmSp
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    iphlpsvc
    seclogon
    AppInfo
    msiscsi
    MMCSS
    winmgmt
    SessionEnv
    browser
    EapHost
    schedule
    hkmsvc
    wercplsupport
    ProfSvc
    Themes
    BDESVC
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
    homegrouplistener
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    WdiServiceHost
    sppuinotify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
    lanmanworkstation
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
    BthHFSrv
    homegroupprovider
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Mr. van Luijk\AppData\Roaming\Mozilla\Firefox\Profiles\we5364l0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl&source=iglk
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
    FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
    FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
    FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
    FF - Ext: Woordenboek Nederlands: nl-NL@dictionaries.addons.mozilla.org - %profile%\extensions\nl-NL@dictionaries.addons.mozilla.org
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    SafeBoot-sacsvr
    SafeBoot-vmms
    .
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:34,d0,66,90,29,e9,46,a9,b7,60,25,fe,bc,c5,5d,cb,5c,a3,b8,62,ed,6a,22,
    a9,d5,d8,ff,d9,c5,16,f0,bb,74,78,30,1b,b6,f8,7c,fd,af,a5,c6,f1,e0,8b,87,de,\
    "??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    "datasecu"=hex:38,3a,20,4d,eb,b4,8f,91,d1,ec,74,83,09,f3,d9,0a,a1,9d,3c,b3,90,
    2a,66,cd,b7,1c,33,89,3d,07,6c,ac,08,8e,e2,e0,38,dc,eb,6d,01,9e,36,43,2d,78,\
    "rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2011-03-22 14:05:06
    ComboFix-quarantined-files.txt 2011-03-22 13:05
    ComboFix2.txt 2011-03-15 12:59
    .
    Pre-Run: 241.972.158.464 bytes free
    Post-Run: 241.915.252.736 bytes free
    .
    - - End Of File - - DCED64A373359A91518F290FE17BCB6B
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Question: Have you tried to access DeadSpace2.exe since you uninstalled AVG for Combofix? If not, try it.

    As fr the shortcuts, as long as you put them there and know what they are, no problem. We're having some problem on some Combofix scans, so I just needed to verify it.
  11. jmvanluijk

    jmvanluijk Newcomer, in training Topic Starter

    Yes I have accessed dead space 2 a few times since I uninstalled avg and used combofix. I ran a full scan with avast afterwards but found no infected files.

    About all the Microsoft roaming shortcuts... I have no Idea what they are, alas it was just a wild guess hoping you could make any sense of it. If you think I should clean something up, please tell me.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The problems with the Drivers/Services that I noted, appears to be a conflict with the 64 bit system and Combofix. It happened previously but had been fixed. Now it appears it's back. So I am not going to move any that were shown correctly in DDS.

    As for the shortcuts, they are all dated at the same time on 2011-01-08 14:17
    I think what we're seeing may be your Favorites or Bookmatks because they start with URL or NEW followed by a number. Do you remember if you imported favorites or Bookmarks on that date?

    I'm wondering if you have Hidden Files & Folders showing and that's what we see here>> So I'd like you to make sure the files and folders that are suppose to be hidden, are hidden. Many normal and legitimate entries are 'hidden' to better secure them, so they won't get accidentally deleted. So I don't want to remove those shortcuts- yet:
    Hidden Files and Folders in Windows Vista and Windows 7:
    • Click on the Start button and select Computer
    • Press the Alt key on your keyboard and click on Tools
    • Select Folder Options
    • Click the View tab and make sure that Show hidden files and folders is Unchecked under Hidden files and folders
    • Next, Check the box next to Hide protected operating system files (Recommended)
    • Then, Check the box next to Hide extensions for known filetypes
    • Click Apply then click OK

    Reboot the computer
    ============================================
    If those files were not hidden when you went to Folder Options, I'd like you to rescan with Combofix so I can compare the entries.

