Firefox issue

[johnb35]

Please uninstall the following.

µTorrent - Your discretion of course.
Advertising Center
Java Auto Updater
Java(TM) 6 Update 26
MarketResearch
TuneUp Utilities 2012 - Your discretion but highly recommended to uninstall it as its not needed.
TuneUp Utilities Language Pack (en-US)


Then download the latest version of java here.

www.java.com

 

[Motorcharge]

Removed most of it. I'm assuming the issue is taken care of because it hasn't acted up since last night.

 

[johnb35]

Thats a good sign. Let me know if it comes back. You would be surprised what the smallest little malware will do to a system.

 

[Motorcharge]

First time I've had trouble finding it on my system in at least 5 years lol

 

[Motorcharge]

New issue, not sure if it's related, but if it's not it's odd timing. Anyway I'm getting Adobe flash player installer pop ups every 30 minutes or so. 15-20 of them will pop up overnight. I'm also getting occasional pop ups in new tabs (firefox) for womenshealthbase.com and redirects about half the time I click links after a Google search. The pic below is what pops up.

Same as before, scanned in regular and safemode and nothing came up.

 

[johnb35]

Run tdsskiller since you are having redirects. Download and run the flash player uninstaller and then install the latest version of flash.

http://helpx.adobe.com/flash-player...n_Download_the_Adobe_Flash_Player_uninstaller

If tdsskiller doesn't find anything then run goored fix.

Please download Gooredfix to your desktop from here or here

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista/Win 7).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear.
• Please copy and paste the Goored.txt log in your next reply (it can be found on your desktop).

 

[Motorcharge]

I've already totally uninstalled and reinstalled it already. Working on the other stuff now.

 

[Motorcharge]

Went ahead and tried the second program first.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:54 on 24/06/2012 (Bre)
Firefox version 13.0.1 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:51 18/09/2011]

C:\Users\Bre\Application Data\Mozilla\Firefox\Profiles\y7r4no5l.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [16:07 22/10/2011]

---------- Old Logs ----------
GooredFix[00.54.29_25-06-2012].txt

-=E.O.F=-

 

[johnb35]

Nothing on that one. Run tdsskiller.

 

[Motorcharge]

Ran the first and nothing as well.

 

[Motorcharge]

The initial problem is happening again as well. It's far less often though.

 

[johnb35]

Then run combofix again. Redownload the latest version from the original link I gave you.

 

[Motorcharge]

Where does it store the logs? Just ran it and it instantly restarted my comp after about 45 seconds without warning. Not sure if it ran or not since it didn't come back up after the comp came back on.

 

[johnb35]

Combofix takes at least 10 minutes or so to run. If it rebooted your system, it may have found a rootkit but would start right back up. Try running it again and watch to see what happens.

 

[Motorcharge]

