Author Topic: Is this threat a false positive by avg 2012 free? (Read 19056 times)

tpolcha · « **on:** April 26, 2012, 03:54:59 PM »

You recently finished helping me clean up--so why now do I have avg sensing problems from a app (realdownloader) that's been installed for some time now and and not recently even used.

AVG is currently asking me to upgrade and pay. I've noticed more lax issues during their scheduled 'buy' campaignes before.

This still troubles me because they list three threat as trojans. I couldn't find any background information on them.

Superantispyware & MBAM dont reviele any issues just the avg....

Scan "Whole computer scan" completed.
Infections   3   0   3
Folders selected for scanning:   Whole computer scan
Scan started:   Thursday, April 26, 2012, 3:00:05 PM
Scan finished:   Thursday, April 26, 2012, 3:23:27 PM (23 minute(s) 21 second(s))
Total object scanned:   1823286
User who launched the scan:   dad

Infections
   File   Infection   Result
   C:\Program Files (x86)\RealNetworks\RealDownloader\RCAPlugins\rpbgrecorderapp.dll   Trojan horse Cryptic.EBH   Infected
   C:\Program Files (x86)\RealNetworks\RealDownloader\RCAPlugins\rpbgrecorderapp.dll   Trojan horse Cryptic.EBH   Infected
   C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (912)   Trojan horse Cryptic.EBH   Infected

avg acted unstable while the app was asking what should I do with the results. I finally got the threasts quarrentined.

What do you think the next step should be??

Thanx for all you do.

Tom

SuperDave · « **Reply #1 on:** April 27, 2012, 11:08:32 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************

Quote

AVG is currently asking me to upgrade and pay. I've noticed more lax issues during their scheduled 'buy' campaignes before.

You should download a new, free AV from the list below. I'm using MSE and I'm very satisfied with it.
I would say that those are not false-positives. We should run some more scans.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition
7) ThreatFire

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
******************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

tpolcha · « **Reply #2 on:** April 28, 2012, 07:28:33 AM »

Hi SDave, thanks for helping me out again. Before I finish your instructions (later after work), what do I do with the three quarentined items in AVG free? I believed I just Q'd them, I remember the app acting strange when I was starteld to even find them.

Thanx

Tom

SuperDave · « **Reply #3 on:** April 28, 2012, 12:18:50 PM »

Quote

Before I finish your instructions (later after work), what do I do with the three quarentined items in AVG free?

If you're going to change AV's they will be gone when you uninstall AVG. If not, you can clean them out of quarantine.

tpolcha · « **Reply #4 on:** April 29, 2012, 08:27:32 AM »

I haven't made a decision about using AVG yet, maybe I just am alarmed because I don't understand how it works. Discuss more later as required.

Logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/29/2012 at 08:45 AM

Application Version : 5.0.1148

Core Rules Database Version : 8528
Trace Rules Database Version: 6340

Scan type : Complete Scan
Total Scan Time : 01:16:13

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 704
Memory threats detected : 0
Registry items scanned : 65428
Registry threats detected : 0
File items scanned : 257824
File threats detected : 0

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.28.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
dad :: OZ [administrator]

4/28/2012 8:27:20 PM
mbam-log-2012-04-28 (20-27-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 399130
Time elapsed: 48 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0

