Solved AVG blocks Dead Space 2.exe because of a Win32/heur virus

Status
Not open for further replies.
J

jmvanluijk

Posts: 12   +0
Hey there,

I have been away on vacation for a week and turn on my computer. First thing I do is run updates for my AVG and windows. Then I put some photo's from my vacation from my SD-card onto my pc and shortly after I pulled the SD card out, I get a warning that AVG detected a Win32/Heur virus in my DeadSpace2.exe (game is legit).

I read on the forum about false positive warnings, but even after updating my AVG and rebooting a couple of times AVG keeps sending off warnings.

I ran the scans as described in the "updated 8-step" post and got the following results:

The GMER log was completely blank, so nothing to post from that log. The other logs are posted below

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6046

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

14-3-2011 0:50:54
mbam-log-2011-03-14 (00-50-54).txt

Scan type: Quick scan
Objects scanned: 166431
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Mr. van Luijk at 1:26:24,09 on ma 14-03-2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.8183.6298 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
D:\Steam\Steam.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
C:\Program Files (x86)\Razer\Lachesis\OSD.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Razer\Lachesis\razertra.exe
C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\SysWOW64\svchost.exe -k HPHNDUService
C:\Users\Mr. van Luijk\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "D:\Steam\Steam.exe" -silent
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\MRE29A~1.VAN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MRE29A~1.VAN\AppData\Roaming\Mozilla\Firefox\Profiles\we5364l0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl&source=iglk
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\np32asw.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mr. van Luijk\AppData\Roaming\Mozilla\Firefox\Profiles\we5364l0.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: Woordenboek Nederlands: nl-NL@dictionaries.addons.mozilla.org - %profile%\extensions\nl-NL@dictionaries.addons.mozilla.org
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2011-1-6 23080]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-7-1 293416]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 HPHNDUSVC;HP Home Network Diagnostic Support Service;C:\Windows\system32\svchost.exe -k HPHNDUService [2009-7-14 27136]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
R3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-1-18 155752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-6 344680]
R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2011-1-8 29952]
S0 acs6nts;acs6nts;C:\Windows\System32\drivers\acs6nts.sys [2010-6-1 29744]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-18 136176]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2011-1-11 25832]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-7 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-13 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-03-13 23:48:13 -------- d-----w- C:\Users\MRE29A~1.VAN\AppData\Roaming\Malwarebytes
2011-03-13 23:48:09 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-13 23:48:09 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-13 23:48:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-13 23:48:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-13 22:05:43 -------- d-----w- C:\Windows\System32\SPReview
2011-03-13 22:05:06 -------- d-----w- C:\Windows\System32\EventProviders
2011-03-13 22:03:59 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2011-03-13 22:02:58 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-03-13 22:02:57 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-03-13 22:01:52 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-03-13 22:01:52 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-03-13 22:01:52 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-03-13 22:01:51 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-03-13 22:01:51 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-03-13 22:01:49 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-03-13 22:01:49 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-02-23 11:44:45 -------- d-----w- C:\Windows\SysWow64\spool
2011-02-23 11:44:01 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-02-23 10:49:48 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-23 10:49:48 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-23 10:49:48 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 10:49:48 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-23 10:49:46 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-02-23 10:49:46 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-02-23 10:49:46 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-02-23 10:49:46 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-02-16 10:35:02 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-16 10:35:02 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-02-16 10:34:58 3129344 ----a-w- C:\Windows\System32\win32k.sys
2011-02-16 10:34:57 612864 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-16 10:34:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-16 10:34:56 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-02-16 10:34:13 366592 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-16 10:34:13 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-16 10:34:12 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-02-16 10:34:12 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-16 10:34:12 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-16 10:34:12 100864 ----a-w- C:\Windows\System32\fontsub.dll
.
==================== Find3M ====================
.
2011-03-13 22:08:22 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-13 22:08:22 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-01-12 14:28:26 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-01-10 20:08:51 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-01-07 19:50:14 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-01-07 19:50:08 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
2011-01-07 19:49:50 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-01-07 19:49:28 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-01-07 19:49:26 2558568 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-01-07 19:49:26 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe
2010-12-23 10:42:53 1118720 ----a-w- C:\Windows\System32\sbe.dll
2010-12-23 10:42:51 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-12-23 10:42:51 723968 ----a-w- C:\Windows\System32\EncDec.dll
2010-12-23 10:36:02 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-12-23 05:54:18 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2010-12-23 05:54:17 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-12-23 05:54:17 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2010-12-23 05:50:23 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
.
============= FINISH: 1:26:36,73 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6-1-2011 12:49:38
System Uptime: 14-3-2011 0:42:51 (1 hours ago)
.
Motherboard: MSI | | P55-GD65 (MS-7585)
Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz | CPU1 | 2934/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 278 GiB total, 225,185 GiB free.
D: is FIXED (NTFS) - 653 GiB total, 552,549 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e97b-e325-11ce-bfc1-08002be10318}
Description: ACS-6xxxx
Device ID: PCI\VEN_10B5&DEV_8608&SUBSYS_860810B5&REV_BA\4&2F7627D0&0&00E4
Manufacturer: Accusys Inc.
Name: ACS-6xxxx
PNP Device ID: PCI\VEN_10B5&DEV_8608&SUBSYS_860810B5&REV_BA\4&2F7627D0&0&00E4
Service: acs6nts
.
==== System Restore Points ===================
.
RP60: 13-3-2011 23:05:27 - Windows 7 Service Pack 1
.
==== Installed Programs ======================
.
8500A909_eDocs
8500A909_Help
8500A909g
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1) - Nederlands
Advertising Center
Alien Swarm
Apple Application Support
Apple Software Update
µTorrent
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CameraHelperMsi
Combined Community Codec Pack 2010-10-10
Company of Heroes
Crysis
Crysis Warhead
Crysis Wars
D3DX10
Dead Space™ 2
Destinations
DeviceDiscovery
DocMgr
DocProc
DolbyFiles
Dragon Age: Origins
Dropbox
erLT
Fax
GameSpy Comrade
Google Earth Plug-in
Google Update Helper
GPBaseService2
Heroes of Newerth
HP Product Detection
HP Update
HPProductAssistant
HPSSupply
ImagXpress
Java Auto Updater
Java(TM) 6 Update 23
JMicron JMB36X Driver
Junk Mail filter update
Left 4 Dead
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes' Anti-Malware
MarketResearch
marvell 91xx driver
Mesh Runtime
Messenger Companion
Metro 2033
Microsoft .NET Framework 1.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MPM
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nero Vision
Nero Vision Help
NeroExpress
neroxml
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ProductContext
QuickTime
Razer Lachesis
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.1
SmartWebPrinting
SolutionCenter
Spotify
StarCraft II
Status
Steam
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office OneNote 2007 (KB980729)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Goo
.
==== Event Viewer Messages From Past Week ========
.
14-3-2011 0:43:54, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: acs6nts
14-3-2011 0:42:55, Error: acs6nts [11] - The driver detected a controller error on \Device\RaidPort0.
.
==== End Of File ===========================

Above are the 4 logs asked about, as written, the gmer.log file is completely blank and the program gave the pop up that no alterations in the system were detected.

