Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Horse SHeur4.BQC

Started by Lin83 , Sep 16 2011 01:24 PM

  • Please log in to reply

#1
Lin83
Posted 16 September 2011 - 01:24 PM

Lin83

    New Member

  • Member
  • Pip
  • 3 posts
Hi there,

I ran my periodic whole-system scan with AVG free edition, and this trojan horse (SHeur4.BQC) came up. I had not noticed any symptoms yet, except my computer being kind of slow for a couple of days. I ran RKill and then OTL, the log file is below, as well as the Extras file. I also ran the SAS portable scanner, but it only returned some bad cookies.

My system is an Acer Aspire 4810T with Vista installed. I have very little knowledge on computers, so I'll just mention some other things, even though they might not be informative. I have a VirtualBox installed, as well as a remote VCN access point to my Linux work desktop (via Putty). Also, my harddisk is encrypted with McAfee Endpoint Encryption. Actually, AVG says the trojan is in the C:\program Files\McAfee\Endpoint Encryption for PC\SbSetup.exe file, but I installed the program via a link provided at work, which should be safe. I have however downloaded some other stuff (a movie and some music - I will NOT be doing this again!) that I do not trust.

I hope someone can help me fix this.
Thank you very much in advance!

OTL logfile created on: 9/16/2011 2:57:40 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Linda\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 39.66% Memory free
6.06 Gb Paging File | 4.52 Gb Available in Paging File | 74.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 113.48 Gb Free Space | 39.36% Space Free | Partition Type: NTFS