DDS1:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by dad at 9:13:44 on 2012-04-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4863.3269 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.valp.net/
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1
GRVc5Ny1PVTZF"&"inst=NzctNTM5MDI1MDk3LUZMMTArMS1UVUcrMy1MSUMrOC1ERFQrNTU0NTktTFNEKz
ItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFOK zEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEt RjEwTTEy
QVRCKzEtRjEwTTEyQisx"&"prod=90"&"ver=10.0.1411
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: C:\Users\dad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 204.49.178.17 207.14.235.234
TCP: Interfaces\{7E8810BD-486D-4A2F-B5CC-E3E01867A006} : DhcpNameServer = 204.49.178.17 207.14.235.234
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\
BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF"&"inst=NzctNTM5MDI1MDk3LUZMMTArMS
1UVUcrMy1MSUMrOC1ERFQrNTU0NTktTFNEKzItR EQx
MEYrMS1TVDEwRkFQUCsxLUYxME0xMkFOKzEtRjE wTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTT EyQVRCKzEtRjEwTTEyQisx"&"prod=90"&"ver=10.0.1411
IE-X64: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-9 365568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE [2012-2-20 193816]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe [2011-5-26 286000]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-8-15 635416]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-2-9 31408]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;\??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys --> C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [?]
R3 pctNdisMP;PC Tools Driver;C:\Windows\system32\DRIVERS\pctNdis64.sys --> C:\Windows\system32\DRIVERS\pctNdis64.sys [?]
R3 pctplfw;pctplfw;\??\C:\Windows\System32\drivers\pctplfw64.sys --> C:\Windows\System32\drivers\pctplfw64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-3 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 253088]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE [2012-2-20 240408]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-3 136176]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;C:\Windows\system32\DRIVERS\pctNdis64.sys --> C:\Windows\system32\DRIVERS\pctNdis64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-26 20:01:07   --------   d--h--w-   C:\$AVG
2012-04-12 14:46:35   --------   d-----w-   C:\Program Files (x86)\SpywareBlaster
2012-04-11 19:33:07   81408   ----a-w-   C:\Windows\System32\imagehlp.dll
2012-04-11 19:33:07   23408   ----a-w-   C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 19:33:07   159232   ----a-w-   C:\Windows\SysWow64\imagehlp.dll
2012-04-11 19:33:06   5120   ----a-w-   C:\Windows\SysWow64\wmi.dll
2012-04-11 19:33:06   5120   ----a-w-   C:\Windows\System32\wmi.dll
2012-04-11 19:33:06   220672   ----a-w-   C:\Windows\System32\wintrust.dll
2012-04-11 19:33:06   172544   ----a-w-   C:\Windows\SysWow64\wintrust.dll
2012-04-05 21:22:11   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-04-05 21:12:15   98816   ----a-w-   C:\Windows\sed.exe
2012-04-05 21:12:15   518144   ----a-w-   C:\Windows\SWREG.exe
2012-04-05 21:12:15   256000   ----a-w-   C:\Windows\PEV.exe
2012-04-05 21:12:15   208896   ----a-w-   C:\Windows\MBR.exe
2012-04-05 21:12:07   --------   d-----w-   C:\ComboFix
2012-04-04 14:27:07   --------   d-----w-   C:\Program Files (x86)\ESET
2012-04-01 04:46:48   8741536   ----a-w-   C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 03:54:57   418464   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-13 22:46:51   70304   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 20:56:40   24904   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-03-17 13:18:08   55384   ----a-w-   C:\Windows\System32\drivers\SBREDrv.sys
2012-03-11 19:14:22   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-03-06 06:53:37   5559152   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47   3968368   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41   3913072   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48   2311168   ----a-w-   C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56   1390080   ----a-w-   C:\Windows\System32\wininet.dll
2012-02-28 06:48:57   1493504   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55   1799168   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21   1427456   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07   1127424   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07   1544192   ----a-w-   C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43   1077248   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34   3145728   ----a-w-   C:\Windows\System32\win32k.sys
.
============= FINISH: 9:14:16.60 ===============