    There does not appear to be any Win32/Heur malware.
  13. jmvanluijk

    jmvanluijk Newcomer, in training Topic Starter

    Hey there,

    I did not import bookmarks, since my pc was brand new. I added all my bookmarks manually.

    All my hidden files and folders were already hidden alas. I followed all steps you wrote down, but I did not need to click anything, since all was as you described it should be. This is also the reason why I did not run another combofix scan.

    Really glad you're helping me by the way. Thanks a lot :)
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay- just wondered if showing hidden files could make a difference in the log. Those New Shortcuts are for the Bookmarks you manually added. It looks like you didn't put them in the correct directory. Can you access the Bookmarks?

    Are you having any of the original problems now? I'd appreciate it if you could run a current Combofix scan and give me a new log.
  15. jmvanluijk

    jmvanluijk Newcomer, in training Topic Starter

    Oh, I am really sorry! I didn't reply in over a week! I was really busy with exams. I understand if the thread got closed down, but if you'd still help me further I would be glad!

    How do you want me to run the combofix scan? with or without hidden files and folders visible? I can use my bookmarks (they're in firefox) but I don't know what you mean by "access your bookmarks"
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    No problem. I'm running behind also. Hope exams went well.

    Rehide the files and folders please and go ahead with an update and Combofix scan.

    My question about the bookmarks was because they don't appear to be in the right place in the system. So I was asking if you could open a Bookmark when you wanted, in the usual way.
  17. jmvanluijk

    jmvanluijk Newcomer, in training Topic Starter

    Hey, finally had time for a scan. here's the combofix log with everything hid like you asked.