ComboFix 12-06-24.03 - Bre 06/24/2012 21:19:31.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2591 [GMT -4:00]
Running from: c:\users\Bre\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\@
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\n
c:\users\Bre\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\L\00000004.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\L\201d3dde
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\L\55490ac4
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\n
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\00000004.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\00000008.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\000000cb.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\80000000.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\80000032.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\80000064.@
.
---- Previous Run -------
.
c:\users\Bre\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 01:24 . 2012-06-25 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 21:47 . 2012-06-24 21:47 -------- d-----w- c:\users\Bre\AppData\Local\Macromedia
2012-06-24 21:45 . 2012-06-24 21:45 -------- d-----w- c:\programdata\McAfee
2012-06-24 21:45 . 2012-06-24 21:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 21:45 . 2012-06-24 21:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 12:12 . 2012-06-23 12:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-21 01:01 . 2012-06-21 01:01 -------- d-----w- c:\program files (x86)\ESET
2012-06-20 23:54 . 2012-06-20 23:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-17 21:10 . 2012-06-17 21:10 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-17 21:10 . 2012-06-17 21:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-06-17 19:36 . 2011-07-20 18:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-06-17 19:36 . 2012-06-24 13:47 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2012-06-12 20:49 . 2012-06-12 20:49 -------- d-----w- c:\users\Bre\AppData\Roaming\TuneUp Software
2012-06-12 20:49 . 2012-06-12 20:50 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-06-12 20:49 . 2012-06-12 20:50 -------- d-----w- c:\programdata\TuneUp Software
2012-06-12 20:48 . 2012-06-12 20:48 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-06 14:46 . 2012-06-06 14:46 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 14:46 . 2012-06-06 14:46 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-05 19:17 . 2012-06-05 19:17 -------- d-----w- c:\program files (x86)\Hobbyist Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-17 23:51 . 2012-05-17 23:51 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-17 22:50 . 2012-05-17 22:50 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-17 22:50 . 2012-05-17 22:50 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-04-26 07:09 . 2012-04-26 07:09 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-26 07:09 . 2012-04-26 07:09 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-26 07:09 . 2012-04-26 07:09 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-26 07:09 . 2012-04-26 07:09 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-26 07:09 . 2012-04-26 07:09 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-26 07:09 . 2012-04-26 07:09 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-26 07:09 . 2012-04-26 07:09 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-26 07:09 . 2012-04-26 07:09 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-26 07:09 . 2012-04-26 07:09 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-26 07:09 . 2012-04-26 07:09 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-26 07:09 . 2012-04-26 07:09 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-26 07:09 . 2012-04-26 07:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-26 07:09 . 2012-04-26 07:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-26 07:09 . 2012-04-26 07:09 448512 ----a-w- c:\windows\system32\html.iec
2012-04-26 07:09 . 2012-04-26 07:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-26 07:09 . 2012-04-26 07:09 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-26 07:09 . 2012-04-26 07:09 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-26 07:09 . 2012-04-26 07:09 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-26 07:09 . 2012-04-26 07:09 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-26 07:09 . 2012-04-26 07:09 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-26 07:09 . 2012-04-26 07:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-26 07:09 . 2012-04-26 07:09 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-26 07:09 . 2012-04-26 07:09 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-26 07:09 . 2012-04-26 07:09 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-26 07:09 . 2012-04-26 07:09 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-26 07:09 . 2012-04-26 07:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-26 07:09 . 2012-04-26 07:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-04-26 07:09 . 2012-04-26 07:09 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-26 07:09 . 2012-04-26 07:09 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-26 07:09 . 2012-04-26 07:09 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-26 07:09 . 2012-04-26 07:09 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-26 07:09 . 2012-04-26 07:09 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-26 07:09 . 2012-04-26 07:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-26 07:09 . 2012-04-26 07:09 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-25 22:44 . 2012-04-25 22:44 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-04-25 22:36 . 2012-04-25 22:36 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-25 22:36 . 2012-04-25 22:36 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-25 22:36 . 2012-04-25 22:36 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-25 22:36 . 2012-04-25 22:36 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-25 22:36 . 2012-04-25 22:36 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-25 22:36 . 2012-04-25 22:36 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-25 22:36 . 2012-04-25 22:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-25 22:33 . 2012-04-25 22:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-25 22:33 . 2012-04-25 22:33 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-25 22:33 . 2012-04-25 22:33 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-25 22:32 . 2012-04-25 22:32 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-25 22:32 . 2012-04-25 22:32 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-25 22:32 . 2012-04-25 22:32 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-25 22:32 . 2012-04-25 22:32 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-25 22:27 . 2012-04-25 22:27 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-04-25 22:27 . 2012-04-25 22:27 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-04-25 22:26 . 2012-04-25 22:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-04-25 22:26 . 2012-04-25 22:26 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-04-25 22:26 . 2012-04-25 22:26 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-25 22:23 . 2012-04-25 22:23 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-04-25 22:23 . 2012-04-25 22:23 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-25 22:21 . 2012-04-25 22:21 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-25 22:21 . 2012-04-25 22:21 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-25 22:21 . 2012-04-25 22:21 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-04-25 22:21 . 2012-04-25 22:21 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-04-25 22:21 . 2012-04-25 22:21 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-04-25 22:21 . 2012-04-25 22:21 395776 ----a-w- c:\windows\system32\webio.dll