Thank you for your time!
 
Welcome to TechSpot!

Yes, AVG gave us all quite a run with that bad update! But this isn't being done by AVG. After reading 'fixes' on several game forums, it appears that the culprits are either NOD32 or Spyware Doctor causing problems for some users. If you have these, try disabling to see if it runs.

Let me know> I am checking the logs you left.

Disabling either or both appears to allow the executable to run okay.
 
Thank you for the welcome, I think I have had an older account some 3 years ago when I had some trouble with a nasty virus, but since I don't have much knowledge about this stuff... Here I am again!

Thanks for the reply, but alas I don't have SpywareDoctor nor NOD32 installed. I ran those scans, and they all seem to be ok, but AVG keeps poppin up and putting my executable file in the virusvault. :'(

By the way. If I remove the ds2.exe file from the virus vault and try to run it as administrator I get an error saying: "this file is not a valid Win32 file" And so DS2 will not boot.
 
Run these please:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
===================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
Ok, I ran the tests you asked me to, but had to uninstall AVG to run combofix. I installed avast after completing the scans since I read in some other posts that Broni, one of the other members and helpers advised that one over AVG.

Here are the logs:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=d5915e549c09884e9fdd91a7cfab2beb
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-15 08:36:18
# local_time=2011-03-15 09:36:18 (+0100, W. Europe Standard Time)
# country="Netherlands"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1032 16777213 100 87 83898 43469882 0 0
# compatibility_mode=5893 16776574 100 94 125252 51805740 0 0
# compatibility_mode=8192 67108863 100 0 3711 3711 0 0
# scanned=199605
# found=0
# cleaned=0
# scan_time=2288
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=d5915e549c09884e9fdd91a7cfab2beb
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-15 12:25:34
# local_time=2011-03-15 01:25:34 (+0100, W. Europe Standard Time)
# country="Netherlands"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1032 16777213 100 87 14243 43483605 0 0
# compatibility_mode=5893 16776574 100 94 138975 51819463 0 0
# compatibility_mode=8192 67108863 100 0 17434 17434 0 0
# scanned=199717
# found=0
# cleaned=0
# scan_time=2321