    ComboFix 11-04-10.01 - Mr. van Luijk 11-04-2011 0:36.3.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.8183.6583 [GMT 2:00]
    Gestart vanuit: c:\users\Mr. van Luijk\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-03-10 to 2011-04-10 ))))))))))))))))))))))))))))))
    .
    .
    2011-04-10 22:39 . 2011-04-10 22:39 -------- d-----w- c:\users\MRE29A~1~VAN\AppData\Local\temp
    2011-04-10 22:39 . 2011-04-10 22:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-03 20:05 . 2011-04-03 20:05 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-03-22 15:54 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-03-22 15:54 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-03-22 15:54 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
    2011-03-22 15:54 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
    2011-03-22 15:54 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-03-22 15:54 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
    2011-03-22 15:54 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
    2011-03-22 15:54 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-15 13:16 . 2011-02-23 14:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-15 13:16 . 2011-02-23 14:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-03-15 13:16 . 2011-02-23 14:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-03-15 13:16 . 2011-02-23 14:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-03-15 13:16 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-03-15 13:16 . 2011-02-23 15:04 238968 ----a-w- c:\windows\system32\aswBoot.exe
    2011-03-15 13:16 . 2011-02-23 14:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-03-15 13:16 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
    2011-03-15 13:16 . 2011-02-23 15:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-03-15 13:16 . 2011-03-15 13:16 -------- d-----w- c:\programdata\AVAST Software
    2011-03-15 13:16 . 2011-03-15 13:16 -------- d-----w- c:\program files\AVAST Software
    2011-03-15 07:56 . 2011-03-15 07:56 -------- d-----w- c:\program files (x86)\ESET
    2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\users\Mr. van Luijk\AppData\Roaming\Malwarebytes
    2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-13 23:48 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-13 23:48 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-13 22:05 . 2011-03-13 22:05 -------- d-----w- c:\windows\system32\SPReview
    2011-03-13 22:05 . 2011-03-13 22:05 -------- d-----w- c:\windows\system32\EventProviders
    2011-03-13 22:03 . 2010-11-20 13:27 1110016 ----a-w- c:\windows\system32\schedsvc.dll
    2011-03-13 22:02 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
    2011-03-13 22:02 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
    2011-03-13 22:01 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-03-13 22:01 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2011-03-13 22:01 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2011-03-13 22:01 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
    2011-03-13 22:01 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
    2011-03-13 22:01 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
    2011-03-13 22:01 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-26 18:58 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-13 22:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-13 22:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-02-23 06:28 . 2011-02-23 06:28 67176 ----a-w- c:\windows\system32\OpenCL.dll
    2011-02-23 06:28 . 2011-02-23 06:28 6606440 ----a-w- c:\windows\system32\nvcuda.dll
    2011-02-23 06:28 . 2011-02-23 06:28 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-02-23 06:28 . 2011-02-23 06:28 4942952 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-02-23 06:28 . 2011-02-23 06:28 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-02-23 06:28 . 2011-02-23 06:28 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-02-23 06:28 . 2011-02-23 06:28 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-02-23 06:28 . 2011-02-23 06:28 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-02-23 06:28 . 2011-02-23 06:28 20473960 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-02-23 06:28 . 2011-02-23 06:28 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-02-23 06:28 . 2011-02-23 06:28 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-02-23 06:28 . 2011-02-23 06:28 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-02-23 06:28 . 2011-02-23 06:28 12962792 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-02-23 06:28 . 2011-02-23 06:28 12862568 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-02-23 06:28 . 2011-01-18 20:32 5654120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-02-23 06:28 . 2011-01-18 20:32 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
    2011-02-23 06:28 . 2011-01-18 20:32 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
    2011-02-23 06:28 . 2010-07-09 22:38 7732328 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-02-23 06:28 . 2010-07-09 22:38 2200680 ----a-w- c:\windows\system32\nvapi64.dll
    2011-02-23 06:28 . 2010-07-09 22:38 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-02-23 06:28 . 2010-07-09 22:38 10079336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-02-02 19:40 . 2011-01-10 20:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-01-21 05:36 . 2011-01-21 05:36 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
    2011-01-21 05:36 . 2011-01-21 05:36 413800 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