2012-04-25 22:21 . 2012-04-25 22:21 340992 ----a-w- c:\windows\system32\schannel.dll
2012-04-25 22:21 . 2012-04-25 22:21 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-04-25 22:21 . 2012-04-25 22:21 31232 ----a-w- c:\windows\system32\lsass.exe
2012-04-25 22:21 . 2012-04-25 22:21 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-04-25 22:21 . 2012-04-25 22:21 28160 ----a-w- c:\windows\system32\secur32.dll
2012-04-25 22:21 . 2012-04-25 22:21 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-04-25 22:21 . 2012-04-25 22:21 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-04-25 22:21 . 2012-04-25 22:21 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-04-25 22:21 . 2012-04-25 22:21 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-04-25 22:21 . 2012-04-25 22:21 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-04-25 22:21 . 2012-04-25 22:21 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-04-25 22:21 . 2012-04-25 22:21 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-04-25 22:21 . 2012-04-25 22:21 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-04-25 22:21 . 2012-04-25 22:21 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-04-25 22:20 . 2012-04-25 22:20 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-25 22:20 . 2012-04-25 22:20 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-25 22:16 . 2012-04-25 22:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-25 22:16 . 2012-04-25 22:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-25 22:16 . 2012-04-25 22:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-25 22:16 . 2012-04-25 22:16 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-25 22:16 . 2012-04-25 22:16 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-25 22:07 . 2012-04-25 22:07 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-04-25 22:07 . 2012-04-25 22:07 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-25 22:07 . 2012-04-25 22:07 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-04-25 22:07 . 2012-04-25 22:07 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-04-25 22:06 . 2012-04-25 22:06 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-25 22:06 . 2012-04-25 22:06 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-04-25 22:06 . 2012-04-25 22:06 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-04-25 22:06 . 2012-04-25 22:06 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-13 08:46 . 2012-04-25 07:33 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41CB3D6F-1963-4E87-B780-A71E76739471}\mpengine.dll
2012-04-04 19:56 . 2012-04-25 22:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 06:05 . 2012-05-11 18:13 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-11 18:13 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[-] 2009-10-31 . D5A67267C4C3879E63E9BFBA991D823A . 2387456 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-06-21_00.09.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-24 04:01 . 2012-06-25 00:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012062420120625\index.dat
+ 2012-06-23 12:21 . 2012-06-24 03:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012062320120624\index.dat
+ 2012-04-25 20:24 . 2012-06-23 12:12 49120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2012-04-25 20:24 . 2012-04-25 22:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-04-25 20:24 . 2012-06-25 01:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-10-30 05:01 . 2012-06-25 01:14 52910 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-25 01:14 30378 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-20 19:48 . 2012-06-25 01:14 13278 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-520610219-17727062-633966983-1000_UserData.bin
- 2009-07-14 05:30 . 2012-06-17 19:49 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-06-24 13:47 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-04-20 19:20 . 2012-06-24 04:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-20 19:20 . 2012-06-14 00:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-20 19:20 . 2012-06-24 04:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-20 19:20 . 2012-06-14 00:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-14 00:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-24 04:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-25 01:25 . 2012-06-25 01:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-21 00:08 . 2012-06-21 00:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-24 21:45 . 2012-06-24 21:45 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe
+ 2012-06-24 21:45 . 2012-06-24 21:45 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-07-14 04:54 . 2012-06-25 01:08 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-23 12:12 . 2012-06-25 01:08 262144 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 02:36 . 2012-06-21 00:00 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-25 01:17 623940 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-21 00:00 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-25 01:17 106316 c:\windows\system32\perfc009.dat
+ 2012-06-24 21:45 . 2012-06-24 21:45 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_262_Plugin.exe
+ 2009-07-14 05:30 . 2012-06-24 13:47 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-17 19:49 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-17 19:49 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-06-24 13:47 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-06-21 00:08 513088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-25 01:25 513088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-24 21:45 . 2012-06-24 21:45 9459912 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
+ 2012-06-24 21:45 . 2012-06-24 21:45 1535176 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
+ 2009-07-14 04:54 . 2012-06-25 01:08 2539520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-20 23:55 2539520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-25 01:08 7094272 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:45 . 2012-06-25 01:13 6366312 c:\windows\system32\FNTCACHE.DAT
+ 2012-06-24 21:45 . 2012-06-24 21:45 12310216 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll
+ 2011-09-19 10:39 . 2012-06-25 01:25 56912760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-520610219-17727062-633966983-1000-12288.dat
+ 2012-06-24 03:25 . 2012-06-25 01:12 10330864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
.
c:\users\Bre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-10-9 0]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-9-18 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ConduitHelper"="c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe"
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" /run
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-12 2072896]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [x]
S3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-09-22 11856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2800&r=173604117307p0358v115k49i15222
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Bre\AppData\Roaming\Mozilla\Firefox\Profiles\y7r4no5l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
.
**************************************************************************
.
Completion time: 2012-06-24 21:30:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-25 01:30
ComboFix2.txt 2012-06-21 00:13
.
Pre-Run: 143,897,649,152 bytes free
Post-Run: 144,305,987,584 bytes free
.
- - End Of File - - 09446167A785C504120DC911DF9512A4