ComboFix 11-03-14.07 - Mr. van Luijk 15-03-2011 13:55:08.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.8183.6661 [GMT 1:00]
Gestart vanuit: c:\users\Mr. van Luijk\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-02-15 to 2011-03-15 ))))))))))))))))))))))))))))))
.
.
2011-03-15 12:58 . 2011-03-15 12:58 -------- d-----w- c:\users\MRE29A~1~VAN\AppData\Local\temp
2011-03-15 12:58 . 2011-03-15 12:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-15 07:56 . 2011-03-15 07:56 -------- d-----w- c:\program files (x86)\ESET
2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\users\Mr. van Luijk\AppData\Roaming\Malwarebytes
2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\programdata\Malwarebytes
2011-03-13 23:48 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-13 23:48 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-13 22:05 . 2011-03-13 22:05 -------- d-----w- c:\windows\system32\SPReview
2011-03-13 22:05 . 2011-03-13 22:05 -------- d-----w- c:\windows\system32\EventProviders
2011-03-13 22:03 . 2010-11-20 13:27 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2011-03-13 22:02 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-03-13 22:02 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-03-13 22:01 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-13 22:01 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-13 22:01 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-13 22:01 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-13 22:01 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-13 22:01 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-03-13 22:01 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-02-23 11:45 . 2011-02-23 11:45 -------- d-----w- c:\programdata\HP Product Assistant
2011-02-23 11:44 . 2011-02-23 11:44 -------- d-----w- c:\windows\SysWow64\spool
2011-02-23 11:44 . 2011-02-23 11:44 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-02-23 10:49 . 2011-01-07 12:17 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 10:49 . 2011-01-07 12:17 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 10:49 . 2011-01-07 07:46 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-23 10:49 . 2011-01-07 07:46 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 10:49 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-02-23 10:49 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-02-23 10:49 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-02-23 10:49 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-02-16 10:35 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll
2011-02-16 10:35 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-02-16 10:34 . 2011-01-05 06:56 3129344 ----a-w- c:\windows\system32\win32k.sys
2011-02-16 10:34 . 2011-01-05 10:34 612864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-16 10:34 . 2011-01-05 05:55 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-02-16 10:34 . 2010-12-17 11:42 214016 ----a-w- c:\windows\system32\winsrv.dll
2011-02-16 10:34 . 2011-01-07 09:20 366592 ----a-w- c:\windows\system32\atmfd.dll
2011-02-16 10:34 . 2011-01-07 05:43 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-16 10:34 . 2011-01-07 12:14 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 10:34 . 2011-01-07 07:45 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-16 10:34 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2011-02-16 10:34 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-02-14 16:22 . 2011-02-14 16:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 22:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-13 22:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-01-12 14:28 . 2011-01-12 14:28 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-01-10 20:08 . 2011-01-10 20:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-10 11:26 . 2011-01-10 11:26 53248 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\URLShortcut_French_B2DF3553895D431AB898FB0282944C9C.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\URLShortcut_Chines_CFF6DF6B00EE45B8B465C664E9FAB224.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut9_0FAD206E1F464F8E8BE69FCCE55FAFA6.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut5_E01CD6F3A0E142BF9B4985380CD4D26F.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut30_BB32F6C7D22042C19D3FF156495B8A12.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut3_055A98894B264E2EAF6EC38AD18728B6.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut29_CDEE2EF4C1AB4C2D8DD490B5C5DAF025.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut28_3C855621488B49628651DA4E89827E7D.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut27_3CD2C90DBE6A48E49BB0B40D5A9250EA.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut26_2674B6C359FC470E8B12F9A0DA6FB7AA.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut25_5D0DAECEA51C4DF485593AA3DA32F6C5.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut20_43CC5C1D8FFE458284228F0371A1345F.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut2_68D1FC9F32664D42816C073FF0A6B2E0.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut19_C15366935BE349BBA724FED9EF4B3C65.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut18_489002970B524AE1AE40C981FD7FE347.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut17_E5109E6678F84DB8B8B29E3164157467.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut14_11F09D42B7404B0F99FC528BBF68F743.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut12_A838C323FB8248159EBAED29849D2C8B.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut11_36378CC6ECF34AA1BF5A6C1C697C27C9.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut10_B8178294B07C454AAD6BF2382E51712E.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut1_67E0F1E5AB8E49B5AA3AAE20EB50D182.exe
2011-01-08 03:27 . 2011-01-18 20:32 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-01-18 20:32 6604904 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-01-18 20:32 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-01-08 03:27 . 2011-01-18 20:32 5653096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-01-08 03:27 . 2011-01-18 20:32 4941928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-01-08 03:27 . 2011-01-18 20:32 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-01-18 20:32 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-01-08 03:27 . 2011-01-18 20:32 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-01-18 20:32 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-01-08 03:27 . 2011-01-18 20:32 20471912 ----a-w- c:\windows\system32\nvoglv64.dll
2011-01-08 03:27 . 2011-01-18 20:32 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2011-01-08 03:27 . 2011-01-18 20:32 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-01-08 03:27 . 2011-01-18 20:32 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2011-01-08 03:27 . 2011-01-18 20:32 12961640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2011-01-18 20:32 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-01-08 03:27 . 2011-01-18 20:32 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-01-18 20:32 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-01-08 03:27 . 2010-07-09 22:38 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-01-08 03:27 . 2010-07-09 22:38 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-01-08 03:27 . 2010-07-09 22:38 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-01-08 03:27 . 2010-07-09 22:38 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-01-07 19:50 . 2011-01-07 19:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-07 19:50 . 2011-01-07 19:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 19:49 . 2011-01-07 19:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-07 19:49 . 2011-01-07 19:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 19:49 . 2011-01-07 19:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 19:49 . 2011-01-07 19:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Steam"="d:\steam\Steam.exe" [2011-01-10 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
.
c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
R0 acs6nts;acs6nts;c:\windows\system32\DRIVERS\acs6nts.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 136176]
R2 HPHNDUSVC;HP Home Network Diagnostic Support Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [x]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [x]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [x]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [x]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [x]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [x]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [x]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [x]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [x]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [x]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [x]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [x]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [x]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [x]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [x]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2011-01-10 25832]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [x]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [x]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [x]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [x]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [x]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [x]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [x]
R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [x]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [x]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [x]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [x]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [x]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [x]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [x]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [x]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [x]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [x]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [x]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [x]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [x]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [x]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [x]
R3 PerfHost;Performance Counter DLL Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [x]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [x]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [x]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [x]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [x]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [x]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [x]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [x]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [x]
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [x]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [x]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [x]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [x]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [x]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [x]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [x]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [x]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [x]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [x]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [x]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [x]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [x]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [x]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [x]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [x]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [x]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [x]
S0 spldr;Security Processor Loader Driver; [x]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [x]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [x]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [x]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [x]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [x]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [x]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [x]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [x]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [x]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [x]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [x]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [x]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [x]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [x]
S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [x]
S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [x]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [x]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [x]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [x]
S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [x]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [x]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [x]
S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [x]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [x]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [x]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
wcssvc REG_MULTI_SZ WcsPlugInService
HPHNDUService REG_MULTI_SZ HPHNDUSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
SessionEnv
winmgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
sppuinotify
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
.
.
Inhoud van de 'Gedeelde Taken' map
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 13:27 509952 ----a-w- c:\windows\System32\ntshrui.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
winmgmt
SessionEnv
browser
EapHost
schedule
hkmsvc
wercplsupport
ProfSvc
Themes
BDESVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mr. van Luijk\AppData\Roaming\Mozilla\Firefox\Profiles\we5364l0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl&source=iglk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: Woordenboek Nederlands: nl-NL@dictionaries.addons.mozilla.org - %profile%\extensions\nl-NL@dictionaries.addons.mozilla.org
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS VERWIJDERD - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:34,d0,66,90,29,e9,46,a9,b7,60,25,fe,bc,c5,5d,cb,5c,a3,b8,62,ed,6a,22,
a9,d5,d8,ff,d9,c5,16,f0,bb,74,78,30,1b,b6,f8,7c,fd,af,a5,c6,f1,e0,8b,87,de,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:38,3a,20,4d,eb,b4,8f,91,d1,ec,74,83,09,f3,d9,0a,a1,9d,3c,b3,90,
2a,66,cd,b7,1c,33,89,3d,07,6c,ac,08,8e,e2,e0,38,dc,eb,6d,01,9e,36,43,2d,78,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-03-15 13:59:15
ComboFix-quarantined-files.txt 2011-03-15 12:59
.
Pre-Run: 240.105.656.320 bytes free
Post-Run: 239.744.053.248 bytes free
.
- - End Of File - - 5FA276038C6DBF9D259FDF1BB5E2DFB8
 
I am not sure what has been done with NetServices in the Registry. There is a long list of Services, but nothing following the Service name. Normally, following the name is the status code. On yours, there is nothing. In fact, most of the Registry settings don't resemble a 'normal' log.

There are also multiple Drivers and Services indicating stopped and not used. In fact, there are 126 of them! Clearly this is not a normal system

Allow me to ask if this is a legitimate Windows 7 operating system.
 
Yes it is a legitimate windows 7 system. Have the legit key and registered with Microsoft.

Did not installed it myself, but let it do at a local PC shop though.

Well I'm pretty curious what's wrong with my system apart from being infected or not with a win32/heur virus... If you can see if it's clean I would be glad. If you've any other advise concerning my (apparently) weird registry I would be glad too.
Would a registry cleaning program do the trick (like tune up utilities) or should I completely reinstall my pc?
 
I realize it's an inconvenience, but I'd like you to uninstall the Combofix you have now, reinstall again from the website and run a new scan. We've noticed that Services may not be scanning correctly- we don't know at this point whether there is a glitch with the AMD processors and Combofix.

No, please don't use a Registry cleaning program! We don't even recommend this type of program.

Have you purposely reconfigured the registry or system to handle apps any different that usual? I ask because, in addition to the unusual Service settings, I am seeing over 30 of the following:

The top 2 lines of the following are the same and all have same date of 1/8/2011:
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming
but the\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}

But they are followed by this:
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut9_0FAD206E1F464F8E8BE69FCCE55FAFA6.exe
These 'new shortcuts' are numbered 1-30, not in numerical order, all the same 1/8/2011 date and I can't identify any of them.