DDS2:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/31/2011 10:45:47 PM
System Uptime: 4/29/2012 3:35:29 AM (6 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Athlon(tm) II X2 240 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 584 GiB total, 478.475 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.462 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_SDHOOKDRIVER\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_SDHOOKDRIVER\0000
Service:
.
==== System Restore Points ===================
.
RP227: 1/24/2012 8:38:45 AM - Removed Java(TM) 6 Update 30
RP228: 1/24/2012 8:55:52 AM - jan24
RP229: 1/24/2012 9:15:03 AM - Installed Java(TM) 6 Update 30
RP230: 1/24/2012 9:17:55 AM - Installed Java(TM) 6 Update 30 (64-bit)
RP231: 1/24/2012 9:48:23 AM - Revo Uninstaller's restore point - Avidemux 2.5
RP232: 1/28/2012 3:22:24 PM - CheckIfInstallerIsBusy
RP233: 1/28/2012 3:23:20 PM - Windows Live Essentials
RP234: 1/28/2012 3:23:49 PM - Installed DirectX
RP235: 1/28/2012 3:24:18 PM - Installed DirectX
RP236: 1/28/2012 3:26:28 PM - WLSetup
RP237: 1/30/2012 3:34:18 PM - Revo Uninstaller's restore point - Google Earth
RP238: 1/30/2012 3:35:52 PM - Removed Google Earth.
RP239: 2/1/2012 10:20:21 PM - HPSF Restore Point
RP240: 2/4/2012 4:09:58 PM - Installed HP Support Assistant
RP241: 2/4/2012 4:13:40 PM - Windows Modules Installer
RP242: 2/4/2012 4:14:33 PM - Windows Modules Installer
RP243: 2/8/2012 5:00:32 PM - opt out from cookies
RP244: 2/15/2012 3:19:02 PM - Windows Update
RP245: 2/22/2012 4:48:02 PM - Scheduled Checkpoint
RP246: 3/1/2012 9:48:59 AM - Scheduled Checkpoint
RP247: 3/6/2012 9:00:24 PM - Windows Update
RP248: 3/11/2012 2:13:31 PM - Installed Java(TM) 6 Update 31
RP249: 3/11/2012 2:21:43 PM - Windows Update
RP250: 3/11/2012 2:23:54 PM - Windows Update
RP251: 3/13/2012 9:00:24 PM - Windows Update
RP252: 3/14/2012 4:07:14 PM - Revo Uninstaller's restore point - RealPlayer
RP253: 3/14/2012 9:00:23 PM - Windows Update
RP254: 3/17/2012 8:05:24 AM - Installed Ad-Aware
RP255: 3/17/2012 8:06:54 AM - Installed Ad-Aware
RP256: 3/18/2012 5:36:13 PM - HPSF Restore Point
RP257: 3/21/2012 10:05:29 AM - Revo Uninstaller's restore point - ffdshow v1.1.3572 [2010-09-13]
RP258: 3/27/2012 8:37:46 AM - 27mar12
RP259: 3/29/2012 6:21:46 AM - Revo Uninstaller's restore point - Ad-Aware
RP260: 3/29/2012 6:22:06 AM - Removed Ad-Aware
RP261: 3/29/2012 6:24:27 AM - Revo Uninstaller's restore point - Ad-Aware Security Toolbar
RP262: 3/29/2012 6:27:51 AM - Revo Uninstaller's restore point - SpywareBlaster 4.6
RP263: 4/2/2012 3:45:20 AM - HPSF Restore Point
RP264: 4/5/2012 4:12:25 PM - ComboFix created restore point
RP265: 4/11/2012 2:32:50 PM - Windows Update
RP266: 4/12/2012 9:50:48 AM - Revo Uninstaller's restore point - AVS Update Manager 1.0
RP267: 4/12/2012 9:53:20 AM - Revo Uninstaller's restore point - AVS Video Converter 8
RP268: 4/12/2012 9:55:15 AM - Revo Uninstaller's restore point - AVS4YOU Software Navigator 1.4
RP269: 4/12/2012 9:57:06 AM - Revo Uninstaller's restore point - Prism Video File Converter
RP270: 4/20/2012 5:05:58 AM - Scheduled Checkpoint
RP271: 4/27/2012 5:31:19 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader X (10.1.3)
AMD VISION Engine Control Center
AviSynth 2.5
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
BufferChm
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
CyberLink DVD Suite Deluxe
D3DX10
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
DVD Menu Pack for HP MediaSmart Video
Escape Rosecliff Island
ESET Online Scanner v3
FATE
Feedback Tool
File Repair
Final Drive Nitro
Freemake Video Converter version 3.0.2
Google Earth
Google Update Helper
GPBaseService2
Haali Media Splitter
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Product Detection
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Hulu Desktop
HydraVision
Java Auto Updater
Java(TM) 6 Update 31
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.3
PC Tools Firewall Plus 7.0
PDF Complete Special Edition
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
RealDownloader
Realtek High Definition Audio Driver
Recovery Manager
Revo Uninstaller 1.93
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
SF_CDA_Software
SmartWebPrinting
SolutionCenter
Sothink Video Converter
SpywareBlaster 4.6
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
WebReg
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
YouTube Downloader 3.5
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
4/28/2012 7:12:31 PM, Error: Service Control Manager [7000] - The AODDriver4.0 service failed to start due to the following error: The system cannot find the path specified.
4/27/2012 7:44:23 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/27/2012 7:44:23 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================