 

[johnb35]

Did you install any software since the last combofix was ran? It seems you have the same infections as the first time. The redirecting should be gone again.

 

[Motorcharge]

None of it's acting up anymore. Haven't downloaded anything other than the flash player again after the uninstall and I downloaded that directly from Adobe's website.

 

[Motorcharge]

Last issue is back after not happening since my last post. Have not downloaded anything other than a photo or two off tumblr since.

 

[johnb35]

Rerun combofix again, lets see if your getting the same infections back.

 

[Motorcharge]

ComboFix 12-06-28.03 - Bre 07/13/2012 21:02:35.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2056 [GMT -4:00]
Running from: c:\users\Bre\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bre\AppData\Local\pmybgvbos.exe
c:\users\Bre\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Bre\AppData\Roaming\ianex.dll
c:\users\Bre\AppData\Roaming\picop.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\L\00000004.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\L\201d3dde
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\L\55490ac4
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\n
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\00000004.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\00000008.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\000000cb.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\80000000.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\80000032.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 01:07 . 2012-07-14 01:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 06:21 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97D554BF-9C7C-49C2-AF51-E0B1D30B51EF}\mpengine.dll
2012-07-08 04:16 . 2012-07-08 04:16 -------- d-----w- c:\users\Bre\AppData\Roaming\HideIPEasy
2012-07-08 04:16 . 2012-07-08 04:16 -------- d-----w- c:\programdata\HideIPEasy
2012-07-08 04:15 . 2012-07-08 04:15 -------- d-----w- c:\program files (x86)\Ask.com
2012-07-08 04:15 . 2012-07-08 04:15 -------- d-----w- c:\users\Bre\AppData\Local\APN
2012-07-08 04:14 . 2012-07-08 04:16 -------- d-----w- c:\program files (x86)\HideIPEasy
2012-07-06 00:01 . 2012-07-06 00:01 -------- d-----w- c:\users\Bre\AppData\Local\{B4F8B799-C6FD-11E1-8270-B8AC6F996F26}
2012-06-24 21:47 . 2012-06-24 21:47 -------- d-----w- c:\users\Bre\AppData\Local\Macromedia
2012-06-24 21:45 . 2012-06-24 21:45 -------- d-----w- c:\programdata\McAfee
2012-06-24 21:45 . 2012-06-24 21:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 21:45 . 2012-06-24 21:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 12:12 . 2012-06-23 12:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-21 01:01 . 2012-06-21 01:01 -------- d-----w- c:\program files (x86)\ESET
2012-06-20 23:54 . 2012-06-20 23:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-17 21:10 . 2012-06-17 21:10 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-17 21:10 . 2012-06-17 21:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-06-17 19:36 . 2011-07-20 18:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-06-17 19:36 . 2012-06-24 13:47 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-17 23:51 . 2012-05-17 23:51 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-17 22:50 . 2012-05-17 22:50 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-17 22:50 . 2012-05-17 22:50 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-04-26 07:09 . 2012-04-26 07:09 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-26 07:09 . 2012-04-26 07:09 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-26 07:09 . 2012-04-26 07:09 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-26 07:09 . 2012-04-26 07:09 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-26 07:09 . 2012-04-26 07:09 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-26 07:09 . 2012-04-26 07:09 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-26 07:09 . 2012-04-26 07:09 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-26 07:09 . 2012-04-26 07:09 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-26 07:09 . 2012-04-26 07:09 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-26 07:09 . 2012-04-26 07:09 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-26 07:09 . 2012-04-26 07:09 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-26 07:09 . 2012-04-26 07:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-26 07:09 . 2012-04-26 07:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-26 07:09 . 2012-04-26 07:09 448512 ----a-w- c:\windows\system32\html.iec
2012-04-26 07:09 . 2012-04-26 07:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-26 07:09 . 2012-04-26 07:09 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-26 07:09 . 2012-04-26 07:09 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-26 07:09 . 2012-04-26 07:09 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-26 07:09 . 2012-04-26 07:09 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-26 07:09 . 2012-04-26 07:09 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-26 07:09 . 2012-04-26 07:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-26 07:09 . 2012-04-26 07:09 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-26 07:09 . 2012-04-26 07:09 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-26 07:09 . 2012-04-26 07:09 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-26 07:09 . 2012-04-26 07:09 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-26 07:09 . 2012-04-26 07:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-26 07:09 . 2012-04-26 07:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-04-26 07:09 . 2012-04-26 07:09 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-26 07:09 . 2012-04-26 07:09 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-26 07:09 . 2012-04-26 07:09 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-26 07:09 . 2012-04-26 07:09 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-26 07:09 . 