As I see now, both the Registry and the Services do not look 'normal.' But I don't want to have to move or remove anything until I confirm whether it's your system or the scan.
==================================[
The Eset scan is clean so I don't think you have to worry about Win32/Heur./b]
===========================================
Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
===============================
Reboot the computer
================================
Then download Combofix and run the scan again. Leave the new log.
 
Hey there,

Sorry for my late reply, in the weekends I'm mostly not at home so I could not reply any sooner.
As I said before I'm not good with PC's in terms of configuring the registry and handling malware etc. so I did not install my PC to handle the registry different then usual. I have this PC since the 8th of january this year (2011) so the registry references that go from 8-1-2011 are all installed when I first booted my computer I think...


By the way, I see all those shortcuts in the log. Maybe they refer to the different shortcuts I added to my pc? For example I configured "My Documents" to save all files on my D:\ partition instead of C:\mydocuments. And did that with "my pictures", "my video's" etc. etc. But can't remember changing 23 of em.


I reinstalled combofix as you asked. Here is the log:

ComboFix 11-03-21.02 - Mr. van Luijk 22-03-2011 14:00:29.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.8183.6593 [GMT 1:00]
Gestart vanuit: c:\users\Mr. van Luijk\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-02-22 to 2011-03-22 ))))))))))))))))))))))))))))))
.
.
2011-03-22 13:03 . 2011-03-22 13:03 -------- d-----w- c:\users\MRE29A~1~VAN\AppData\Local\temp
2011-03-22 13:03 . 2011-03-22 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-15 13:16 . 2011-02-23 14:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-15 13:16 . 2011-02-23 14:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-15 13:16 . 2011-02-23 14:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-15 13:16 . 2011-02-23 14:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-15 13:16 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-15 13:16 . 2011-02-23 15:04 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-15 13:16 . 2011-02-23 14:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-15 13:16 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-15 13:16 . 2011-02-23 15:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-03-15 13:16 . 2011-03-15 13:16 -------- d-----w- c:\programdata\AVAST Software
2011-03-15 13:16 . 2011-03-15 13:16 -------- d-----w- c:\program files\AVAST Software
2011-03-15 07:56 . 2011-03-15 07:56 -------- d-----w- c:\program files (x86)\ESET
2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\users\Mr. van Luijk\AppData\Roaming\Malwarebytes
2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\programdata\Malwarebytes
2011-03-13 23:48 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-13 23:48 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-13 22:05 . 2011-03-13 22:05 -------- d-----w- c:\windows\system32\SPReview
2011-03-13 22:05 . 2011-03-13 22:05 -------- d-----w- c:\windows\system32\EventProviders
2011-03-13 22:03 . 2010-11-20 13:27 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2011-03-13 22:02 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-03-13 22:02 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-03-13 22:01 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-13 22:01 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-13 22:01 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-13 22:01 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-13 22:01 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-13 22:01 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-03-13 22:01 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-02-23 11:45 . 2011-02-23 11:45 -------- d-----w- c:\programdata\HP Product Assistant
2011-02-23 11:44 . 2011-02-23 11:44 -------- d-----w- c:\windows\SysWow64\spool
2011-02-23 11:44 . 2011-02-23 11:44 -------- d-----w- c:\program files (x86)\Common Files\HP
2011-02-23 10:49 . 2011-01-07 12:17 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 10:49 . 2011-01-07 12:17 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 10:49 . 2011-01-07 07:46 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-23 10:49 . 2011-01-07 07:46 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 10:49 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-02-23 10:49 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-02-23 10:49 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-02-23 10:49 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 22:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-13 22:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-01-12 14:28 . 2011-01-12 14:28 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-01-10 20:08 . 2011-01-10 20:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-10 11:26 . 2011-01-10 11:26 53248 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\URLShortcut_French_B2DF3553895D431AB898FB0282944C9C.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\URLShortcut_Chines_CFF6DF6B00EE45B8B465C664E9FAB224.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut9_0FAD206E1F464F8E8BE69FCCE55FAFA6.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut5_E01CD6F3A0E142BF9B4985380CD4D26F.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut30_BB32F6C7D22042C19D3FF156495B8A12.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut3_055A98894B264E2EAF6EC38AD18728B6.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut29_CDEE2EF4C1AB4C2D8DD490B5C5DAF025.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut28_3C855621488B49628651DA4E89827E7D.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut27_3CD2C90DBE6A48E49BB0B40D5A9250EA.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut26_2674B6C359FC470E8B12F9A0DA6FB7AA.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut25_5D0DAECEA51C4DF485593AA3DA32F6C5.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut20_43CC5C1D8FFE458284228F0371A1345F.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut2_68D1FC9F32664D42816C073FF0A6B2E0.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut19_C15366935BE349BBA724FED9EF4B3C65.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut18_489002970B524AE1AE40C981FD7FE347.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut17_E5109E6678F84DB8B8B29E3164157467.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut14_11F09D42B7404B0F99FC528BBF68F743.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut12_A838C323FB8248159EBAED29849D2C8B.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut11_36378CC6ECF34AA1BF5A6C1C697C27C9.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut10_B8178294B07C454AAD6BF2382E51712E.exe
2011-01-08 14:17 . 2011-01-08 14:17 140664 ----a-r- c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Installer\{580AEA6C-E35C-4470-818F-0F0A083EE1AD}\NewShortcut1_67E0F1E5AB8E49B5AA3AAE20EB50D182.exe
2011-01-08 03:27 . 2011-01-18 20:32 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-01-18 20:32 6604904 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-01-18 20:32 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-01-08 03:27 . 2011-01-18 20:32 5653096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-01-08 03:27 . 2011-01-18 20:32 4941928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-01-08 03:27 . 2011-01-18 20:32 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-01-18 20:32 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-01-08 03:27 . 2011-01-18 20:32 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-01-18 20:32 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-01-08 03:27 . 2011-01-18 20:32 20471912 ----a-w- c:\windows\system32\nvoglv64.dll
2011-01-08 03:27 . 2011-01-18 20:32 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2011-01-08 03:27 . 2011-01-18 20:32 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-01-08 03:27 . 2011-01-18 20:32 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2011-01-08 03:27 . 2011-01-18 20:32 12961640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2011-01-18 20:32 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-01-08 03:27 . 2011-01-18 20:32 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-01-18 20:32 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-01-08 03:27 . 2010-07-09 22:38 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-01-08 03:27 . 2010-07-09 22:38 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-01-08 03:27 . 2010-07-09 22:38 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-01-08 03:27 . 2010-07-09 22:38 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-01-07 19:50 . 2011-01-07 19:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-07 19:50 . 2011-01-07 19:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 19:49 . 2011-01-07 19:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-07 19:49 . 2011-01-07 19:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 19:49 . 2011-01-07 19:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 19:49 . 2011-01-07 19:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 12:14 . 2011-02-16 10:34 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 09:20 . 2011-02-16 10:34 366592 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 07:45 . 2011-02-16 10:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:43 . 2011-02-16 10:34 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 10:34 . 2011-02-16 10:34 612864 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 06:56 . 2011-02-16 10:34 3129344 ----a-w- c:\windows\system32\win32k.sys
2011-01-05 05:55 . 2011-02-16 10:34 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Steam"="d:\steam\Steam.exe" [2011-01-10 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
R0 acs6nts;acs6nts;c:\windows\system32\DRIVERS\acs6nts.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 136176]
R2 HPHNDUSVC;HP Home Network Diagnostic Support Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [x]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [x]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [x]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [x]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [x]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [x]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [x]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [x]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [x]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [x]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [x]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [x]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [x]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [x]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [x]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2011-01-10 25832]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [x]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [x]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [x]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [x]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [x]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [x]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [x]
R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [x]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [x]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [x]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [x]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [x]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [x]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [x]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [x]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [x]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [x]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [x]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [x]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [x]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [x]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [x]
R3 PerfHost;Performance Counter DLL Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [x]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [x]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [x]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [x]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [x]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [x]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [x]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [x]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [x]
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [x]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [x]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [x]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [x]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [x]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [x]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [x]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [x]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [x]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [x]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [x]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [x]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [x]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [x]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [x]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [x]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [x]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [x]
S0 spldr;Security Processor Loader Driver; [x]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [x]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [x]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [x]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [x]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [x]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [x]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [x]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [x]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [x]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [x]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [x]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [x]
S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [x]
S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [x]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [x]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [x]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [x]
S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [x]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [x]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [x]
S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [x]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [x]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [x]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
wcssvc REG_MULTI_SZ WcsPlugInService
HPHNDUService REG_MULTI_SZ HPHNDUSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
SessionEnv
winmgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
sppuinotify
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
.
.
Inhoud van de 'Gedeelde Taken' map
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 13:27 509952 ----a-w- c:\windows\System32\ntshrui.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
winmgmt
SessionEnv
browser
EapHost
schedule
hkmsvc
wercplsupport
ProfSvc
Themes
BDESVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mr. van Luijk\AppData\Roaming\Mozilla\Firefox\Profiles\we5364l0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl&source=iglk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: Woordenboek Nederlands: nl-NL@dictionaries.addons.mozilla.org - %profile%\extensions\nl-NL@dictionaries.addons.mozilla.org
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS VERWIJDERD - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:34,d0,66,90,29,e9,46,a9,b7,60,25,fe,bc,c5,5d,cb,5c,a3,b8,62,ed,6a,22,
a9,d5,d8,ff,d9,c5,16,f0,bb,74,78,30,1b,b6,f8,7c,fd,af,a5,c6,f1,e0,8b,87,de,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:38,3a,20,4d,eb,b4,8f,91,d1,ec,74,83,09,f3,d9,0a,a1,9d,3c,b3,90,
2a,66,cd,b7,1c,33,89,3d,07,6c,ac,08,8e,e2,e0,38,dc,eb,6d,01,9e,36,43,2d,78,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-03-22 14:05:06
ComboFix-quarantined-files.txt 2011-03-22 13:05
ComboFix2.txt 2011-03-15 12:59
.
Pre-Run: 241.972.158.464 bytes free
Post-Run: 241.915.252.736 bytes free
.
- - End Of File - - DCED64A373359A91518F290FE17BCB6B
 