Computer Name: LD696-4810T | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/15 19:38:03 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Linda\Downloads\OTL.scr
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/27 21:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/16 10:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/10 10:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 08:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/17 11:54:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 11:54:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/11/24 07:44:26 | 000,172,092 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe
PRC - [2009/11/24 07:43:38 | 000,380,988 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe
PRC - [2009/08/19 09:20:52 | 000,069,632 | ---- | M] () -- C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
PRC - [2009/05/26 18:26:34 | 000,253,696 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/05/26 18:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/05/16 01:39:46 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009/05/16 01:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009/05/16 01:39:44 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009/04/29 22:56:28 | 000,176,128 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
PRC - [2009/04/29 20:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 22:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2009/04/08 20:56:14 | 001,071,624 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/02/11 20:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 20:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/11 18:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/02/05 11:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/10/27 18:09:16 | 000,199,464 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2008/10/27 15:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2008/10/27 15:05:24 | 000,346,672 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2008/07/29 22:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/03 08:28:23 | 000,400,440 | ---- | M] () -- C:\Users\Linda\AppData\Local\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll
MOD - [2011/09/03 08:28:22 | 004,118,072 | ---- | M] () -- C:\Users\Linda\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
MOD - [2011/09/03 08:26:51 | 000,104,520 | ---- | M] () -- C:\Users\Linda\AppData\Local\Google\Chrome\Application\13.0.782.220\avutil-50.dll
MOD - [2011/09/03 08:26:49 | 000,203,848 | ---- | M] () -- C:\Users\Linda\AppData\Local\Google\Chrome\Application\13.0.782.220\avformat-52.dll
MOD - [2011/09/03 08:26:48 | 001,846,344 | ---- | M] () -- C:\Users\Linda\AppData\Local\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
MOD - [2011/08/30 11:34:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011/08/30 11:33:54 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/08/30 11:33:20 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll
MOD - [2011/08/30 11:33:19 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/30 11:32:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/30 11:32:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/30 11:32:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011/08/30 11:32:10 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/30 11:31:55 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/07/12 12:29:11 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/04 15:44:31 | 000,169,472 | ---- | M] () -- C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
MOD - [2011/05/07 18:13:23 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3438.37236__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/05/07 18:13:23 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3438.37255__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/05/07 18:13:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3438.37249__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/05/07 18:13:22 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3438.37254__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011/05/07 18:13:22 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3438.37329__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/05/07 18:13:22 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3438.37331__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/05/07 18:13:22 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3438.37244__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/05/07 18:13:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3438.37244__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/05/07 18:13:21 | 000,172,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3438.37342__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll
MOD - [2011/05/07 18:13:21 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3438.37297__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/05/07 18:13:21 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3438.37342__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll
MOD - [2011/05/07 18:13:20 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3438.37245__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011/05/07 18:13:20 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3438.37255__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/05/07 18:13:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/05/07 18:13:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/05/07 18:13:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/05/07 18:13:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011/05/07 18:13:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/05/07 18:13:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011/05/07 18:13:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/05/07 18:13:19 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011/05/07 18:13:18 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/05/07 18:13:18 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/05/07 18:13:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/05/07 18:13:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011/05/07 18:13:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011/05/07 18:13:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011/05/07 18:13:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011/05/07 18:13:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011/05/07 18:13:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011/05/07 18:13:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011/05/07 18:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011/05/07 18:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2011/05/07 18:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll
MOD - [2011/05/07 18:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011/05/07 18:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011/05/07 18:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011/05/07 18:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011/05/07 18:13:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011/05/07 18:13:17 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/05/07 18:13:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/05/07 18:13:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3309.28647__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2011/05/07 18:13:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011/05/07 18:13:16 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3438.37249__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011/05/07 18:13:16 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3438.37324__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/05/07 18:13:16 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3438.37322__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/05/07 18:13:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3438.37338__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/05/07 18:13:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011/05/07 18:13:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/05/07 18:13:16 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011/05/07 18:13:16 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011/05/07 18:13:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011/05/07 18:13:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011/05/07 18:13:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011/05/07 18:13:16 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011/05/07 18:13:16 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011/05/07 18:13:16 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011/05/07 18:13:16 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3438.37231__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011/05/07 18:13:15 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3438.37240__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011/05/07 18:13:15 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3438.37233__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011/05/07 18:13:15 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3438.37234__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011/05/07 18:13:15 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3438.37235__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011/05/07 18:13:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011/05/07 18:13:15 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011/05/07 18:13:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011/05/07 18:13:15 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3438.37324__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011/05/07 18:13:15 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011/05/07 18:13:15 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011/05/07 18:13:14 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3438.37233__90ba9c70f846762e\APM.Server.dll
MOD - [2011/05/07 18:13:14 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3438.37232__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/03/21 14:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/10 10:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/11/17 07:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/19 09:20:52 | 000,069,632 | ---- | M] () -- C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
MOD - [2009/03/31 20:45:52 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/02/02 20:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008/07/29 22:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2003/06/07 17:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 08:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/11/24 07:43:38 | 000,380,988 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe -- (SafeBootClientManager)
SRV - [2009/05/26 18:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/05/16 01:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/04/29 20:32:32 | 000,118,784 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2009/04/10 22:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/03/04 05:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/11 20:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/02/05 11:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/10/27 15:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\Linda\AppData\Local\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\Linda\AppData\Local\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 18:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 10:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 17:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 11:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 10:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 10:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 09:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/11/24 07:42:37 | 000,014,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbRegFlt.sys -- (SbRegFlt)
DRV - [2009/11/24 07:42:27 | 000,006,496 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/11/24 07:42:22 | 000,033,328 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RsvLock.sys -- (RsvLock)
DRV - [2009/11/24 07:42:12 | 000,034,480 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFlop.sys -- (SbFlop)
DRV - [2009/11/24 07:41:41 | 000,103,760 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/06/01 05:53:16 | 004,386,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/06/01 01:38:50 | 000,093,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/06/01 01:24:00 | 004,568,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2009/04/01 15:54:44 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/02/20 22:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/02/09 01:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 01:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 01:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 01:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/10/23 16:39:02 | 000,041,744 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2008/10/23 16:39:00 | 000,096,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2008/10/09 19:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/10/09 19:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/10/09 19:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/09/25 11:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/13 13:51:42 | 000,044,976 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SBAlg)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_4810t
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_4810t
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_4810t
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://www.ubvu.vu.nl/vumc.pac

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Linda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Linda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Linda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Linda\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Linda\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/14 13:00:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/14 08:23:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/14 08:23:27 | 000,000,000 | ---D | M]