    2011-01-21 05:36 . 2011-01-06 12:16 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
    2011-01-17 11:09 . 2011-02-23 10:49 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-17 05:47 . 2011-02-23 10:49 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2011-01-12 14:28 . 2011-01-12 14:28 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-03-22_13.03.50 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2011-04-10 20:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-03-22 12:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-03-22 12:53 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-04-10 20:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-03-22 12:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-04-10 20:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-01-06 13:50 . 2011-04-10 20:31 36904 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-04-10 20:31 34326 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:30 . 2011-03-13 22:13 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2009-07-14 05:30 . 2011-04-06 22:36 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2011-01-21 05:36 . 2011-01-21 05:36 74272 c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_459032c4bd93f93d\RtNicProp64.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 67176 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\OpenCL64.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 57960 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\OpenCL.dll
    + 2011-01-06 11:42 . 2011-04-07 06:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-01-06 11:42 . 2011-03-13 22:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-03-23 10:36 . 2011-04-07 06:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-04-07 06:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-03-13 22:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-01-08 13:47 . 2011-04-10 20:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-01-08 13:47 . 2011-03-22 12:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:46 . 2011-03-26 19:01 92432 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2009-07-14 04:46 . 2011-03-21 10:20 92432 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-01-08 13:47 . 2011-04-10 20:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-01-08 13:47 . 2011-03-22 12:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-01-08 13:47 . 2011-04-10 20:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-01-08 13:47 . 2011-03-22 12:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-01-06 12:10 . 2011-03-22 12:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-01-06 12:10 . 2011-04-10 22:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-01-06 12:10 . 2011-03-22 12:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-01-06 12:10 . 2011-04-10 22:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-03-30 07:53 . 2011-03-30 07:53 25214 c:\windows\Installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
    + 2011-03-30 07:53 . 2011-03-30 07:53 25214 c:\windows\Installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2011-03-30 07:53 . 2011-03-30 07:53 25214 c:\windows\Installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2011-03-30 07:53 . 2011-03-30 07:53 25214 c:\windows\Installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2011-03-30 07:53 . 2011-03-30 07:53 25214 c:\windows\Installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2011-03-30 07:53 . 2011-03-30 07:53 25214 c:\windows\Installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2011-03-30 07:53 . 2011-03-30 07:53 25214 c:\windows\Installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}\ARPPRODUCTICON.exe
    + 2011-01-06 12:22 . 2011-04-10 20:31 9248 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3808538284-756412920-3689180855-1000_UserData.bin
    + 2011-04-10 20:29 . 2011-04-10 20:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-03-22 12:53 . 2011-03-22 12:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-03-22 12:53 . 2011-03-22 12:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-04-10 20:29 . 2011-04-10 20:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-03-28 18:30 . 2011-03-28 18:30 235168 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe
    + 2011-04-03 20:05 . 2011-02-02 19:40 157472 c:\windows\SysWOW64\javaws.exe
    - 2011-01-10 20:08 . 2011-01-10 20:08 157472 c:\windows\SysWOW64\javaws.exe
    - 2011-01-10 20:08 . 2011-01-10 20:08 145184 c:\windows\SysWOW64\javaw.exe
    + 2011-04-03 20:05 . 2011-02-02 19:40 145184 c:\windows\SysWOW64\javaw.exe
    - 2011-01-10 20:08 . 2011-01-10 20:08 145184 c:\windows\SysWOW64\java.exe
    + 2011-04-03 20:05 . 2011-02-02 19:40 145184 c:\windows\SysWOW64\java.exe
    - 2009-07-14 02:36 . 2011-03-22 12:58 624578 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-04-10 20:36 624578 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-03-22 12:58 110216 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2011-04-10 20:36 110216 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:30 . 2011-03-13 22:13 143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2011-04-06 22:36 143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2011-04-06 22:36 143360 c:\windows\system32\DriverStore\infstor.dat
    - 2009-07-14 05:30 . 2011-03-13 22:13 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2011-01-21 05:36 . 2011-01-21 05:36 107552 c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_459032c4bd93f93d\RTNUninst64.dll
    + 2011-01-21 05:36 . 2011-01-21 05:36 413800 c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_459032c4bd93f93d\Rt64win7.sys