Question: Have you tried to access DeadSpace2.exe since you uninstalled AVG for Combofix? If not, try it.

As fr the shortcuts, as long as you put them there and know what they are, no problem. We're having some problem on some Combofix scans, so I just needed to verify it.
 
Yes I have accessed dead space 2 a few times since I uninstalled avg and used combofix. I ran a full scan with avast afterwards but found no infected files.

About all the Microsoft roaming shortcuts... I have no Idea what they are, alas it was just a wild guess hoping you could make any sense of it. If you think I should clean something up, please tell me.
 
The problems with the Drivers/Services that I noted, appears to be a conflict with the 64 bit system and Combofix. It happened previously but had been fixed. Now it appears it's back. So I am not going to move any that were shown correctly in DDS.

As for the shortcuts, they are all dated at the same time on 2011-01-08 14:17
I think what we're seeing may be your Favorites or Bookmatks because they start with URL or NEW followed by a number. Do you remember if you imported favorites or Bookmarks on that date?

I'm wondering if you have Hidden Files & Folders showing and that's what we see here>> So I'd like you to make sure the files and folders that are suppose to be hidden, are hidden. Many normal and legitimate entries are 'hidden' to better secure them, so they won't get accidentally deleted. So I don't want to remove those shortcuts- yet:
Hidden Files and Folders in Windows Vista and Windows 7:
  • Click on the Start button and select Computer
  • Press the Alt key on your keyboard and click on Tools
  • Select Folder Options
  • Click the View tab and make sure that Show hidden files and folders is Unchecked under Hidden files and folders
  • Next, Check the box next to Hide protected operating system files (Recommended)
  • Then, Check the box next to Hide extensions for known filetypes
  • Click Apply then click OK

Reboot the computer
============================================
If those files were not hidden when you went to Folder Options, I'd like you to rescan with Combofix so I can compare the entries.

There does not appear to be any Win32/Heur malware.
 
Hey there,

I did not import bookmarks, since my pc was brand new. I added all my bookmarks manually.

All my hidden files and folders were already hidden alas. I followed all steps you wrote down, but I did not need to click anything, since all was as you described it should be. This is also the reason why I did not run another combofix scan.

Really glad you're helping me by the way. Thanks a lot :)
 
Okay- just wondered if showing hidden files could make a difference in the log. Those New Shortcuts are for the Bookmarks you manually added. It looks like you didn't put them in the correct directory. Can you access the Bookmarks?

Are you having any of the original problems now? I'd appreciate it if you could run a current Combofix scan and give me a new log.
 
Oh, I am really sorry! I didn't reply in over a week! I was really busy with exams. I understand if the thread got closed down, but if you'd still help me further I would be glad!