2012-04-26 07:09 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-26 07:09 . 2012-04-26 07:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-26 07:09 . 2012-04-26 07:09 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-25 22:44 . 2012-04-25 22:44 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-04-25 22:36 . 2012-04-25 22:36 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-25 22:36 . 2012-04-25 22:36 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-25 22:36 . 2012-04-25 22:36 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-25 22:36 . 2012-04-25 22:36 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-25 22:36 . 2012-04-25 22:36 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-25 22:36 . 2012-04-25 22:36 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-25 22:36 . 2012-04-25 22:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-25 22:33 . 2012-04-25 22:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-25 22:33 . 2012-04-25 22:33 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-25 22:33 . 2012-04-25 22:33 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-25 22:32 . 2012-04-25 22:32 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-25 22:32 . 2012-04-25 22:32 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-25 22:32 . 2012-04-25 22:32 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-25 22:32 . 2012-04-25 22:32 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-25 22:27 . 2012-04-25 22:27 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-04-25 22:27 . 2012-04-25 22:27 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-04-25 22:26 . 2012-04-25 22:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-04-25 22:26 . 2012-04-25 22:26 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-04-25 22:26 . 2012-04-25 22:26 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-25 22:23 . 2012-04-25 22:23 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-04-25 22:23 . 2012-04-25 22:23 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-25 22:21 . 2012-04-25 22:21 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-25 22:21 . 2012-04-25 22:21 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-25 22:21 . 2012-04-25 22:21 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-04-25 22:21 . 2012-04-25 22:21 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-04-25 22:21 . 2012-04-25 22:21 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-04-25 22:21 . 2012-04-25 22:21 395776 ----a-w- c:\windows\system32\webio.dll
2012-04-25 22:21 . 2012-04-25 22:21 340992 ----a-w- c:\windows\system32\schannel.dll
2012-04-25 22:21 . 2012-04-25 22:21 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-04-25 22:21 . 2012-04-25 22:21 31232 ----a-w- c:\windows\system32\lsass.exe
2012-04-25 22:21 . 2012-04-25 22:21 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-04-25 22:21 . 2012-04-25 22:21 28160 ----a-w- c:\windows\system32\secur32.dll
2012-04-25 22:21 . 2012-04-25 22:21 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-04-25 22:21 . 2012-04-25 22:21 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-04-25 22:21 . 2012-04-25 22:21 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-04-25 22:21 . 2012-04-25 22:21 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-04-25 22:21 . 2012-04-25 22:21 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-04-25 22:21 . 2012-04-25 22:21 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-04-25 22:21 . 2012-04-25 22:21 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-04-25 22:21 . 2012-04-25 22:21 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-04-25 22:21 . 2012-04-25 22:21 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-04-25 22:20 . 2012-04-25 22:20 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-25 22:20 . 2012-04-25 22:20 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-25 22:16 . 2012-04-25 22:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-25 22:16 . 2012-04-25 22:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-25 22:16 . 2012-04-25 22:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-25 22:16 . 2012-04-25 22:16 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-25 22:16 . 2012-04-25 22:16 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-25 22:07 . 2012-04-25 22:07 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-04-25 22:07 . 2012-04-25 22:07 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-25 22:07 . 2012-04-25 22:07 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-04-25 22:07 . 2012-04-25 22:07 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-04-25 22:06 . 2012-04-25 22:06 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-25 22:06 . 2012-04-25 22:06 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-04-25 22:06 . 2012-04-25 22:06 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-04-25 22:06 . 2012-04-25 22:06 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[-] 2009-10-31 . D5A67267C4C3879E63E9BFBA991D823A . 2387456 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-06-21_00.09.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-18 13:15 . 2010-03-18 13:15 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 80720 c:\windows\SysWOW64\mfcm100u.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 80208 c:\windows\SysWOW64\mfcm100.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 43344 c:\windows\SysWOW64\mfc100kor.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 43856 c:\windows\SysWOW64\mfc100jpn.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 64336 c:\windows\SysWOW64\mfc100fra.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 55120 c:\windows\SysWOW64\mfc100enu.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 64336 c:\windows\SysWOW64\mfc100deu.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 36176 c:\windows\SysWOW64\mfc100cht.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 36176 c:\windows\SysWOW64\mfc100chs.dll