[2011/06/04 15:28:15 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [SafeBootTokenWatcher] C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe ()
O4 - HKLM..\Run: [SB_EN_Script] C:\Partners\vbs\PartnersLaptopEncryption.vbs ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Linda\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 132.183.100.12 170.223.111.244
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CCF2DC5-1DB0-4E50-A359-59A3CC51CFDF}: DhcpNameServer = 132.183.100.12 170.223.111.244
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/16 11:18:47 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/16 11:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/16 10:58:19 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Mozilla
[2011/09/16 10:09:04 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011/09/15 20:01:20 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/09/15 20:01:20 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2011/09/14 22:08:59 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/09/14 16:59:06 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\UltraVNC
[2011/09/14 15:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
[2011/09/14 15:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC
[2011/09/14 14:55:45 | 000,000,000 | ---D | C] -- C:\Users\Linda\Documents\Linear algebra
[2011/09/13 11:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
[2011/09/13 11:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\PuTTY
[2011/09/11 21:22:59 | 000,000,000 | ---D | C] -- C:\Users\Linda\Documents\Downloads
[2011/09/11 15:02:30 | 000,000,000 | ---D | C] -- C:\Users\Linda\Endnote bibliotheek
[2011/09/11 14:58:38 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\EndNote
[2011/09/11 14:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Risxtd
[2011/09/11 14:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
[2011/09/11 14:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\EndNote 9
[2011/09/11 14:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/09/11 14:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/09/10 11:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2011/09/08 08:12:00 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\Facebook
[2011/09/07 16:02:47 | 000,000,000 | ---D | C] -- C:\Partners
[2011/09/07 16:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\SafeBoot Tray Manager
[2011/09/07 16:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/09/07 10:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/09/07 09:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Endpoint Encryption for PC
[2011/09/06 10:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/06 10:38:32 | 000,000,000 | ---D | C] -- C:\Users\Linda\Documents\Linux, Freesurfer manuals
[2011/08/28 14:25:47 | 000,000,000 | ---D | C] -- C:\Users\Linda\Documents\Reviews
[2011/08/28 11:57:35 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Skype
[2011/08/28 11:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/28 11:57:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/08/28 11:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/08/24 11:47:11 | 000,000,000 | ---D | C] -- C:\Users\Linda\Documents\Belastingdienst
[2011/08/24 11:47:11 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Belastingdienst
[2011/08/24 11:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belastingdienst
[2011/08/24 11:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Belastingdienst
[2011/08/23 10:33:13 | 000,000,000 | ---D | C] -- C:\Users\Linda\Documents\The KMPlayer
[2011/08/23 10:32:07 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2011/08/23 10:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2011/08/23 09:58:32 | 000,000,000 | ---D | C] -- C:\Users\Linda\Berichten Nokia
[2011/08/23 09:54:01 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\PC Suite
[2011/08/23 09:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2011/08/23 09:54:00 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Nokia
[2011/08/23 09:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/08/23 09:50:59 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2011/08/23 09:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011/08/23 09:46:07 | 000,091,136 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2011/08/23 09:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2011/08/23 09:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2011/08/23 08:36:41 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\CyberLink
[2011/08/23 08:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/08/23 08:36:37 | 000,000,000 | ---D | C] -- C:\Users\Linda\Documents\CyberLink
[2011/05/07 18:48:20 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/09/16 14:58:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3659884333-556122667-2142014689-1000UA.job
[2011/09/16 14:07:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/16 14:07:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/16 13:17:05 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3659884333-556122667-2142014689-1000UA.job
[2011/09/16 10:58:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3659884333-556122667-2142014689-1000Core.job
[2011/09/16 10:36:58 | 000,000,600 | ---- | M] () -- C:\Users\Linda\AppData\Local\PUTTY.RND
[2011/09/16 10:15:31 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/16 10:15:31 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/16 10:14:19 | 132,585,778 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/09/16 10:07:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/16 10:07:36 | 3147,583,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/15 20:01:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2011/09/14 13:00:17 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/09/13 21:40:19 | 000,015,632 | ---- | M] () -- C:\Users\Linda\Documents\Uitgaven Boston.ods
[2011/09/12 16:49:05 | 000,000,680 | ---- | M] () -- C:\Users\Linda\AppData\Local\d3d9caps.dat
[2011/09/12 14:50:23 | 001,843,722 | ---- | M] () -- C:\Users\Linda\Documents\Rockport.pdf
[2011/09/11 21:38:43 | 000,089,600 | ---- | M] () -- C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/11 15:33:46 | 000,407,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/08 08:17:03 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3659884333-556122667-2142014689-1000Core.job
[2011/09/07 16:05:54 | 021,102,592 | RHS- | M] () -- C:\SafeBoot.fs
[2011/09/07 16:05:46 | 000,589,824 | RHS- | M] () -- C:\SafeBoot.rsv
[2011/09/07 15:55:56 | 004,907,520 | ---- | M] () -- C:\Users\Linda\Desktop\rhci_safeboot.exe
[2011/09/04 13:55:34 | 000,002,008 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/04 13:55:33 | 000,002,046 | ---- | M] () -- C:\Users\Linda\Desktop\Google Chrome.lnk
[2011/08/31 13:17:46 | 011,796,071 | ---- | M] () -- C:\Users\Linda\Documents\International Orientation Partners.pdf
[2011/08/28 11:57:09 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/23 10:32:11 | 000,000,836 | ---- | M] () -- C:\Users\Linda\Desktop\KMPlayer.lnk
[2011/08/23 09:55:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2011/08/23 09:55:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