How do you want me to run the combofix scan? with or without hidden files and folders visible? I can use my bookmarks (they're in firefox) but I don't know what you mean by "access your bookmarks"
 
No problem. I'm running behind also. Hope exams went well.

Rehide the files and folders please and go ahead with an update and Combofix scan.

My question about the bookmarks was because they don't appear to be in the right place in the system. So I was asking if you could open a Bookmark when you wanted, in the usual way.
 
Hey, finally had time for a scan. here's the combofix log with everything hid like you asked.



ComboFix 11-04-10.01 - Mr. van Luijk 11-04-2011 0:36.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.8183.6583 [GMT 2:00]
Gestart vanuit: c:\users\Mr. van Luijk\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-03-10 to 2011-04-10 ))))))))))))))))))))))))))))))
.
.
2011-04-10 22:39 . 2011-04-10 22:39 -------- d-----w- c:\users\MRE29A~1~VAN\AppData\Local\temp
2011-04-10 22:39 . 2011-04-10 22:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-03 20:05 . 2011-04-03 20:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-22 15:54 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-22 15:54 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-22 15:54 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-22 15:54 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-22 15:54 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-22 15:54 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-22 15:54 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-22 15:54 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-15 13:16 . 2011-02-23 14:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-15 13:16 . 2011-02-23 14:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-15 13:16 . 2011-02-23 14:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-15 13:16 . 2011-02-23 14:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-15 13:16 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-15 13:16 . 2011-02-23 15:04 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-15 13:16 . 2011-02-23 14:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-15 13:16 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-15 13:16 . 2011-02-23 15:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-03-15 13:16 . 2011-03-15 13:16 -------- d-----w- c:\programdata\AVAST Software
2011-03-15 13:16 . 2011-03-15 13:16 -------- d-----w- c:\program files\AVAST Software
2011-03-15 07:56 . 2011-03-15 07:56 -------- d-----w- c:\program files (x86)\ESET
2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\users\Mr. van Luijk\AppData\Roaming\Malwarebytes
2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\programdata\Malwarebytes
2011-03-13 23:48 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-13 23:48 . 2011-03-13 23:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-13 23:48 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-13 22:05 . 2011-03-13 22:05 -------- d-----w- c:\windows\system32\SPReview
2011-03-13 22:05 . 2011-03-13 22:05 -------- d-----w- c:\windows\system32\EventProviders
2011-03-13 22:03 . 2010-11-20 13:27 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2011-03-13 22:02 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-03-13 22:02 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-03-13 22:01 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-13 22:01 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-13 22:01 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-13 22:01 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-13 22:01 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-13 22:01 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-03-13 22:01 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 18:58 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-13 22:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-13 22:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-23 06:28 . 2011-02-23 06:28 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 06:28 . 2011-02-23 06:28 6606440 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 06:28 . 2011-02-23 06:28 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-02-23 06:28 . 2011-02-23 06:28 4942952 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-02-23 06:28 . 2011-02-23 06:28 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 06:28 . 2011-02-23 06:28 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-02-23 06:28 . 2011-02-23 06:28 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 06:28 . 2011-02-23 06:28 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-02-23 06:28 . 2011-02-23 06:28 20473960 ----a-w- c:\windows\system32\nvoglv64.dll
2011-02-23 06:28 . 2011-02-23 06:28 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 06:28 . 2011-02-23 06:28 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-02-23 06:28 . 2011-02-23 06:28 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-02-23 06:28 . 2011-02-23 06:28 12962792 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-23 06:28 . 2011-02-23 06:28 12862568 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-02-23 06:28 . 2011-01-18 20:32 5654120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-02-23 06:28 . 2011-01-18 20:32 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2011-02-23 06:28 . 2011-01-18 20:32 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2011-02-23 06:28 . 2010-07-09 22:38 7732328 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-02-23 06:28 . 2010-07-09 22:38 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-02-23 06:28 . 2010-07-09 22:38 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-02-23 06:28 . 2010-07-09 22:38 10079336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-02-02 19:40 . 2011-01-10 20:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-21 05:36 . 2011-01-21 05:36 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-01-21 05:36 . 2011-01-21 05:36 413800 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-01-21 05:36 . 2011-01-06 12:16 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-01-17 11:09 . 2011-02-23 10:49 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-17 05:47 . 2011-02-23 10:49 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-01-12 14:28 . 2011-01-12 14:28 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-22_13.03.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-10 20:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-22 12:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-22 12:53 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-10 20:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-22 12:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-10 20:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-06 13:50 . 2011-04-10 20:31 36904 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-10 20:31 34326 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2011-03-13 22:13 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-04-06 22:36 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-01-21 05:36 . 2011-01-21 05:36 74272 c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_459032c4bd93f93d\RtNicProp64.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 67176 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\OpenCL64.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 57960 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\OpenCL.dll