+ 2012-07-08 04:14 . 2012-07-08 04:14 84507 c:\windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
+ 2012-06-28 22:26 . 2012-06-28 22:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012062820120629\index.dat
+ 2012-06-28 22:26 . 2012-06-28 22:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012061820120625\index.dat
+ 2012-04-25 20:24 . 2012-06-23 12:12 49120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2012-04-25 20:24 . 2012-06-28 22:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-04-25 20:24 . 2012-04-25 22:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-03-18 20:47 . 2010-03-18 20:47 17760 c:\windows\SysWOW64\aspnet_counters.dll
+ 2009-10-30 05:01 . 2012-06-28 22:43 53156 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-01 23:20 30546 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-20 19:48 . 2012-07-01 23:20 13576 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-520610219-17727062-633966983-1000_UserData.bin
+ 2009-07-14 05:30 . 2012-06-24 13:47 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-06-17 19:49 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-04-20 19:20 . 2012-07-08 10:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-20 19:20 . 2012-06-14 00:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-20 19:20 . 2012-06-14 00:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-20 19:20 . 2012-07-08 10:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-08 10:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-14 00:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-18 21:23 . 2010-03-18 21:23 20832 c:\windows\system32\aspnet_counters.dll
+ 2009-07-14 04:46 . 2012-07-06 03:35 16768 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-03-18 20:47 . 2010-03-18 20:47 97624 c:\windows\Microsoft.NET\Framework64\v4.0.30319\XamlBuildTask.dll
+ 2010-03-18 21:23 . 2010-03-18 21:23 15696 c:\windows\Microsoft.NET\Framework64\v4.0.30319\webengine.dll
+ 2010-03-18 21:23 . 2010-03-18 21:23 81224 c:\windows\Microsoft.NET\Framework64\v4.0.30319\TLBREF.DLL
+ 2010-03-18 20:47 . 2010-03-18 20:47 29544 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.Hosting.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 70040 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.DataVisualization.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 24928 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Routing.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 81272 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.RegularExpressions.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 33144 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DynamicData.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 93576 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DataVisualization.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 24944 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Abstractions.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 28024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.WasHosting.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 12168 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 95592 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Caching.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 86888 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.Design.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\1025\SetupResources.dll
+ 2010-03-18 21:23 . 2010-03-18 21:23 20840 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceMonikerSupport.dll
+ 2010-03-18 21:23 . 2010-03-18 21:23 16208 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsn.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 21880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 40304 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualC.STLCLR.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 38784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Data.Entity.Build.Tasks.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 67968 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Conversion.v4.0.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 84296 c:\windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 60248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe
+ 2010-03-18 21:23 . 2010-03-18 21:23 40784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
+ 2010-03-18 21:23 . 2010-03-18 21:23 44376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
+ 2010-03-18 21:23 . 2010-03-18 21:23 36696 c:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe
+ 2010-03-18 21:23 . 2010-03-18 21:23 19296 c:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe
+ 2010-03-18 21:23 . 2010-03-18 21:23 78160 c:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll
+ 2010-03-18 21:23 . 2010-03-18 21:23 36184 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet_perf.dll
+ 2010-03-18 21:23 . 2010-03-18 21:23 15704 c:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll
+ 2010-03-18 21:23 . 2010-03-18 21:23 29528 c:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_filter.dll
+ 2010-03-18 21:23 . 2010-03-18 21:23 29536 c:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
+ 2010-03-18 21:23 . 2010-03-18 21:23 11608 c:\windows\Microsoft.NET\Framework64\v4.0.30319\1033\FileTrackerUI.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 97624 c:\windows\Microsoft.NET\Framework\v4.0.30319\XamlBuildTask.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 14160 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 69960 c:\windows\Microsoft.NET\Framework\v4.0.30319\TLBREF.DLL