========== Files Created - No Company Name ==========

[2011/09/15 20:01:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2011/09/13 12:36:09 | 000,000,600 | ---- | C] () -- C:\Users\Linda\AppData\Local\PUTTY.RND
[2011/09/12 16:49:05 | 000,000,680 | ---- | C] () -- C:\Users\Linda\AppData\Local\d3d9caps.dat
[2011/09/12 14:50:22 | 001,843,722 | ---- | C] () -- C:\Users\Linda\Documents\Rockport.pdf
[2011/09/08 08:12:19 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3659884333-556122667-2142014689-1000UA.job
[2011/09/08 08:12:18 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3659884333-556122667-2142014689-1000Core.job
[2011/09/07 15:55:54 | 004,907,520 | ---- | C] () -- C:\Users\Linda\Desktop\rhci_safeboot.exe
[2011/09/07 10:52:07 | 021,102,592 | RHS- | C] () -- C:\SafeBoot.fs
[2011/09/07 10:52:04 | 000,589,824 | RHS- | C] () -- C:\SafeBoot.rsv
[2011/08/31 13:18:08 | 011,796,071 | ---- | C] () -- C:\Users\Linda\Documents\International Orientation Partners.pdf
[2011/08/30 20:35:13 | 000,015,632 | ---- | C] () -- C:\Users\Linda\Documents\Uitgaven Boston.ods
[2011/08/28 11:57:09 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/23 10:32:11 | 000,000,836 | ---- | C] () -- C:\Users\Linda\Desktop\KMPlayer.lnk
[2011/08/23 09:55:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2011/08/23 09:55:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2011/08/11 10:33:00 | 000,096,016 | ---- | C] () -- C:\Windows\System32\drivers\VBoxDrv.sys
[2011/06/04 15:30:35 | 000,000,054 | ---- | C] () -- C:\Windows\Player.INI
[2011/05/13 02:46:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/05/13 02:46:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/09 18:09:38 | 000,089,600 | ---- | C] () -- C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 18:39:05 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/05/07 18:39:05 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/05/07 18:39:05 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2011/05/07 18:39:05 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/05/07 18:39:04 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/05/07 18:39:04 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011/05/07 18:39:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/05/07 18:39:04 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/05/07 18:16:37 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011/05/07 18:16:37 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/05/07 18:16:37 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011/05/07 18:16:37 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2011/05/07 18:14:01 | 000,107,276 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2011/05/07 18:14:01 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2011/05/07 18:14:01 | 000,000,632 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011/05/07 18:14:01 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011/05/07 18:14:01 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011/05/07 18:14:01 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011/05/07 18:14:01 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011/05/07 18:09:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/20 08:20:12 | 002,997,248 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011/01/20 08:18:38 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011/01/20 08:15:10 | 129,452,089 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011/01/20 07:27:48 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2009/11/24 07:41:41 | 000,103,760 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys
[2009/04/01 15:26:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/31 20:46:06 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/03/31 20:46:06 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/03/31 20:46:05 | 000,000,058 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/03/31 20:46:05 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,407,024 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/05/07 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Acer
[2009/04/01 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Acer GameZone Console
[2011/05/09 20:27:36 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\AVG10
[2011/08/24 11:48:26 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Belastingdienst
[2011/09/11 16:06:37 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\EndNote
[2011/05/07 18:29:21 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Leadertech
[2011/08/23 09:55:33 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Nokia
[2011/07/12 12:29:51 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\OpenOffice.org
[2011/08/23 09:55:38 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\PC Suite
[2011/09/08 08:17:03 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3659884333-556122667-2142014689-1000Core.job
[2011/09/16 13:17:05 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3659884333-556122667-2142014689-1000UA.job
[2011/09/15 22:49:47 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 9/16/2011 2:57:40 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Linda\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 39.66% Memory free
6.06 Gb Paging File | 4.52 Gb Available in Paging File | 74.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 113.48 Gb Free Space | 39.36% Space Free | Partition Type: NTFS