+ 2011-01-06 11:42 . 2011-04-07 06:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-06 11:42 . 2011-03-13 22:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-23 10:36 . 2011-04-07 06:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-07 06:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-13 22:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-08 13:47 . 2011-04-10 20:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-08 13:47 . 2011-03-22 12:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-03-26 19:01 92432 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-03-21 10:20 92432 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-01-08 13:47 . 2011-04-10 20:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-08 13:47 . 2011-03-22 12:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-08 13:47 . 2011-04-10 20:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-08 13:47 . 2011-03-22 12:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-06 12:10 . 2011-03-22 12:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-06 12:10 . 2011-04-10 22:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-06 12:10 . 2011-03-22 12:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-06 12:10 . 2011-04-10 22:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-30 07:53 . 2011-03-30 07:53 25214 c:\windows\Installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-03-30 07:53 . 2011-03-30 07:53 25214 c:\windows\Installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-03-30 07:53 . 2011-03-30 07:53 25214 c:\windows\Installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-03-30 07:53 . 2011-03-30 07:53 25214 c:\windows\Installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-03-30 07:53 . 2011-03-30 07:53 25214 c:\windows\Installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-03-30 07:53 . 2011-03-30 07:53 25214 c:\windows\Installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-03-30 07:53 . 2011-03-30 07:53 25214 c:\windows\Installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}\ARPPRODUCTICON.exe
+ 2011-01-06 12:22 . 2011-04-10 20:31 9248 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3808538284-756412920-3689180855-1000_UserData.bin
+ 2011-04-10 20:29 . 2011-04-10 20:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-22 12:53 . 2011-03-22 12:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-22 12:53 . 2011-03-22 12:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-10 20:29 . 2011-04-10 20:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-28 18:30 . 2011-03-28 18:30 235168 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe
+ 2011-04-03 20:05 . 2011-02-02 19:40 157472 c:\windows\SysWOW64\javaws.exe
- 2011-01-10 20:08 . 2011-01-10 20:08 157472 c:\windows\SysWOW64\javaws.exe
- 2011-01-10 20:08 . 2011-01-10 20:08 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-04-03 20:05 . 2011-02-02 19:40 145184 c:\windows\SysWOW64\javaw.exe
- 2011-01-10 20:08 . 2011-01-10 20:08 145184 c:\windows\SysWOW64\java.exe
+ 2011-04-03 20:05 . 2011-02-02 19:40 145184 c:\windows\SysWOW64\java.exe
- 2009-07-14 02:36 . 2011-03-22 12:58 624578 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-10 20:36 624578 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-03-22 12:58 110216 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-04-10 20:36 110216 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-03-13 22:13 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-04-06 22:36 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-04-06 22:36 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-03-13 22:13 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-01-21 05:36 . 2011-01-21 05:36 107552 c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_459032c4bd93f93d\RTNUninst64.dll
+ 2011-01-21 05:36 . 2011-01-21 05:36 413800 c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_459032c4bd93f93d\Rt64win7.sys
+ 2011-02-23 06:28 . 2011-02-23 06:28 197224 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvidia-smi.exe
+ 2011-02-23 06:28 . 2011-02-23 06:28 281680 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvdrsdb.bin
+ 2011-02-23 06:28 . 2011-02-23 06:28 191080 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\dbInstaller.exe
+ 2009-07-14 05:01 . 2011-04-08 11:49 279288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-03-22 12:52 279288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-03 20:05 . 2011-04-03 20:05 183808 c:\windows\Installer\9fab28.msi
+ 2011-01-09 20:06 . 2011-03-28 18:30 6053536 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
- 2011-01-09 20:06 . 2011-03-13 21:17 6053536 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 7732328 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvwgf2umx.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 5654120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvwgf2um.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 1359976 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvgenco64.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 1614440 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvdispco64.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 2895976 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcuvid32.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 3112040 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcuvid.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 2479720 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcuvenc64.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 2251368 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcuvenc.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 4942952 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcuda32.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 6606440 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcuda.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 2200680 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvapi64.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 1965672 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvapi.dll
- 2009-07-14 04:45 . 2011-03-13 22:14 7150408 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-03-25 10:43 7150408 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-03-23 22:37 . 2011-03-23 22:37 1180672 c:\windows\Installer\23d48.msi
+ 2009-07-14 02:34 . 2011-03-24 09:38 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-03-13 22:11 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-02-23 06:28 . 2011-02-23 06:28 20473960 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvoglv64.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 15047272 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvoglv32.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 12962792 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvlddmkm.sys
+ 2011-02-23 06:28 . 2011-02-23 06:28 12862568 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvd3dumx.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 10079336 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvd3dum.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 26401528 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\NvCplSetupEng.exe
+ 2011-02-23 06:28 . 2011-02-23 06:28 13011560 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcompiler32.dll
+ 2011-02-23 06:28 . 2011-02-23 06:28 18580072 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_aed85544599f8512\nvcompiler.dll
+ 2011-01-11 00:01 . 2011-04-08 11:49 10875236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3808538284-756412920-3689180855-1000-12288.dat
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Steam"="d:\steam\Steam.exe" [2011-01-10 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 acs6nts;acs6nts;c:\windows\system32\DRIVERS\acs6nts.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 136176]
R2 HPHNDUSVC;HP Home Network Diagnostic Support Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2011-01-10 25832]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
R3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
HPHNDUService REG_MULTI_SZ HPHNDUSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mr. van Luijk\AppData\Roaming\Mozilla\Firefox\Profiles\we5364l0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl&source=iglk
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:34,d0,66,90,29,e9,46,a9,b7,60,25,fe,bc,c5,5d,cb,5c,a3,b8,62,ed,6a,22,
a9,d5,d8,ff,d9,c5,16,f0,bb,74,78,30,1b,b6,f8,7c,fd,af,a5,c6,f1,e0,8b,87,de,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:38,3a,20,4d,eb,b4,8f,91,d1,ec,74,83,09,f3,d9,0a,a1,9d,3c,b3,90,
2a,66,cd,b7,1c,33,89,3d,07,6c,ac,08,8e,e2,e0,38,dc,eb,6d,01,9e,36,43,2d,78,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-04-11 00:40:31
ComboFix-quarantined-files.txt 2011-04-10 22:40
ComboFix2.txt 2011-03-22 13:05
ComboFix3.txt 2011-03-15 12:59
.
Pre-Run: 234.118.397.952 bytes free
Post-Run: 234.309.017.600 bytes free
.
- - End Of File - - BA1B7E5D7939FED528EBFFF9742E3B07
 