    + 2011-02-23 06:28 . 2011-02-23 06:28 197224 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvidia-smi.exe
    + 2011-02-23 06:28 . 2011-02-23 06:28 281680 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvdrsdb.bin
    + 2011-02-23 06:28 . 2011-02-23 06:28 191080 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\dbInstaller.exe
    + 2009-07-14 05:01 . 2011-04-08 11:49 279288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-03-22 12:52 279288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-04-03 20:05 . 2011-04-03 20:05 183808 c:\windows\Installer\9fab28.msi
    + 2011-01-09 20:06 . 2011-03-28 18:30 6053536 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    - 2011-01-09 20:06 . 2011-03-13 21:17 6053536 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 7732328 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvwgf2umx.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 5654120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvwgf2um.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 1359976 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvgenco64.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 1614440 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvdispco64.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 2895976 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcuvid32.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 3112040 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcuvid.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 2479720 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcuvenc64.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 2251368 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcuvenc.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 4942952 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcuda32.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 6606440 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcuda.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 2200680 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvapi64.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 1965672 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvapi.dll
    - 2009-07-14 04:45 . 2011-03-13 22:14 7150408 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 04:45 . 2011-03-25 10:43 7150408 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2011-03-23 22:37 . 2011-03-23 22:37 1180672 c:\windows\Installer\23d48.msi
    + 2009-07-14 02:34 . 2011-03-24 09:38 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2011-03-13 22:11 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2011-02-23 06:28 . 2011-02-23 06:28 20473960 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvoglv64.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 15047272 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvoglv32.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 12962792 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvlddmkm.sys
    + 2011-02-23 06:28 . 2011-02-23 06:28 12862568 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvd3dumx.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 10079336 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvd3dum.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 26401528 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\NvCplSetupEng.exe
    + 2011-02-23 06:28 . 2011-02-23 06:28 13011560 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcompiler32.dll
    + 2011-02-23 06:28 . 2011-02-23 06:28 18580072 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcompiler.dll
    + 2011-01-11 00:01 . 2011-04-08 11:49 10875236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3808538284-756412920-3689180855-1000-12288.dat
    .
    -- Snapshot teruggezet naar huidige datum --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
    "Steam"="d:\steam\Steam.exe" [2011-01-10 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R0 acs6nts;acs6nts;c:\windows\system32\DRIVERS\acs6nts.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 136176]
    R2 HPHNDUSVC;HP Home Network Diagnostic Support Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2011-01-10 25832]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    R3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    HPHNDUService REG_MULTI_SZ HPHNDUSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
    .
    2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 15:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Mr. van Luijk\AppData\Roaming\Mozilla\Firefox\Profiles\we5364l0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl&source=iglk
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:34,d0,66,90,29,e9,46,a9,b7,60,25,fe,bc,c5,5d,cb,5c,a3,b8,62,ed,6a,22,
    a9,d5,d8,ff,d9,c5,16,f0,bb,74,78,30,1b,b6,f8,7c,fd,af,a5,c6,f1,e0,8b,87,de,\
    "??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    "datasecu"=hex:38,3a,20,4d,eb,b4,8f,91,d1,ec,74,83,09,f3,d9,0a,a1,9d,3c,b3,90,
    2a,66,cd,b7,1c,33,89,3d,07,6c,ac,08,8e,e2,e0,38,dc,eb,6d,01,9e,36,43,2d,78,\
    "rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2011-04-11 00:40:31
    ComboFix-quarantined-files.txt 2011-04-10 22:40
    ComboFix2.txt 2011-03-22 13:05
    ComboFix3.txt 2011-03-15 12:59
    .
    Pre-Run: 234.118.397.952 bytes free
    Post-Run: 234.309.017.600 bytes free
    .
    - - End Of File - - BA1B7E5D7939FED528EBFFF9742E3B07
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    How nicely the Dutch language put this:
    English would have said : Created New Restore Point. It is nice to get out of the box once in a while!