+ 2010-03-18 20:47 . 2010-03-18 20:47 29544 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.Hosting.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 70040 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 24928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Routing.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 81272 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.RegularExpressions.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 33144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 93576 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 24944 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Abstractions.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 28024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.WasHosting.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 12168 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 95592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Caching.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 86888 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 17256 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceMonikerSupport.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 15184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsn.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 96592 c:\windows\Microsoft.NET\Framework\v4.0.30319\MmcAspExt.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 21880 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 40304 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.STLCLR.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 38784 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Data.Entity.Build.Tasks.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 67968 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Conversion.v4.0.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 84296 c:\windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 60248 c:\windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 35160 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 30040 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 19808 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 78160 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_rc.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 30040 c:\windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 24408 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 30048 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 11608 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\FileTrackerUI.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2012-07-03 23:40 . 2012-07-03 23:40 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2012-07-13 16:05 . 2012-07-13 16:05 25600 c:\windows\Installer\3c43fd25.msi
+ 2012-07-04 00:54 . 2012-07-04 00:54 70656 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml.Hosting\f84681d68eb182cc7e26d26fe96f757b\System.Xaml.Hosting.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 26112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Routing\df33d56dcdde38c15a777ebc79836fc5\System.Web.Routing.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 53760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\4d80937fb3cbed37c5692c616ff87719\System.Web.DynamicData.Design.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 26112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Abstract#\4f6bef518b1bb0ae5d892588eccdcf25\System.Web.Abstractions.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 13824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\a8258e28b61cad85c49c97273a2aae55\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-07-04 00:52 . 2012-07-04 00:52 47616 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Workflow.#\c74328b7d9f2b5cf7f74cd4b55041ee7\Microsoft.Workflow.Compiler.ni.exe
+ 2012-07-04 02:59 . 2012-07-04 02:59 54784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\93813207354e9ee0cf07912339da8fb0\System.Xaml.Hosting.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\d8f7bf8ce78d0785e68c589c1e64a6dd\System.Web.Routing.ni.dll
+ 2012-07-04 03:00 . 2012-07-04 03:00 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\f3fc1752bb41778b7fcc005edeb20410\System.Web.DynamicData.Design.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\31ec874a9482ad1a99ba24ca4a6ec914\System.Web.Abstractions.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\703ffb7a271059d40edeff9eb0e2b7e3\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-07-04 02:59 . 2012-07-04 02:59 37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\f519738a47ffedaa4c04ec6e16a6b7b1\Microsoft.Workflow.Compiler.ni.exe
+ 2012-07-14 01:10 . 2012-07-14 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-14 01:10 . 2012-07-14 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-21 00:08 . 2012-06-21 00:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-18 13:15 . 2010-03-18 13:15 770384 c:\windows\SysWOW64\msvcr100.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2012-06-24 21:45 . 2012-06-24 21:45 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
+ 2012-06-24 21:45 . 2012-06-24 21:45 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-07-14 04:54 . 2012-06-28 22:33 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-18 13:15 . 2010-03-18 13:15 138056 c:\windows\SysWOW64\atl100.dll
+ 2012-06-23 12:12 . 2012-06-28 22:25 262144 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:36 . 2012-07-07 22:14 660172 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-07 22:14 121100 c:\windows\system32\perfc009.dat
+ 2011-04-20 19:42 . 2012-02-23 14:18 279656 c:\windows\system32\MpSigStub.exe
+ 2012-06-24 21:45 . 2012-06-24 21:45 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_262_Plugin.exe
+ 2009-07-14 05:30 . 2012-06-24 13:47 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-17 19:49 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-17 19:49 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-06-24 13:47 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2012-07-14 01:10 513088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-21 00:08 513088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-03-18 20:47 . 2010-03-18 20:47 142672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 587624 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationBuildTasks.dll