How nicely the Dutch language put this:
* New convalescence point was produced.
Click to expand...
English would have said : Created New Restore Point. It is nice to get out of the box once in a while!

If you don't mind, I would like for you to uninstall the current Combofix,download again and rescan. I am concerned about the drivers. There was a glitch which has been fixed, but 'd like to get a new scan to check the drivers:

Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
====================================
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

This should be the last scan.
 
Hey there I don't know if the thread is closed, but I had no time to answer any sooner.

Here is my report in case you are still willing to check it. If not thanks for all your help.


ComboFix 11-04-16.03 - Mr. van Luijk 17-04-2011 22:26:34.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1033.18.8183.6550 [GMT 2:00]
Gestart vanuit: c:\users\Mr. van Luijk\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-03-17 to 2011-04-17 ))))))))))))))))))))))))))))))
.
.
2011-04-17 20:29 . 2011-04-17 20:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-04-17 20:29 . 2011-04-17 20:29 -------- d-----w- c:\users\MRE29A~1~VAN\AppData\Local\temp
2011-04-17 20:29 . 2011-04-17 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-14 09:12 . 2011-04-14 09:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-04-14 08:44 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 08:44 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 08:44 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-04-14 08:44 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-04-14 08:44 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 08:43 . 2011-02-23 04:56 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 08:43 . 2011-02-23 04:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 08:43 . 2011-02-23 04:55 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 08:43 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-03 20:05 . 2011-04-03 20:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-01 03:10 . 2011-04-01 03:10 539232 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2011-04-01 03:10 . 2011-04-01 03:10 543328 ----a-w- c:\windows\SysWow64\LVUI2.dll
2011-04-01 03:08 . 2011-04-01 03:08 301664 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2011-04-01 03:07 . 2011-04-01 03:07 4184672 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2011-04-01 03:07 . 2011-04-01 03:07 559712 ----a-w- c:\windows\system32\LVUIRC64.dll
2011-04-01 03:07 . 2011-04-01 03:07 767584 ----a-w- c:\windows\system32\LVUI64.dll
2011-04-01 03:07 . 2011-04-01 03:07 10877272 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2011-04-01 03:07 . 2011-04-01 03:07 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
2011-04-01 03:07 . 2011-04-01 03:07 102744 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2011-04-01 03:07 . 2011-04-01 03:07 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-04-01 03:06 . 2011-04-01 03:06 331608 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2011-04-01 03:06 . 2011-04-01 03:06 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-04-01 03:06 . 2011-04-01 03:06 341856 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2011-04-01 03:05 . 2011-04-01 03:05 261728 ----a-w- c:\windows\system32\lvco13251014.dll
2011-04-01 03:05 . 2011-04-01 03:05 172128 ----a-w- c:\windows\system32\lvcod64.dll
2011-04-01 02:56 . 2011-04-01 02:56 39318 ----a-w- c:\windows\system32\Repository.reg
2011-03-22 15:54 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-22 15:54 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-22 15:54 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-22 15:54 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-22 15:54 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-22 15:54 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-22 15:54 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-22 15:54 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 18:58 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-13 22:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-13 22:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-23 15:04 . 2011-03-15 13:16 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2011-03-15 13:16 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-02-23 15:04 . 2011-03-15 13:16 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:57 . 2011-03-15 13:16 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:57 . 2011-03-15 13:16 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:55 . 2011-03-15 13:16 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2011-03-15 13:16 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2011-03-15 13:16 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2011-03-15 13:16 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-23 06:28 . 2011-02-23 06:28 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 06:28 . 2011-02-23 06:28 6606440 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 06:28 . 2011-02-23 06:28 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-02-23 06:28 . 2011-02-23 06:28 4942952 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-02-23 06:28 . 2011-02-23 06:28 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 06:28 . 2011-02-23 06:28 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-02-23 06:28 . 2011-02-23 06:28 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 06:28 . 2011-02-23 06:28 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-02-23 06:28 . 2011-02-23 06:28 20473960 ----a-w- c:\windows\system32\nvoglv64.dll
2011-02-23 06:28 . 2011-02-23 06:28 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 06:28 . 2011-02-23 06:28 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-02-23 06:28 . 2011-02-23 06:28 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-02-23 06:28 . 2011-02-23 06:28 12962792 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-23 06:28 . 2011-02-23 06:28 12862568 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-02-23 06:28 . 2011-01-18 20:32 5654120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-02-23 06:28 . 2011-01-18 20:32 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2011-02-23 06:28 . 2011-01-18 20:32 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2011-02-23 06:28 . 2010-07-09 22:38 7732328 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-02-23 06:28 . 2010-07-09 22:38 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-02-23 06:28 . 2010-07-09 22:38 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-02-23 06:28 . 2010-07-09 22:38 10079336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-02-19 12:05 . 2011-03-13 21:22 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-13 21:22 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-13 21:22 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-13 21:22 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-13 21:22 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-02 19:40 . 2011-01-10 20:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-21 05:36 . 2011-01-21 05:36 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-01-21 05:36 . 2011-01-21 05:36 413800 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-01-21 05:36 . 2011-01-06 12:16 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Steam"="d:\steam\Steam.exe" [2011-01-10 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\users\Mr. van Luijk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 acs6nts;acs6nts;c:\windows\system32\DRIVERS\acs6nts.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 136176]
R2 HPHNDUSVC;HP Home Network Diagnostic Support Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2011-01-10 25832]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
R3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
HPHNDUService REG_MULTI_SZ HPHNDUSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 13:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Mr. van Luijk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mr. van Luijk\AppData\Roaming\Mozilla\Firefox\Profiles\we5364l0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl&source=iglk
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:34,d0,66,90,29,e9,46,a9,b7,60,25,fe,bc,c5,5d,cb,5c,a3,b8,62,ed,6a,22,
a9,d5,d8,ff,d9,c5,16,f0,bb,74,78,30,1b,b6,f8,7c,fd,af,a5,c6,f1,e0,8b,87,de,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:38,3a,20,4d,eb,b4,8f,91,d1,ec,74,83,09,f3,d9,0a,a1,9d,3c,b3,90,
2a,66,cd,b7,1c,33,89,3d,07,6c,ac,08,8e,e2,e0,38,dc,eb,6d,01,9e,36,43,2d,78,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-04-17 22:30:52
ComboFix-quarantined-files.txt 2011-04-17 20:30
ComboFix2.txt 2011-04-10 22:40
.
Pre-Run: 238.938.644.480 bytes free
Post-Run: 238.898.741.248 bytes free
.
- - End Of File - - 189222215AD3ABE022136C3A8EC564CC
 
Please bring me up to speed on the system. You started this thread over a month ago and we solved the AVG problem and you can access Dead.Space2. Are you having any malware related problems now.

There are still many driver appearing not to be used. For example:
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
Click to expand...
Several of the are for Logitech and nVidia, but I don't want to remove them if they show unused due to Combofix. Check some of the above please. If you no longer have what they go to, I will remove them.

Do the search for the process name at the end of the string with the .sys extension.
 
After the initial malware problem, I scanned a few times like you told me to and stopped using avg. Since then I have no persisting malware problem as I know of. Because you told me my sytem looked weird/unusual I wanted to know what the "problem" was with my system. I found the drivers folder and indeed it is filled with 306 .sys files! I relocated every .sys you gave me in your post and in properties of those files I found them linking to my mouse drivers, nvidia sound drivers, and some for other sound drivers... others were logitec drivers supporting my webcam and voicecommunication... So I think all those are in use, although some drivers are installed double.
 
All of the drivers I put in the quote box above are Stopped: S=Stopped
Driver/Service status:
R=Running,
S=Stopped,
The legend for the numerical value is:
1=System,
2=Auto,
3=Demand,
4=Disabled
You have drivers that are in the categories of 1=starting by the system, 2=Automatically starting, 3=Starting on Demand.

None of these are showing with the X like in Combofix. I thought that had been taken care of in Combofix, but if you did the uninstall, then reinstalled Comofix recently, then the glitch on the drivers for 64bit systems is still there. So don't worry about it.
===============================
Aside from that, have we resolved the original problem?
 
Okay, I just need to check these locked Registry entries:
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
RegLock:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
RegNull::
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-3808538284-756412920-3689180855-1000\Software\SecuROM\License information*]
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back