    If you don't mind, I would like for you to uninstall the current Combofix,download again and rescan. I am concerned about the drivers. There was a glitch which has been fixed, but 'd like to get a new scan to check the drivers:

    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    ====================================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    This should be the last scan.
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Note: Thread will be closed in 2 days if there is no reply.
  20. jmvanluijk

    jmvanluijk Newcomer, in training Topic Starter

    Hey there I don't know if the thread is closed, but I had no time to answer any sooner.

    Here is my report in case you are still willing to check it. If not thanks for all your help.


    ComboFix 11-04-16.03 - Mr. van Luijk 17-04-2011 22:26:34.4.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.8183.6550 [GMT 2:00]
    Gestart vanuit: c:\users\Mr. van Luijk\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-03-17 to 2011-04-17 ))))))))))))))))))))))))))))))
    .
    .
    2011-04-17 20:29 . 2011-04-17 20:29 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-04-17 20:29 . 2011-04-17 20:29 -------- d-----w- c:\users\MRE29A~1~VAN\AppData\Local\temp
    2011-04-17 20:29 . 2011-04-17 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-14 09:12 . 2011-04-14 09:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2011-04-14 08:44 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2011-04-14 08:44 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2011-04-14 08:44 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
    2011-04-14 08:44 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
    2011-04-14 08:44 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-04-14 08:43 . 2011-02-23 04:56 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-14 08:43 . 2011-02-23 04:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-14 08:43 . 2011-02-23 04:55 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-14 08:43 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-04-03 20:05 . 2011-04-03 20:05 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-04-01 03:10 . 2011-04-01 03:10 539232 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
    2011-04-01 03:10 . 2011-04-01 03:10 543328 ----a-w- c:\windows\SysWow64\LVUI2.dll
    2011-04-01 03:08 . 2011-04-01 03:08 301664 ----a-w- c:\windows\SysWow64\lvcodec2.dll
    2011-04-01 03:07 . 2011-04-01 03:07 4184672 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
    2011-04-01 03:07 . 2011-04-01 03:07 559712 ----a-w- c:\windows\system32\LVUIRC64.dll
    2011-04-01 03:07 . 2011-04-01 03:07 767584 ----a-w- c:\windows\system32\LVUI64.dll
    2011-04-01 03:07 . 2011-04-01 03:07 10877272 ----a-w- c:\windows\SysWow64\LogiDPP.dll
    2011-04-01 03:07 . 2011-04-01 03:07 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
    2011-04-01 03:07 . 2011-04-01 03:07 102744 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
    2011-04-01 03:07 . 2011-04-01 03:07 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
    2011-04-01 03:06 . 2011-04-01 03:06 331608 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
    2011-04-01 03:06 . 2011-04-01 03:06 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
    2011-04-01 03:06 . 2011-04-01 03:06 341856 ----a-w- c:\windows\system32\drivers\lvrs64.sys
    2011-04-01 03:05 . 2011-04-01 03:05 261728 ----a-w- c:\windows\system32\lvco13251014.dll
    2011-04-01 03:05 . 2011-04-01 03:05 172128 ----a-w- c:\windows\system32\lvcod64.dll
    2011-04-01 02:56 . 2011-04-01 02:56 39318 ----a-w- c:\windows\system32\Repository.reg
    2011-03-22 15:54 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-03-22 15:54 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-03-22 15:54 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
    2011-03-22 15:54 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
    2011-03-22 15:54 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-03-22 15:54 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
    2011-03-22 15:54 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
    2011-03-22 15:54 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-26 18:58 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-13 22:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-13 22:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-02-23 15:04 . 2011-03-15 13:16 40648 ----a-w- c:\windows\avastSS.scr
    2011-02-23 15:04 . 2011-03-15 13:16 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-02-23 15:04 . 2011-03-15 13:16 238968 ----a-w- c:\windows\system32\aswBoot.exe
    2011-02-23 14:57 . 2011-03-15 13:16 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-02-23 14:57 . 2011-03-15 13:16 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-02-23 14:55 . 2011-03-15 13:16 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-02-23 14:55 . 2011-03-15 13:16 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-02-23 14:55 . 2011-03-15 13:16 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-02-23 14:54 . 2011-03-15 13:16 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-02-23 06:28 . 2011-02-23 06:28 67176 ----a-w- c:\windows\system32\OpenCL.dll
    2011-02-23 06:28 . 2011-02-23 06:28 6606440 ----a-w- c:\windows\system32\nvcuda.dll
    2011-02-23 06:28 . 2011-02-23 06:28 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-02-23 06:28 . 2011-02-23 06:28 4942952 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-02-23 06:28 . 2011-02-23 06:28 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-02-23 06:28 . 2011-02-23 06:28 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-02-23 06:28 . 2011-02-23 06:28 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-02-23 06:28 . 2011-02-23 06:28 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-02-23 06:28 . 2011-02-23 06:28 20473960 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-02-23 06:28 . 2011-02-23 06:28 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-02-23 06:28 . 2011-02-23 06:28 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-02-23 06:28 . 2011-02-23 06:28 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-02-23 06:28 . 2011-02-23 06:28 12962792 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-02-23 06:28 . 2011-02-23 06:28 12862568 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-02-23 06:28 . 2011-01-18 20:32 5654120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-02-23 06:28 . 2011-01-18 20:32 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
    2011-02-23 06:28 . 2011-01-18 20:32 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
    2011-02-23 06:28 . 2010-07-09 22:38 7732328 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-02-23 06:28 . 2010-07-09 22:38 2200680 ----a-w- c:\windows\system32\nvapi64.dll
    2011-02-23 06:28 . 2010-07-09 22:38 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-02-23 06:28 . 2010-07-09 22:38 10079336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-02-19 12:05 . 2011-03-13 21:22 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 12:04 . 2011-03-13 21:22 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 12:04 . 2011-03-13 21:22 902656 ----a-w- c:\windows\system32\d2d1.dll
    2011-02-19 06:30 . 2011-03-13 21:22 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-02-19 06:30 . 2011-03-13 21:22 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-02-02 19:40 . 2011-01-10 20:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-01-21 05:36 . 2011-01-21 05:36 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
    2011-01-21 05:36 . 2011-01-21 05:36 413800 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
    2011-01-21 05:36 . 2011-01-06 12:16 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
    "Steam"="d:\steam\Steam.exe" [2011-01-10 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    .
    c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R0 acs6nts;acs6nts;c:\windows\system32\DRIVERS\acs6nts.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 136176]
    R2 HPHNDUSVC;HP Home Network Diagnostic Support Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2011-01-10 25832]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    R3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    HPHNDUService REG_MULTI_SZ HPHNDUSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
    .
    2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 15:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Mr. van Luijk\AppData\Roaming\Mozilla\Firefox\Profiles\we5364l0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl&source=iglk
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:34,d0,66,90,29,e9,46,a9,b7,60,25,fe,bc,c5,5d,cb,5c,a3,b8,62,ed,6a,22,
    a9,d5,d8,ff,d9,c5,16,f0,bb,74,78,30,1b,b6,f8,7c,fd,af,a5,c6,f1,e0,8b,87,de,\
    "??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
    .
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    "datasecu"=hex:38,3a,20,4d,eb,b4,8f,91,d1,ec,74,83,09,f3,d9,0a,a1,9d,3c,b3,90,
    2a,66,cd,b7,1c,33,89,3d,07,6c,ac,08,8e,e2,e0,38,dc,eb,6d,01,9e,36,43,2d,78,\
    "rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2011-04-17 22:30:52
    ComboFix-quarantined-files.txt 2011-04-17 20:30
    ComboFix2.txt 2011-04-10 22:40
    .
    Pre-Run: 238.938.644.480 bytes free
    Post-Run: 238.898.741.248 bytes free
    .
    - - End Of File - - 189222215AD3ABE022136C3A8EC564CC
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please bring me up to speed on the system. You started this thread over a month ago and we solved the AVG problem and you can access Dead.Space2. Are you having any malware related problems now.