+ 2010-03-18 21:23 . 2010-03-18 21:23 717136 c:\windows\Microsoft.NET\Framework64\v4.0.30319\webengine4.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 431984 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.WorkflowServices.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 511344 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Runtime.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 826208 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Mobile.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 321912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 137568 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Entity.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 132464 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Entity.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 237928 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.DynamicData.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 316272 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Web.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 170872 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Activation.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 683368 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 178040 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.Design.dll
+ 2010-03-18 21:23 . 2010-03-18 21:23 512368 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.OracleClient.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 804720 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Entity.Design.dll
+ 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\SetupEngine.dll
+ 2010-03-19 00:29 . 2010-03-19 00:29 872448 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\netfx_extended_x64.msi
+ 2010-03-18 21:23 . 2010-03-18 21:23 222544 c:\windows\Microsoft.NET\Framework64\v4.0.30319\peverify.dll
+ 2010-03-18 21:23 . 2010-03-18 21:23 132432 c:\windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
+ 2010-03-18 21:23 . 2010-03-18 21:23 108880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\MmcAspExt.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 220024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Utilities.v4.0.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 107376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Framework.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 714600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Engine.dll
+ 2010-03-18 21:23 . 2010-03-18 21:23 351560 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe
+ 2010-03-18 21:23 . 2010-03-18 21:23 221016 c:\windows\Microsoft.NET\Framework64\v4.0.30319\FileTracker.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 163672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe
+ 2010-03-18 21:23 . 2010-03-18 21:23 155984 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clretwrc.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 498520 c:\windows\Microsoft.NET\Framework64\v4.0.30319\AspNetMMCExt.dll
+ 2010-03-18 21:23 . 2010-03-18 21:23 102232 c:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 142672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 587624 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationBuildTasks.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 492368 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 431984 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.WorkflowServices.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 511344 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Runtime.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 826208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Mobile.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 321912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 137568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Entity.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 132464 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Entity.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 237928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 316272 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Web.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 170872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activation.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 683368 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 178040 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 495984 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.OracleClient.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 804720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.Design.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 181584 c:\windows\Microsoft.NET\Framework\v4.0.30319\peverify.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 132944 c:\windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 220024 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Utilities.v4.0.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 107376 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Framework.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 714600 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Engine.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 294728 c:\windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 173400 c:\windows\Microsoft.NET\Framework\v4.0.30319\FileTracker.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 163672 c:\windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe
+ 2010-03-18 20:47 . 2010-03-18 20:47 155472 c:\windows\Microsoft.NET\Framework\v4.0.30319\clretwrc.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 498520 c:\windows\Microsoft.NET\Framework\v4.0.30319\AspNetMMCExt.dll
+ 2010-03-18 20:47 . 2010-03-18 20:47 102744 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
+ 2012-07-03 23:40 . 2012-07-03 23:40 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-07-03 23:40 . 2012-07-03 23:40 512368 c:\windows