Computer Name: LD696-4810T | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5CA36378-5C5E-4B1F-8BB8-56E5DA584FAD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2FB9800-DB35-4EAD-8A05-A307014EE535}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EB030AEB-CAF1-4AE1-8EDF-605B8F24314E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08201A70-A1B8-4A57-BE49-589BF3C97A1F}" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"{1C04E539-AEEB-4B98-B8CD-17FDE33C34EF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{2150E4DF-B008-442B-A3E1-3DD378939B0B}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{21CDD41F-ECE1-4A51-89F4-8776D16DE786}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{226A82A3-1909-41CF-87EE-F7C2D0887ACA}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{24DAC326-D15F-4FFF-A5A5-2573CBDFE8AB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{29E6AB1B-A494-4DB6-9A58-A0DDDBF81536}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2F5EABCC-7668-45C8-BECA-62C4050BFE7D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{34B2C3EC-272E-4B97-8CEF-E246E3715F6F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{35B8DB34-222A-432A-9E33-4543242392B5}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{3B700E38-3881-4B46-8782-423A42F0677D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{3C38CA3B-023C-4DD5-A610-068FF946E0FB}" = dir=in | app=c:\users\linda\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{56EAAE81-AFEA-4841-AF6B-E2787D0825F0}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{8163688B-6592-4A3C-8528-AB7E96881891}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{8E3CE910-9D7E-4A52-8743-B750BC0F7E97}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{95C987DA-5408-4D61-9230-785E8D638F1A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A5C9D69F-88ED-40AF-84F5-653C9BB36171}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A9769081-E63C-45E6-8F7D-5780A7A77155}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{B51B627E-7B26-4D2B-ACAA-DA242F299431}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B96B7EE4-93AF-4F7E-AFDB-2688066BA76B}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{BE2E37D2-7529-4F6E-B917-2CF9DA14289E}" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"{C13C78E0-01DE-41A3-AE75-9783A93BE0EE}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{C574FE33-02CC-434B-A8FE-FE7C068F38B9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CF0E009F-E109-49D9-8C70-D659D7436BDE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{D2CF02CC-747C-4630-B5F1-0EA222B6790B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D2F3AE9E-72B7-42B4-893D-31ED5905B5C9}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{DD50C4FB-EBE2-4C70-96AF-5B1EF177D13E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{DD8883A9-AA70-4017-9D58-5FE304E264A4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{E8AF9CFC-1DC2-4CE0-9D5B-98205E820DD6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{EB95BF7A-FD4E-4ED7-94E9-B8327AB26FDA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1BCD01F-551C-40C8-A91E-155489E1F5EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1A904AAF-DA7D-4CA1-B9D0-83BA11A91B81}C:\users\linda\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\linda\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{E3ACDBDE-882E-42D4-9899-3FEE57B5E88E}C:\users\linda\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\linda\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{007D52EF-5C70-449A-5F14-D9929DB53605}" = CCC Help Portuguese
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E049D4C-E5DC-4627-7105-036C1EE3B987}" = CCC Help German
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 27
"{26EF1B32-0812-5340-5F35-70DD616E8AE1}" = Catalyst Control Center InstallProxy
"{27107EAA-34E0-43BF-B537-7F8EF6880F5A}" = Facebook Video Calling 1.0.0.8177
"{2BEEB75C-FDBA-2BB7-59F0-FBF0CE7C38B3}" = CCC Help Chinese Standard