SuperDave · « **Reply #5 on:** April 29, 2012, 12:05:55 PM »

I see you are running Poker Stars. Poker Stars has a history of distributing spyware in their products. However, security experts still question this program as good or bad. I recommend to remove it to prevent spyware, but it is up to you to decide if you want to keep it.

If you would like to uninstall it, do so as follows:

Press Start, and navigate to the Control Panel. When in the control panel enter Add or Remove programs. Search for and locate PokerStars, and either click Change/Remove or Remove.
*********************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

tpolcha · « **Reply #6 on:** April 30, 2012, 05:14:03 AM »

One question before I start your latest set of instructions..... I opened Programs and Features and do not see 'pokerstars'. I see it on the dds report

. Also I didn't install it, I dont play it. As a matter of fact, I didn't install any of those games, I don't know where they came from; I think they have always been their. How do I get rid of it / them now?

Just to make sure I explained myself correctly; I tried....

Code: [Select]

Press Start, and navigate to the Control Panel. When in the control panel enter Add or Remove programs. Search for and locate PokerStars, and either click Change/Remove or Remove

Poker stars is not on the list of programs to remove.

What next?

SuperDave · « **Reply #7 on:** April 30, 2012, 12:45:00 PM »

Quote

One question before I start your latest set of instructions..... I opened Programs and Features and do not see 'pokerstars'. I see it on the dds report . Also I didn't install it, I dont play it. As a matter of fact, I didn't install any of those games, I don't know where they came from; I think they have always been their. How do I get rid of it / them now?

Sometimes those programs have their own uninstallers. You can check by going to Start, All Programs and put your mouse on the program. If there's an uninstaller it will show up there. If there's no other way just go to your C drive and delete it. It's not the best way to do it but it will get rid of them.

tpolcha · « **Reply #8 on:** April 30, 2012, 06:59:09 PM »

I think I completed all your instructions, JAVA seems complicated. 32/64 jre se's jru's etc.

I still have get rid of poker stars, didn't find it the first time I srolled down 'my computer'.

Combofix auto restarted my pc:

ComboFix 12-04-31.02 - dad 04/30/2012 19:31:37.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4863.3363 [GMT -5:00]
Running from: c:\users\dad\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-05-01 00:36 . 2012-05-01 00:36   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-05-01 00:36 . 2012-05-01 00:36   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-05-01 00:08 . 2012-05-01 00:08   --------   d-----w-   c:\program files\Java
2012-04-30 23:51 . 2012-04-30 23:50   476960   ----a-w-   c:\windows\SysWow64\npdeployJava1.dll
2012-04-30 23:50 . 2012-04-30 23:50   --------   d-----w-   c:\program files (x86)\Java
2012-04-26 20:01 . 2012-04-26 20:01   --------   d-----w-   C:\$AVG
2012-04-12 14:46 . 2012-04-30 23:21   --------   d-----w-   c:\program files (x86)\SpywareBlaster
2012-04-11 19:33 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-04-11 19:33 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
2012-04-11 19:33 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-04-11 19:33 . 2012-03-01 06:38   220672   ----a-w-   c:\windows\system32\wintrust.dll
2012-04-11 19:33 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-04-11 19:33 . 2012-03-01 05:37   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-04-11 19:33 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2012-04-04 14:27 . 2012-04-04 14:27   --------   d-----w-   c:\program files (x86)\ESET
2012-04-01 04:46 . 2012-04-13 22:46   8741536   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 03:54 . 2012-04-13 22:46   418464   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 00:08 . 2012-01-13 22:36   955848   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-05-01 00:08 . 2011-02-04 02:26   839112   ----a-w-   c:\windows\system32\deployJava1.dll
2012-04-30 23:50 . 2012-01-24 15:15   472864   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-04-13 22:46 . 2011-05-18 00:39   70304   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2011-03-27 12:37   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-17 13:18 . 2012-03-17 13:18   55384   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2012-03-14 08:49 . 2012-03-14 08:49   5679896   ----a-w-   c:\programdata\Microsoft\BingBar\BBSvc\7.1.364.
0oemBingBarSetup-Partner.EXE
2012-02-17 06:38 . 2012-03-13 18:56   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 18:56   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 18:56   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 18:56   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 19:10   1544192   ----a-w-   c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 19:10   1077248   ----a-w-   c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 19:10   3145728   ----a-w-   c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-05_21.22.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-11 19:36 . 2012-02-28 01:03   72704 c:\windows\SysWOW64\mshtmled.dll
- 2012-02-15 21:19 . 2011-12-14 02:50   72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-04-11 19:36 . 2012-02-28 01:08   66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-02-15 21:19 . 2011-12-14 02:54   66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-04-11 19:36 . 2012-02-28 01:08   65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-02-15 21:19 . 2011-12-14 02:54   65024 c:\windows\SysWOW64\jsproxy.dll
- 2009-07-14 04:54 . 2012-04-05 20:38   32768 c:\windows\SysWOW64\config\systemprofile\
AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-30 23:18   32768 c:\windows\SysWOW64\config\systemprofile\AppData\
Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-30 23:18   65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\
Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 20:38   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\
Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-30 23:18   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\
Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-15 21:13 . 2012-04-30 23:20   72130 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-30 23:20   54176 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-01 05:11 . 2012-04-30 23:20   22304 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\
S-1-5-21-695407617-4092557604-1177317012-1000_UserData.bin
- 2012-02-15 21:19 . 2011-12-14 06:57   96256 c:\windows\system32\mshtmled.dll
+ 2012-04-11 19:36 . 2012-02-28 06:43   96256 c:\windows\system32\mshtmled.dll
- 2012-02-15 21:19 . 2011-12-14 07:02   86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-04-11 19:36 . 2012-02-28 06:47   86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-04-11 19:36 . 2012-02-28 06:47   85504 c:\windows\system32\jsproxy.dll
- 2012-02-15 21:19 . 2011-12-14 07:01   85504 c:\windows\system32\jsproxy.dll
- 2011-02-01 17:23 . 2012-04-05 21:11   16384 c:\windows\system32\config\systemprofile\AppData\
Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-01 17:23 . 2012-05-01 00:23   16384 c:\windows\system32\config\systemprofile\AppData\
Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-01 17:23 . 2012-04-05 21:11   32768 c:\windows\system32\config\systemprofile\AppData\Local\
Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-29 15:11 . 2012-05-01 00:23   32768 c:\windows\system32\config\systemprofile\AppData\Local\
Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-01 00:23   16384 c:\windows\system32\config\systemprofile\AppData\Local\
Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 21:11   16384 c:\windows\system32\config\systemprofile\AppData\Local\
Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-17 21:44   94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-03-07 03:02 . 2012-03-07 03:02   87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\
WindowsFormsIntegration.dll+ 2012-04-11 19:39 . 2012-04-11 19:39   87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\
UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   93024 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   35688 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   35688 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   11120 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   11120 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   17784 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Windows.Presentation\v4.0_4.0.0.0__
b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   17784 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Windows.Presentation\v4.0_4.0.0.0__
b77a5c561934e089\System.Windows.Presentation.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   58240 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__
b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   58240 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__
b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   44920 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__
31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   44920 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__
31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   37240 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__
31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   37240 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__
31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   64352 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   64352 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   51032 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   51032 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   50552 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__
b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   50552 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__
b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   81784 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Configuration.Install\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   81784 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Configuration.Install\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   68952 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   68952 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-03-07 03:02 . 2012-03-07 03:02   12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-03-07 03:02 . 2012-03-07 03:02   97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\
Microsoft.VisualBasic.Compatibility.Dat a\v4.0_10.0.0.0__
b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\
Microsoft.VisualBasic.Compatibility.Dat a\v4.0_10.0.0.0__
b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-20 22:24 . 2012-04-20 22:24   65536 c:\windows\Installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2012-04-20 22:24 . 2012-04-20 22:24   65536 c:\windows\Installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2012-04-20 22:24 . 2012-04-20 22:24   65536 c:\windows\Installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2012-04-20 22:24 . 2012-04-20 22:24   65536 c:\windows\Installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2012-04-20 22:24 . 2012-04-20 22:24   65536 c:\windows\Installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2012-04-20 22:24 . 2012-04-20 22:24   65536 c:\windows\Installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2012-04-20 22:24 . 2012-04-20 22:24   65536 c:\windows\Installer\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2012-04-11 19:54 . 2012-04-11 19:54   54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\66b5c693a8aa660276216d7a521da5e2\System.Web.DynamicData.Design.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\5aa50d178dd6774b1d6b46a0997f0b95\WindowsLiveWriter.ni.exe
+ 2012-04-11 19:58 . 2012-04-11 19:58   36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1371ed674fc04f510cb41524e2d4322d\System.Web.DynamicData.Design.ni.dll