    There are still many driver appearing not to be used. For example:
    Several of the are for Logitech and nVidia, but I don't want to remove them if they show unused due to Combofix. Check some of the above please. If you no longer have what they go to, I will remove them.

    Do the search for the process name at the end of the string with the .sys extension.
  22. jmvanluijk

    jmvanluijk Newcomer, in training Topic Starter

    After the initial malware problem, I scanned a few times like you told me to and stopped using avg. Since then I have no persisting malware problem as I know of. Because you told me my sytem looked weird/unusual I wanted to know what the "problem" was with my system. I found the drivers folder and indeed it is filled with 306 .sys files! I relocated every .sys you gave me in your post and in properties of those files I found them linking to my mouse drivers, nvidia sound drivers, and some for other sound drivers... others were logitec drivers supporting my webcam and voicecommunication... So I think all those are in use, although some drivers are installed double.
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    All of the drivers I put in the quote box above are Stopped: S=Stopped
    Driver/Service status:
    R=Running,
    S=Stopped,
    The legend for the numerical value is:
    1=System,
    2=Auto,
    3=Demand,
    4=Disabled
    You have drivers that are in the categories of 1=starting by the system, 2=Automatically starting, 3=Starting on Demand.

    None of these are showing with the X like in Combofix. I thought that had been taken care of in Combofix, but if you did the uninstall, then reinstalled Comofix recently, then the glitch on the drivers for 64bit systems is still there. So don't worry about it.
    ===============================
    Aside from that, have we resolved the original problem?
  24. jmvanluijk

    jmvanluijk Newcomer, in training Topic Starter

    Yes, thank you very much!
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, I just need to check these locked Registry entries:
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    RegLock:
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    RegNull::
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    [HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\License information*]
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.