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{338DD0E6-76A5-FE91-1308-AD8A66BC8423}" = CCC Help English
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4AED30FE-3153-94ED-CDF7-F2583DCBB96E}" = Skins
"{510EC6E3-63BB-5E4D-31D4-DA75E763B34C}" = CCC Help Dutch
"{51B83F5C-5660-4B73-AB18-C68993FEDEB3}" = Catalyst Control Center - Branding
"{53C020C2-8C1A-11D9-8BDE-F66BAD1E3F3A}" = EndNote 9 Volume License Edition
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59D2958F-10E6-8EC5-CFAA-A7B6FC823658}" = CCC Help Thai
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62D5CF8B-408A-5E0E-8AAE-6FE1F8440133}" = CCC Help French
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6AEF5227-F00B-A0DB-B66E-7EA698E7714A}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{727DAFCB-E3AF-46E3-8A38-EB9C3EAA0A88}" = AVG 2011
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7362F29D-50E9-CE68-897C-F8B51070C3C4}" = CCC Help Korean
"{73991312-E828-43C9-25DF-70A9E1598159}" = CCC Help Polish
"{749EC964-7324-B485-DFF2-D7DBC677B3B6}" = CCC Help Hungarian
"{750952C0-2EB3-4C4F-AFA9-364E7EB06291}" = Sun xVM VirtualBox
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700}" = Rainbow Web
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FAC5211-0103-5D05-3143-4B894F98AC92}" = Catalyst Control Center Graphics Full New
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A37065-6045-FBBE-FE16-3466C604A271}" = CCC Help Turkish
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93CA4347-CC85-A9F2-D195-571F906F900B}" = Catalyst Control Center Graphics Full Existing
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A87DE250-FA96-40C5-F42F-BE7C7DB2AE9D}" = Catalyst Control Center Localization All
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AE1B67C7-152B-0D53-6EF0-D657C5FEF805}" = CCC Help Greek
"{B089EDBB-88EF-47F0-B075-CDFDE635D322}" = ccc-core-static
"{B4308C79-2E90-900C-2352-D54E7788B6C5}" = CCC Help Norwegian
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BB61FDE8-D17D-033C-74D5-E4D7D55E3EA6}" = CCC Help Chinese Traditional
"{C1F2C175-6145-E393-0C9B-C76E8DB28978}" = CCC Help Czech
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3BAE9CC-EC6B-4B3E-80C1-C1EC29A09AF8}" = OpenOffice.org 3.3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CADD320E-5DAE-43DF-B7F1-5F131C6D0EAF}" = PHS_Safeboot
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01A17F5-1D86-925D-5686-A31D08599BF4}" = CCC Help Russian
"{D3DE276B-0BD6-949B-DF5E-24B60605EC71}" = CCC Help Japanese
"{D9573B5C-9253-5074-4616-EA66C5E5FA26}" = Catalyst Control Center Graphics Light
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DFDA8637-0343-D1A8-23CE-894962CFFAB5}" = CCC Help Finnish
"{E1C371F6-F87D-FEDB-A05E-2AFFD1F1AC14}" = CCC Help Swedish
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EADC4EE5-DDE5-E9A2-437E-59EC13CD9587}" = CCC Help Danish
"{EFC9B9BB-FD5D-885D-EF8A-99356EDC779F}" = Catalyst Control Center Core Implementation
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F23E1BBB-BB4B-7FAB-71D4-6BFA6F90381F}" = ccc-utility
"{F55A764B-D08E-CEDC-99A3-ABD50267A064}" = ATI Catalyst Install Manager
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F62954FC-FB62-C577-D2E9-53516400A6F1}" = Catalyst Control Center Graphics Previews Vista
"{F674F8B6-430A-5489-3E51-F37F2FCD1278}" = CCC Help Spanish
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG" = AVG 2011
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PuTTY_is1" = PuTTY version 0.61
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"Ultravnc2_is1" = UltraVnc
"Verzoek of wijziging voorlopige aanslag 2011" = Verzoek of wijziging voorlopige aanslag 2011
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab Music Converter" = FoxTab Music Converter
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 17 September 2011 - 01:26 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Sounds like it might be a false positive. Submit the file to http://virustotal.com and see what they say about it.