- 2012-04-05 21:21 . 2012-04-05 21:21   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-01 00:38 . 2012-05-01 00:38   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-01 00:38 . 2012-05-01 00:38   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-05 21:21 . 2012-04-05 21:21   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-11 19:36 . 2012-02-28 01:09   231936 c:\windows\SysWOW64\url.dll
- 2012-02-15 21:19 . 2011-12-14 02:55   231936 c:\windows\SysWOW64\url.dll
+ 2012-04-13 22:46 . 2012-04-13 22:46   353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe
+ 2012-04-13 21:47 . 2012-04-13 21:47   353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
+ 2012-04-13 21:47 . 2012-04-13 21:47   424608 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.dll
+ 2012-04-01 03:54 . 2012-04-13 22:46   253088 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-11 19:36 . 2012-02-28 01:06   716800 c:\windows\SysWOW64\jscript.dll
- 2012-02-15 21:19 . 2011-12-14 02:53   716800 c:\windows\SysWOW64\jscript.dll
+ 2012-04-30 23:51 . 2012-04-30 23:50   157472 c:\windows\SysWOW64\javaws.exe
- 2012-03-11 19:14 . 2012-03-11 19:14   157472 c:\windows\SysWOW64\javaws.exe
+ 2012-04-30 23:51 . 2012-04-30 23:50   149280 c:\windows\SysWOW64\javaw.exe
- 2012-03-11 19:14 . 2012-03-11 19:14   149280 c:\windows\SysWOW64\javaw.exe
+ 2012-04-30 23:51 . 2012-04-30 23:50   149280 c:\windows\SysWOW64\java.exe
- 2012-03-11 19:14 . 2012-03-11 19:14   149280 c:\windows\SysWOW64\java.exe
+ 2012-04-11 19:36 . 2012-02-28 00:59   176640 c:\windows\SysWOW64\ieui.dll
- 2012-02-15 21:19 . 2011-12-14 02:47   176640 c:\windows\SysWOW64\ieui.dll
+ 2011-09-25 09:35 . 2012-04-30 23:18   262144 c:\windows\SysWOW64\config\systemprofile\
AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-09-25 09:35 . 2012-04-05 20:38   262144 c:\windows\SysWOW64\config\systemprofile\
AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-02-02 04:59 . 2012-04-29 23:18   327136 c:\windows\system32\wdi\
SuspendPerformanceDiagnostics_SystemDat a_FastS4.bin
+ 2012-04-11 19:36 . 2012-02-28 06:48   237056 c:\windows\system32\url.dll
- 2012-02-15 21:19 . 2011-12-14 07:03   237056 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-04-11 19:38   624128 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-11 19:38   106504 c:\windows\system32\perfc009.dat
+ 2012-04-13 22:46 . 2012-04-13 22:46   630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_Plugin.exe
+ 2012-04-13 21:46 . 2012-04-13 21:46   630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe
+ 2012-04-13 21:46 . 2012-04-13 21:46   462496 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.dll
+ 2012-04-11 19:36 . 2012-02-28 06:45   818688 c:\windows\system32\jscript.dll
- 2012-02-15 21:19 . 2011-12-14 07:00   818688 c:\windows\system32\jscript.dll
+ 2012-05-01 00:08 . 2012-05-01 00:08   268744 c:\windows\system32\javaws.exe
+ 2012-05-01 00:08 . 2012-05-01 00:08   189384 c:\windows\system32\javaw.exe
+ 2012-05-01 00:08 . 2012-05-01 00:08   188872 c:\windows\system32\java.exe
- 2012-02-15 21:19 . 2011-12-14 06:53   248320 c:\windows\system32\ieui.dll
+ 2012-04-11 19:36 . 2012-02-28 06:39   248320 c:\windows\system32\ieui.dll
- 2009-07-14 05:12 . 2012-04-04 14:26   262144 c:\windows\system32\config\systemprofile\
AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-04-28 00:53   262144 c:\windows\system32\config\systemprofile\A
ppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-05-01 00:36   297932 c:\windows\ServiceProfiles\LocalService\
AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-05 21:20   297932 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-21 22:40 . 2012-01-21 22:40   616216 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
+ 2012-04-11 19:29 . 2012-01-26 23:31   630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-01-21 22:40 . 2012-01-21 22:40   616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2012-04-11 19:29 . 2012-01-26 23:33   630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   350592 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__
31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   350592 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__
31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   163168 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   163168 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   138592 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   138592 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   699224 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   699224 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   857960 c:\windows\Microsoft.NET\
assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   857960 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Web.Services\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   675672 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   675672 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   113512 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.ServiceProcess\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   113512 c:\windows\Microsoft.NET\assembly\
GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   129912 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__
31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   129912 c:\windows\Microsoft.NET\assembly\
GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__3
1bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   390008 c:\windows\Microsoft.NET\assembly\
GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__
31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   390008 c:\windows\Microsoft.NET\assembly\
GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__
31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   505208 c:\windows\Microsoft.NET\assembly\
GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__
31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   505208 c:\windows\Microsoft.NET\assembly\
GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__
31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   261472 c:\windows\Microsoft.NET\assembly\
GAC_MSIL\System.Security\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.Security.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   261472 c:\windows\Microsoft.NET\
assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.Security.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   122264 c:\windows\Microsoft.NET\assembly\
GAC_MSIL\System.Runtime.Serialization.
Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   122264 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_
4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   291184 c:\windows\Microsoft.NET\assembly\
GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__
b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   291184 c:\windows\Microsoft.NET\assembly\
GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__
b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   349568 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__
31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   349568 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__
31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   134528 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__
b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   134528 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__
b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   392552 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   392552 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   125816 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__
b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   125816 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__
b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   120152 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Dynamic\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   120152 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Dynamic\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   616216 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Drawing\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   395120 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.DirectoryServices\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   395120 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.DirectoryServices\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   182144 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   182144 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__
b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__
b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   829280 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Deployment\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.Deployment.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   829280 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Deployment\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.Deployment.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   747360 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   747360 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   436600 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Data.Services.Client\v4.0_4.0.0.0__
b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   436600 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Data.Services.Client\v4.0_4.0.0.0__
b77a5c561934e089\System.Data.Services.Client.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   683872 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   683872 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   409448 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Configuration\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   409448 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Configuration\v4.0_4.0.0.0__
b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   210816 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__
b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   210816 c:\windows\Microsoft.NET\assembly\GAC_

MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__
b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   149848 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   149848 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   122248 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__
31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   122248 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__3
1bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   525704 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__
31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   525704 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__
31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   112976 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   112976 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   581464 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   581464 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   832856 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   832856 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   194424 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__
31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   194424 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__
31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   478576 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__
31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   478576 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__
31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   167288 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__
31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   167288 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__
31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   232304 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__3
1bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   232304 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__
31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   661352 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__
b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   661352 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__
b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   349576 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__
b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   349576 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__
b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   387960 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__
b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   387960 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__
b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   746336 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\Microsoft.JScript\v4.0_10.0.0.0__
b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   746336 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\Microsoft.JScript\v4.0_10.0.0.0__
b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   505184 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\Microsoft.CSharp\v4.0_4.0.0.0__
b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   505184 c:\windows\Microsoft.NET\assembly\GAC_
MSIL\Microsoft.CSharp\v4.0_4.0.0.0__
b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   288616 c:\windows\Microsoft.NET\assembly\
GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   288616 c:\windows\Microsoft.NET\assembly\
GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   335712 c:\windows\Microsoft.NET\assembly\
GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-04-11 19:39 . 2012-04-11 19:39   335712 c:\windows\Microsoft.NET\assembly\
GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   269672 c:\windows\Microsoft.NET\assembly\
GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   269672 c:\windows\Microsoft.NET\assembly\
GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   334688 c:\windows\Microsoft.NET\assembly\
GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   334688 c:\windows\Microsoft.NET\assembly\
GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-11 19:38 . 2012-04-11 19:38   170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-03-07 03:02 . 2012-03-07 03:02   170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-05-01 00:07 . 2012-05-01 00:07   890880 c:\windows\Installer\2e3605.msi
+ 2012-04-30 23:49 . 2012-04-30 23:49   906752 c:\windows\Installer\1151d8.msi
+ 2012-02-04 22:10 . 2012-02-04 22:10   877624 c:\windows\assembly\temp\
EI0P561YXK\HP.SupportFramework.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\3893bfa343bfd255531a743ffa660722\WindowsFormsIntegration.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\a38a67bfd6245b2f72eb918a57d37bcd\System.ServiceProcess.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\cdf11c8e0679ce7ff91dc37c6e1b5545\System.Messaging.ni.dll
+ 2012-04-11 19:55 . 2012-04-11 19:55   289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\81c23cf78d9779b1447762a8ffb26d0b\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-11 19:59 . 2012-04-11 19:59   253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ebd99d5801192b27f605630e2665db37\WindowsFormsIntegration.ni.dll
+ 2012-04-11 19:58 . 2012-04-11 19:58   221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9cabbb335fc6dff10392376707a4d0a2\System.ServiceProcess.ni.dll
+ 2012-04-11 19:58 . 2012-04-11 19:58   626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\621d2aae96fd06f9ccf66d335d7f1232\System.Messaging.ni.dll
+ 2012-04-11 19:58 . 2012-04-11 19:58   219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\62c9a6fe14577f82bcd2a8420b8fa2db\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-11 19:54 . 2012-04-11 19:54   329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\718e8186ee8de8555888be444b86d443\WindowsFormsIntegration.ni.dll
+ 2012-04-11 19:54 . 2012-04-11 19:54   304128 c:\windows\assembly\NativeImages_v2.0.50727_64\
TaskScheduler\
6138a7bf63fa559ffe856b586e369ba2\TaskScheduler.ni.dll
+ 2012-04-11 19:54 . 2012-04-11 19:54   187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\01e6d953aaaada7216112df9e0f39c11\System.Web.Routing.ni.dll
+ 2012-04-11 19:54 . 2012-04-11 19:54   449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\32b4d44198ecd16ca5deb1024642313f\System.Web.Entity.ni.dll
+ 2012-04-11 19:54 . 2012-04-11 19:54   398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\9d7b9e05e5bc7eab07de61a8dd70757a\System.Web.Entity.Design.ni.dll
+ 2012-04-11 19:54 . 2012-04-11 19:54   753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\e59cbe4ccb29922c44bf66d3ae044b32\System.Web.DynamicData.ni.dll
+ 2012-04-11 19:54 . 2012-04-11 19:54   204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\cb674da808088671f0633d46d1dade03\System.Web.Abstractions.ni.dll
+ 2012-04-11 19:51 . 2012-04-11 19:51   295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\2ea95f3113ace6c1adf4ab9f9fc4285e\System.ServiceProcess.ni.dll
+ 2012-04-11 19:52 . 2012-04-11 19:52   783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\c5bef7173a92e1a66e3f7a34eeed891f\System.Messaging.ni.dll
+ 2012-04-11 19:51 . 2012-04-11 19:51   288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a94125636875d06389922fcd86b7a615\System.Drawing.Design.ni.dll
+ 2012-04-11 19:54 . 2012-04-11 19:54   855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\cc4082d64c96ff7569aa540b2bfb4e4e\napsnap.ni.dll
+ 2012-04-11 19:54 . 2012-04-11 19:54   162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\30d62e0be22cd4569141c32f8650773b\napinit.ni.dll
+ 2012-04-11 19:53 . 2012-04-11 19:53   417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\0da2c8a454593084e0215266b5572bf0\MMCFxCommon.ni.dll
+ 2012-04-11 19:53 . 2012-04-11 19:53   312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ecaf4199c3937827b85be8e8ac36de2b\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-04-11 19:53 . 2012-04-11 19:53   152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8dd963b1ac45ad4d484855d9853747bd\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-04-11 19:53 . 2012-04-11 19:53   798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\fe924ef08b715e71e410270c60cc372c\Microsoft.ManagementConsole.ni.dll
+ 2012-04-11 19:53 . 2012-04-11 19:53   549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\857d04eadbf226277488bfabfda2a01d\mcplayerinterop.ni.dll
+ 2012-04-11 19:53 . 2012-04-11 19:53   696320 c:\windows\assembly\NativeImages_v2.0.50727_64\
mcGlidHostObj\7a2e04f455b793a14e9d1df5fdd93bf7\mcGlidHostObj.ni.dll
+ 2012-04-11 19:53 . 2012-04-11 19:53   659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\56c25b27b777af0b93999261cfeec0cd\EventViewer.ni.dll
+ 2012-04-11 19:52 . 2012-04-11 19:52   389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\2c9f3eaa3e79d491c1e29ab58fdcc54a\ehExtHost.ni.exe
+ 2012-04-11 19:57 . 2012-04-11 19:57   634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\d18f95503898b5d36f34b0c2872e3bf8\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dfc4c5fb2fd7cf7ef2ca7904ed8894cd\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c1cebbe0a603a48640715cc614a56e17\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7199c63efa6d23b6c1d6b9ff71c398b8\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6f253f7ba5f5f6c78b49e04ced9dd12a\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6dcc537cfbcba1817782f9e511c2e723\WindowsLive.Writer.Interop.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56037ee13224135f0d3ee8880bbb33fc\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\33a88abae7d5ca2d8ead246bf37f50e1\WindowsLive.Writer.Api.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1b9c8bb92aacd9125d1e28ca09671a91\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1813db84c903f2ef58c0ba888a4facb8\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d389bf5258c236e30054063334a45ee\WindowsLive.Writer.Controls.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\4725a5afe563175d731fa6b5c338803b\WindowsLive.Client.ni.dll
+ 2012-04-11 19:57 . 2012-04-11 19:57   240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\688abb339fb8301c37b0889a0d01dfa3\WindowsFormsIntegration.ni.dll
+ 2012-04-11 19:58 . 2012-04-11 19:58   245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\97d8bd8f21969a91b7c5171031250d1e\TaskScheduler.ni.dll
+ 2012-04-11 19:58 . 2012-04-11 19:58   129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\2d9aab831590b771aa70cd6991f7af88\System.Web.Routing.ni.dll
+ 2012-04-11 19:58 . 2012-04-11 19:58   860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\47e3f7fa0b07e85e269f2e152e0e5e29\System.Web.Extensions.Design.ni.dll
+ 2012-04-11 19:58 . 2012-04-11 19:58   328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\3595f5769afb7d38aa5a05abef97364c\System.Web.Entity.ni.dll
+ 2012-04-11 19:58 . 2012-04-11 19:58   301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\7485eeab1b46532b35d7ab5814a43a30\System.Web.Entity.Design.ni.dll
+ 2012-04-11 19:58 . 2012-04-11 19:58   547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ec083a1d2f94e4c565545f9d090c5039\System

SuperDave · « **Reply #9 on:** May 01, 2012, 01:26:19 PM »

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

tpolcha · « **Reply #10 on:** May 01, 2012, 04:20:52 PM »

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\ [Fixed-NTFS] .. ( Total:584 Go - Free:478 Go )
D:\ [Fixed-NTFS] .. ( Total:11 Go - Free:1 Go )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
.
Scan : 17:16.40
Path : C:\Users\dad\Documents\Rooter.exe
User : dad ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______

?

?? (260)
______

?

?? (404)
______

?

?? (484)
______

?

?? (492)
______

?

?? (536)
______

?

?? (592)
______

?

?? (600)
______

?

?? (608)
______

?

?? (716)
______

?

?? (796)
______

?

?? (872)
______

?

?? (924)
______

?

?? (964)
______

?

?? (988)
______

?

?? (632)
______

?

?? (812)
______

?

?? (1212)
______

?

?? (1244)
______

?

?? (1272)
______

?

?? (1468)
______

?

?? (1496)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1516)
______

?

?? (1616)
______ C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (1644)
______ C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe (1676)
______ C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (1708)
______ C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe (1736)
______ C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (1792)
______ C:\Windows\SysWOW64\svchost.exe (1840)
______ c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (1884)
______

?

?? (1928)
______ C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe (1968)
______ C:\Program Files (x86)\PDF Complete\pdfsvc.exe (1448)
______

?

?? (1572)
______ C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (1460)
______

?

?? (1764)
______

?

?? (2056)
______

?

?? (2128)
______

?

?? (2220)
______ C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (2236)
______

?

?? (2292)
______

?

?? (2560)
______

?

?? (2696)
______

?

?? (2968)
______

?

?? (3908)
______

?

?? (4024)
______

?

?? (4076)
______ C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (2772)
______ C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (2324)
______

?

?? (2368)
______ C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (3760)
______ C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (1724)
______ C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (1292)
______ C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (1404)
______ C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (2988)
______ C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (2792)
______

?

?? (3228)
______

?

?? (1936)
______

?

?? (3800)
______

?

?? (4120)
______

?

?? (4892)
Locked audiodg.exe (4548)
______ C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe (420)
______

?

?? (3160)
______

?

?? (3780)
______

?

?? (3360)
______

?

?? (3524)
______

?

?? (4772)
______

?

?? (3660)
______

?

?? (4732)
______

?

?? (416)
______ C:\Users\dad\Documents\Rooter.exe (4576)
.
----------------------\\ Device\Harddisk0\
.

tpolcha · « **Reply #11 on:** May 01, 2012, 05:12:14 PM »

I finally found pokerstars3 way, way down in a wild tangent\gamedata\gamediscovery folder along with 20 other games I don't use so I don't recognize.

It's a .xml format 8kb in size. Is this the culpret you speak of for deletion in 'my computer'? I never found an uninstaller.

SuperDave · « **Reply #12 on:** May 01, 2012, 05:15:24 PM »

How's your computer running now?

Quote

I finally found pokerstars3 way, way down in a wild tangent\gamedata\gamediscovery folder along with 20 other games I don't use so I don't recognize.

WildTangent is another program that shouldn't be on your computer. They usually get installed along with some other program.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

tpolcha · « **Reply #13 on:** May 02, 2012, 04:56:09 AM »

When the eset scan finished it indicared 'no threats found'.

I think its running better except IE9 can be eratic. Either maybe I or something else may have made changes to ie9 settings. I know I was in their once and tried to undo what I did. Maybe you can review or recommend me to someone and start a new thread to discuss ie9 settings.

For now, should I delete the entire wild tangent folder? Can that cause other problems or will wt and all it came with just go away?

SuperDave · « **Reply #14 on:** May 02, 2012, 01:06:18 PM »

Quote

For now, should I delete the entire wild tangent folder? Can that cause other problems or will wt and all it came with just go away?

Here's the lowdown on WildTangent. As for the browser, there is a special forum on this site for browsers.

Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driveror anything related to WildTangent.
*******************************************************
Download this program and run it Uninstall ComboFix .It will remove ComboFix for you
*************************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Computer Hope Forum

News:

Author Topic: Is this threat a false positive by avg 2012 free? (Read 19056 times)

tpolcha

Is this threat a false positive by avg 2012 free?

SuperDave

Re: Is this threat a false positive by avg 2012 free?

tpolcha

Re: Is this threat a false positive by avg 2012 free?

SuperDave

Re: Is this threat a false positive by avg 2012 free?

tpolcha

Re: Is this threat a false positive by avg 2012 free?

SuperDave

Re: Is this threat a false positive by avg 2012 free?

tpolcha

Re: Is this threat a false positive by avg 2012 free?

SuperDave

Re: Is this threat a false positive by avg 2012 free?

tpolcha

Re: Is this threat a false positive by avg 2012 free?

SuperDave

Re: Is this threat a false positive by avg 2012 free?

tpolcha

Re: Is this threat a false positive by avg 2012 free?

tpolcha

Re: Is this threat a false positive by avg 2012 free?

SuperDave

Re: Is this threat a false positive by avg 2012 free?

tpolcha

Re: Is this threat a false positive by avg 2012 free?

SuperDave

Re: Is this threat a false positive by avg 2012 free?