Ron
  • 0

#3
Lin83
Posted 18 September 2011 - 11:26 AM

Lin83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks for the reply! Maybe a stupid question, but which file should I upload at VirusTotal? The endpoint encryption file?
Thanks so much again.
  • 0

#4
RKinner
Posted 18 September 2011 - 11:47 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
C:\program Files\McAfee\Endpoint Encryption for PC\SbSetup.exe
  • 0

#5
Lin83
Posted 18 September 2011 - 01:39 PM

Lin83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Sorry to ask again; I uploaded this file to virustotal, but I don't fully understand the outcome. Below is the output, does this mean it is not a virus? Or still undecided? Or should I wait for comments from the VT community?


0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: 66D4BBDB00F912EE508C07677DEF8D0049A7CBC5.exe
Submission date: 2010-05-27 22:26:10 (UTC)
Current status: finished
Result: 0 /41 (0.0%)
VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.27.00 2010.05.27 -
AntiVir 8.2.1.242 2010.05.27 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.27 -
Avast 4.8.1351.0 2010.05.27 -
Avast5 5.0.332.0 2010.05.27 -
AVG 9.0.0.787 2010.05.27 -
BitDefender 7.2 2010.05.27 -
CAT-QuickHeal 10.00 2010.05.27 -
ClamAV 0.96.0.3-git 2010.05.27 -
Comodo 4942 2010.05.25 -
DrWeb 5.0.2.03300 2010.05.27 -
eSafe 7.0.17.0 2010.05.27 -
eTrust-Vet 35.2.7513 2010.05.27 -
F-Prot 4.6.0.103 2010.05.27 -
F-Secure 9.0.15370.0 2010.05.27 -
Fortinet 4.1.133.0 2010.05.26 -
GData 21 2010.05.27 -
Ikarus T3.1.1.84.0 2010.05.27 -
Jiangmin 13.0.900 2010.05.27 -
Kaspersky 7.0.0.125 2010.05.27 -
McAfee 5.400.0.1158 2010.05.27 -
McAfee-GW-Edition 2010.1 2010.05.27 -
Microsoft 1.5802 2010.05.27 -
NOD32 5151 2010.05.27 -
Norman 6.04.12 2010.05.27 -
nProtect 2010-05-27.03 2010.05.27 -
Panda 10.0.2.7 2010.05.27 -
PCTools 7.0.3.5 2010.05.27 -
Prevx 3.0 2010.05.27 -
Rising 22.49.03.04 2010.05.27 -
Sophos 4.53.0 2010.05.27 -
Sunbelt 6365 2010.05.27 -
Symantec 20101.1.0.89 2010.05.27 -
TheHacker 6.5.2.0.288 2010.05.27 -
TrendMicro 9.120.0.1004 2010.05.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.27 -
VBA32 3.12.12.5 2010.05.27 -
ViRobot 2010.5.20.2326 2010.05.27 -
VirusBuster 5.0.27.0 2010.05.27 -
Additional informationShow all
MD5 : 50a8e511fa6c2968544271a1d4a50d8a
SHA1 : 301db01eafef7acd25a8c9fd10f619b17877db68
SHA256: 57b955d51010ac2269a54ec2283d228c4ba9bd20252ff079f3d3b251b4613f5e
VT Community
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
  • 0

#6
RKinner
Posted 18 September 2011 - 01:57 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
What it means is that no major anti-virus company including AVG seems to think it's malware so I would say it was just a false positive from AVG and thus nothing to worry about.

You might report it to them.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP