Svchost.exe trojan.agent malware removal help?

Inactive
By rwhite1954
Apr 2, 2012
Topic Status:
Not open for further replies.
  1. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Try running the Error Check, then repeat the Bootkit scan. Yes, looks like the system dropped the _

    We need to see if the 2 parts of the error check- scan and fix-will remedy the problem running the fix.bat:

    ERROR: Can't write first sector of the disk.

    The MBR is the very first sector of the hard disk; it contains an MBR Bootstrap ... for the disk partitioning software
    =======================================
    It seems we're getting conflicting results: MBS check show clean/okay. Bootkit Remover shows rootkit, followed be error message on attempt to fix. See if the Error Check can help with that sector, the go ahead and run this again:
    Please download MBRCheck and save to your desktop
    • Double click on MBRCheck.exeto run.(Vista and Windows 7 users will have to confirm the UAC prompt)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      [o] Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      [o] Found non-standard or infected MBR.
      [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Paste this log to your next message.
    =========================================
    We will continue based on the results of the Error Check and second MBR Check.

    Please take Windows Updates off of the automatic setting while we're working. It's possible that the Windows Malicious program is reading the MBR problem from a location that has handled the problem, but scans don't recognize 'locations' and can report malware anywhere in the system.
  2. rwhite1954

    rwhite1954 Newcomer, in training Topic Starter Posts: 30

    MBR Check results

    I turned Windows Update off, then ran MBR Check. Here's the results:
    ==========================================================

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: Hewlett-Packard
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv6 Notebook PC
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 219):
    0x02C0F000 \SystemRoot\system32\ntoskrnl.exe
    0x031F7000 \SystemRoot\system32\hal.dll
    0x00BCF000 \SystemRoot\system32\kdcom.dll
    0x00C65000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C72000 \SystemRoot\system32\PSHED.dll
    0x00C86000 \SystemRoot\system32\CLFS.SYS
    0x00CE4000 \SystemRoot\system32\CI.dll
    0x00EA4000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F48000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F57000 \SystemRoot\system32\drivers\ACPI.sys
    0x00FAE000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00FB7000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00FC1000 \SystemRoot\system32\drivers\pci.sys
    0x00E00000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E22000 \SystemRoot\system32\drivers\compbatt.sys
    0x00E2B000 \SystemRoot\system32\drivers\BATTC.SYS
    0x00E37000 \SystemRoot\system32\drivers\volmgr.sys
    0x00DA4000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E4C000 \SystemRoot\system32\drivers\pciide.sys
    0x00E53000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00E63000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00E7D000 \SystemRoot\system32\drivers\atapi.sys
    0x00C00000 \SystemRoot\system32\drivers\ataport.SYS
    0x00E86000 \SystemRoot\system32\drivers\msahci.sys
    0x00C2A000 \SystemRoot\system32\DRIVERS\amd_sata.sys
    0x01053000 \SystemRoot\system32\DRIVERS\storport.sys
    0x010B6000 \SystemRoot\system32\DRIVERS\amd_xata.sys
    0x010C4000 \SystemRoot\system32\drivers\amdxata.sys
    0x010CF000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0111B000 \SystemRoot\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
    0x0118C000 \SystemRoot\system32\drivers\fileinfo.sys
    0x012A8000 \SystemRoot\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
    0x0145B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0138C000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01200000 \SystemRoot\System32\Drivers\cng.sys
    0x0141B000 \SystemRoot\System32\drivers\pcw.sys
    0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01618000 \SystemRoot\system32\drivers\ndis.sys
    0x0170B000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0176B000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x0185A000 \SystemRoot\System32\drivers\tcpip.sys
    0x01A5E000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01AA8000 \SystemRoot\system32\drivers\volsnap.sys
    0x01AF4000 \SystemRoot\System32\Drivers\spldr.sys
    0x01AFC000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01B36000 \SystemRoot\System32\Drivers\mup.sys
    0x01B48000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01B51000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
    0x01B5B000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01B95000 \SystemRoot\system32\drivers\disk.sys
    0x01BAB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x0182A000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01BF3000 \SystemRoot\System32\Drivers\Null.SYS
    0x01796000 \SystemRoot\System32\Drivers\Beep.SYS
    0x0179D000 \SystemRoot\System32\drivers\vga.sys
    0x017AB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x017D0000 \SystemRoot\System32\drivers\watchdog.sys
    0x017E0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x017E9000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x017F2000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01600000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x01436000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01272000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0160B000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02E35000 \SystemRoot\system32\drivers\afd.sys
    0x02EBE000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02F03000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x02F0E000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02F17000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02F3D000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02F53000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02F62000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02F7D000 \SystemRoot\system32\drivers\termdd.sys
    0x02F91000 \SystemRoot\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS
    0x011A0000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x02E00000 \SystemRoot\system32\drivers\N360x64\0502010.003\Ironx64.SYS
    0x013EA000 \SystemRoot\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
    0x01000000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x01447000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x01294000 \SystemRoot\system32\drivers\mssmbios.sys
    0x0448C000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120413.001\IDSvia64.sys
    0x04509000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x04582000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x045A8000 \SystemRoot\System32\drivers\discache.sys
    0x045B7000 \SystemRoot\System32\Drivers\dfsc.sys
    0x045D5000 \SystemRoot\system32\drivers\blbdrive.sys
    0x0422B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120402.001\BHDrvx64.sys
    0x0434B000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x04371000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x04386000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x04AA3000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x0460B000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x046FF000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04745000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04769000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x05873000 \SystemRoot\system32\DRIVERS\netr28x.sys
    0x059C3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x05800000 \SystemRoot\system32\DRIVERS\RtsPStor.sys
    0x053CA000 \SystemRoot\system32\DRIVERS\amdxhc.sys
    0x05856000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x05858000 \SystemRoot\system32\DRIVERS\usbfilter.sys
    0x059D0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x059DD000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x04A00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x059E8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x047D3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x047F1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x05409000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x05566000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x05575000 \SystemRoot\system32\drivers\CmBatt.sys
    0x0557A000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0x05587000 \SystemRoot\system32\drivers\wmiacpi.sys
    0x05590000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x055A0000 \SystemRoot\system32\DRIVERS\clwvd.sys
    0x055A6000 \SystemRoot\system32\DRIVERS\ks.sys
    0x055E9000 \SystemRoot\system32\drivers\ksthunk.sys
    0x04A56000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04A6C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x055EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04400000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x043D5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04200000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0442F000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x055FB000 \SystemRoot\system32\drivers\swenum.sys
    0x04449000 \SystemRoot\system32\DRIVERS\amdiox64.sys
    0x04A90000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x0445D000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0446F000 \SystemRoot\system32\DRIVERS\amdhub30.sys
    0x06A44000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x06A9E000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x06AD4000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x06AE9000 \SystemRoot\system32\drivers\AtihdW76.sys
    0x06B09000 \SystemRoot\system32\drivers\portcls.sys
    0x06B46000 \SystemRoot\system32\drivers\drmk.sys
    0x06B68000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x06A00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x06A1D000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x06A2B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x06BEB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x043F0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x045E6000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x070F6000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x000A0000 \SystemRoot\System32\win32k.sys
    0x07124000 \SystemRoot\System32\drivers\Dxapi.sys
    0x07172000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x07180000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x0718A000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
    0x071A1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x071B4000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00580000 \SystemRoot\System32\TSDDD.dll
    0x00700000 \SystemRoot\System32\cdd.dll
    0x00940000 \SystemRoot\System32\ATMFD.DLL
    0x071C2000 \SystemRoot\system32\drivers\luafv.sys
    0x07000000 \SystemRoot\system32\drivers\WudfPf.sys
    0x07021000 \SystemRoot\system32\DRIVERS\WinUSB.sys
    0x07032000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x07063000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x07078000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x070CB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x070DE000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x07E78000 \SystemRoot\system32\drivers\HTTP.sys
    0x07F41000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x07F5F000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x07F77000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x07FA4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x07E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x09210000 \SystemRoot\system32\drivers\peauth.sys
    0x092B6000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x092C1000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x092F2000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x09304000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x09679000 \SystemRoot\System32\DRIVERS\srv.sys
    0x09711000 \SystemRoot\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
    0x0A603000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120413.025\EX64.SYS
    0x097D1000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120413.025\ENG64.SYS
    0x097F1000 \??\C:\Windows\system32\drivers\mbam.sys
    0x09600000 \SystemRoot\system32\drivers\spsys.sys
    0x777A0000 \Windows\System32\ntdll.dll
    0x47CF0000 \Windows\System32\smss.exe
    0xFFAC0000 \Windows\System32\apisetschema.dll
    0xFF080000 \Windows\System32\autochk.exe
    0xFF9A0000 \Windows\System32\msctf.dll
    0x77680000 \Windows\System32\kernel32.dll
    0xFF980000 \Windows\System32\sechost.dll
    0xFF950000 \Windows\System32\imm32.dll
    0x77970000 \Windows\System32\normaliz.dll
    0xFF740000 \Windows\System32\ole32.dll
    0xFF610000 \Windows\System32\rpcrt4.dll
    0xFF5A0000 \Windows\System32\gdi32.dll
    0xFF500000 \Windows\System32\msvcrt.dll
    0xFF430000 \Windows\System32\usp10.dll
    0xFF420000 \Windows\System32\nsi.dll
    0x77960000 \Windows\System32\psapi.dll
    0x77520000 \Windows\System32\wininet.dll
    0xFF340000 \Windows\System32\advapi32.dll
    0xFF160000 \Windows\System32\setupapi.dll
    0xFF140000 \Windows\System32\imagehlp.dll
    0xFF0A0000 \Windows\System32\comdlg32.dll
    0xFF000000 \Windows\System32\clbcatq.dll
    0xFEFF0000 \Windows\System32\lpk.dll
    0xFEFA0000 \Windows\System32\ws2_32.dll
    0xFEEC0000 \Windows\System32\oleaut32.dll
    0xFEE40000 \Windows\System32\difxapi.dll
    0xFEDC0000 \Windows\System32\shlwapi.dll
    0xFE030000 \Windows\System32\shell32.dll
    0xFDFD0000 \Windows\System32\Wldap32.dll
    0x77420000 \Windows\System32\user32.dll
    0x772D0000 \Windows\System32\urlmon.dll
    0x770C0000 \Windows\System32\iertutil.dll
    0xFDE60000 \Windows\System32\crypt32.dll
    0xFDDC0000 \Windows\System32\comctl32.dll
    0xFDDA0000 \Windows\System32\devobj.dll
    0xFDD30000 \Windows\System32\KernelBase.dll
    0xFDCF0000 \Windows\System32\wintrust.dll
    0xFDCB0000 \Windows\System32\cfgmgr32.dll
    0xFDCA0000 \Windows\System32\msasn1.dll
    0x77060000 \Windows\SysWOW64\normaliz.dll

    Processes (total 88):
    0 System Idle Process
    4 System
    308 C:\Windows\System32\smss.exe
    452 csrss.exe
    512 C:\Windows\System32\wininit.exe
    544 csrss.exe
    576 C:\Windows\System32\services.exe
    592 C:\Windows\System32\lsass.exe
    600 C:\Windows\System32\lsm.exe
    684 C:\Windows\System32\winlogon.exe
    748 C:\Windows\System32\svchost.exe
    812 C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    872 C:\Windows\System32\svchost.exe
    932 C:\Windows\System32\atiesrxx.exe
    992 C:\Windows\System32\svchost.exe
    264 C:\Windows\System32\svchost.exe
    460 C:\Windows\System32\svchost.exe
    408 C:\Program Files\IDT\WDM\stacsv64.exe
    1052 C:\Windows\System32\audiodg.exe
    1256 C:\Windows\System32\svchost.exe
    1312 C:\Windows\System32\atieclxx.exe
    1320 C:\Windows\System32\hpservice.exe
    1404 WUDFHost.exe
    1576 C:\Windows\System32\dwm.exe
    1600 C:\Windows\explorer.exe
    1612 C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    1692 C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    1772 C:\Windows\System32\svchost.exe
    1892 C:\Windows\System32\spoolsv.exe
    1904 C:\Windows\System32\taskhost.exe
    1980 C:\Windows\System32\svchost.exe
    2016 C:\Windows\System32\svchost.exe
    1228 C:\Program Files\IDT\WDM\AESTSr64.exe
    1348 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    1656 C:\Windows\SysWOW64\ezSharedSvcHost.exe
    2072 C:\Windows\System32\svchost.exe
    2100 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    2132 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    2156 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    2204 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    2244 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccsvchst.exe
    2308 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    2348 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    2480 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2512 C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    2752 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    1760 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccsvchst.exe
    2972 WmiPrvSE.exe
    3188 C:\Windows\System32\wbem\unsecapp.exe
    3360 C:\Windows\System32\SearchIndexer.exe
    3764 C:\Program Files\IDT\WDM\sttray64.exe
    3772 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3836 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    4048 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4064 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    3276 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    1624 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    3352 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    4004 C:\Windows\System32\svchost.exe
    3240 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    4312 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4688 C:\Windows\System32\svchost.exe
    4964 C:\Windows\System32\taskeng.exe
    5000 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    4376 dllhost.exe
    1100 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3940 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    2216 C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
    4884 C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    4372 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    3440 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    1008 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    4980 C:\Windows\System32\sppsvc.exe
    664 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    4992 C:\Windows\servicing\TrustedInstaller.exe
    5020 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    1096 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4220 C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
    4084 C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
    4040 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
    5128 taskhost.exe
    5580 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    5024 C:\Windows\System32\SearchProtocolHost.exe
    5856 C:\Windows\System32\SearchFilterHost.exe
    5152 dllhost.exe
    1480 dllhost.exe
    6036 C:\Users\Ryan\Desktop\MBRCheck.exe
    3304 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`2d200000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS547550A9E384, Rev: JE3OA50A

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
  3. rwhite1954

    rwhite1954 Newcomer, in training Topic Starter Posts: 30

    Error check?

    I re-read your last post. You mentioned trying error-check and MBRCheck together? I realized I ran MBRCheck and posted results, but I'm not sure what you meant by running Error Check?

    Fyi, after running MBRCheck and posting the results in my last post, I did run Bootkit remover again, and it still shows the rootkit message.

    Not sure if I did something wrong or left out something when you said to try "Error Check", so figured I better sit tight and await further instruction.

    I apologize for possibly misunderstanding what you wanted me to do.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    There is site work going on and my internet is bouncing on and off. I've started this reply x4. If you don't mind, I'm going to wait until later to try again. In the meantime, go ahead with the Error Check.
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You can do the Error Check from Command Prompt:
    Using the Command Prompt should have been this: Start> Run> type in cmd> type in Chkdsk /f/r followed by a reboot. Chkdsk will start in a few seconds
  6. rwhite1954

    rwhite1954 Newcomer, in training Topic Starter Posts: 30

    I ran Chkdsk. I was watching messages as it ran and it appeared to run successfully - with no bad sectors found, etc. After Chkdsk ran and system booted back up again, I ran MBR check. Here are those results:

    MBRCheck, version 1.2.3
    (c) 2010, AD
    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: Hewlett-Packard
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv6 Notebook PC
    Logical Drives Mask: 0x0000001c
    Kernel Drivers (total 181):
    0x02C09000 \SystemRoot\system32\ntoskrnl.exe
    0x031F1000 \SystemRoot\system32\hal.dll
    0x00BB2000 \SystemRoot\system32\kdcom.dll
    0x00C03000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C10000 \SystemRoot\system32\PSHED.dll
    0x00C24000 \SystemRoot\system32\CLFS.SYS
    0x00C82000 \SystemRoot\system32\CI.dll
    0x00D42000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00DE6000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00E4A000 \SystemRoot\system32\drivers\ACPI.sys
    0x00EA1000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00EAA000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00EB4000 \SystemRoot\system32\drivers\pci.sys
    0x00EE7000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x00EF4000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F09000 \SystemRoot\system32\drivers\compbatt.sys
    0x00F12000 \SystemRoot\system32\drivers\BATTC.SYS
    0x00F1E000 \SystemRoot\system32\drivers\volmgr.sys
    0x00F33000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00F8F000 \SystemRoot\system32\drivers\pciide.sys
    0x00F96000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00FA6000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00FC0000 \SystemRoot\system32\drivers\atapi.sys
    0x00FC9000 \SystemRoot\system32\drivers\ataport.SYS
    0x00FF3000 \SystemRoot\system32\drivers\msahci.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\amd_sata.sys
    0x01082000 \SystemRoot\system32\DRIVERS\storport.sys
    0x010E5000 \SystemRoot\system32\DRIVERS\amd_xata.sys
    0x010F3000 \SystemRoot\system32\drivers\amdxata.sys
    0x010FE000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0114A000 \SystemRoot\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
    0x011BB000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01258000 \SystemRoot\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
    0x0144C000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0133C000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01000000 \SystemRoot\System32\Drivers\cng.sys
    0x0141B000 \SystemRoot\System32\drivers\pcw.sys
    0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016ED000 \SystemRoot\system32\drivers\ndis.sys
    0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01898000 \SystemRoot\System32\drivers\tcpip.sys
    0x01A9C000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01AE6000 \SystemRoot\system32\drivers\volsnap.sys
    0x01B32000 \SystemRoot\System32\Drivers\spldr.sys
    0x01B3A000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01B74000 \SystemRoot\System32\Drivers\mup.sys
    0x01B86000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01B8F000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
    0x01B99000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01BD3000 \SystemRoot\system32\drivers\disk.sys
    0x01800000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x0168B000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01872000 \SystemRoot\System32\Drivers\Null.SYS
    0x0187B000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01882000 \SystemRoot\System32\drivers\vga.sys
    0x016B5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01BE9000 \SystemRoot\System32\drivers\watchdog.sys
    0x016DA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x016E3000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x017E0000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x017E9000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x01436000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0139A000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x015EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x0425F000 \SystemRoot\system32\drivers\afd.sys
    0x042E8000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x0432D000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x04338000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x04341000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04367000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x0437D000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x0438C000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x043A7000 \SystemRoot\system32\drivers\termdd.sys
    0x0408C000 \SystemRoot\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS
    0x040F3000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x04129000 \SystemRoot\system32\drivers\N360x64\0502010.003\Ironx64.SYS
    0x04156000 \SystemRoot\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
    0x0416C000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x041BD000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x041C9000 \SystemRoot\system32\drivers\mssmbios.sys
    0x04000000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120413.001\IDSvia64.sys
    0x04605000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x0467E000 \SystemRoot\System32\drivers\discache.sys
    0x0468D000 \SystemRoot\System32\Drivers\dfsc.sys
    0x046AB000 \SystemRoot\system32\drivers\blbdrive.sys
    0x046BC000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120402.001\BHDrvx64.sys
    0x041D4000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x047DC000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x04200000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x04A75000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x05486000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x0557A000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x055C0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x05400000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x05875000 \SystemRoot\system32\DRIVERS\netr28x.sys
    0x059C5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x05800000 \SystemRoot\system32\DRIVERS\RtsPStor.sys
    0x0539C000 \SystemRoot\system32\DRIVERS\amdxhc.sys
    0x05856000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x05858000 \SystemRoot\system32\DRIVERS\usbfilter.sys
    0x05867000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x059D2000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x04A00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x059DD000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04A56000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x059EE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x05A1B000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x05B78000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x05B87000 \SystemRoot\system32\drivers\CmBatt.sys
    0x05B8C000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0x05B99000 \SystemRoot\system32\drivers\wmiacpi.sys
    0x05BA2000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x05BB2000 \SystemRoot\system32\DRIVERS\clwvd.sys
    0x05BB8000 \SystemRoot\system32\DRIVERS\ks.sys
    0x05A00000 \SystemRoot\system32\drivers\ksthunk.sys
    0x0546A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x053CD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x05A06000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x043BB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x055E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x013BC000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x013DD000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x05A12000 \SystemRoot\system32\drivers\swenum.sys
    0x043EA000 \SystemRoot\system32\DRIVERS\amdiox64.sys
    0x01200000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x01212000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x01224000 \SystemRoot\system32\DRIVERS\amdhub30.sys
    0x06AB2000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x06B0C000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x06B21000 \SystemRoot\system32\drivers\AtihdW76.sys
    0x06B41000 \SystemRoot\system32\drivers\portcls.sys
    0x06B7E000 \SystemRoot\system32\drivers\drmk.sys
    0x06A00000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x06A83000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x06AA0000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x06BA0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x06BB9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x06BC2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x06BD0000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x011CF000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x020E0000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x02116000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x02124000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x0212E000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
    0x02145000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x00040000 \SystemRoot\System32\win32k.sys
    0x02158000 \SystemRoot\System32\drivers\Dxapi.sys
    0x02164000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005C0000 \SystemRoot\System32\TSDDD.dll
    0x00650000 \SystemRoot\System32\cdd.dll
    0x00990000 \SystemRoot\System32\ATMFD.DLL
    0x02172000 \SystemRoot\system32\drivers\luafv.sys
    0x02195000 \SystemRoot\system32\drivers\WudfPf.sys
    0x021B6000 \SystemRoot\system32\DRIVERS\WinUSB.sys
    0x021C7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x02000000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02015000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x02068000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x0207B000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x088EF000 \SystemRoot\system32\drivers\HTTP.sys
    0x089B8000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x089D6000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x08800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0882D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0887B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x09279000 \SystemRoot\system32\drivers\peauth.sys
    0x0931F000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0932A000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x0935B000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0936D000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x096E7000 \SystemRoot\System32\DRIVERS\srv.sys
    0x09600000 \SystemRoot\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
    0x09C06000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120413.025\EX64.SYS
    0x096C0000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120413.025\ENG64.SYS
    0x0977F000 \??\C:\Windows\system32\drivers\mbam.sys
    0x09789000 \SystemRoot\system32\drivers\spsys.sys
    0x77200000 \Windows\System32\ntdll.dll
    0x48350000 \Windows\System32\smss.exe
    0xFF520000 \Windows\System32\apisetschema.dll
    Processes (total 83):
    0 System Idle Process
    4 System
    300 C:\Windows\System32\smss.exe
    464 csrss.exe
    520 C:\Windows\System32\wininit.exe
    556 csrss.exe
    588 C:\Windows\System32\services.exe
    604 C:\Windows\System32\lsass.exe
    616 C:\Windows\System32\lsm.exe
    712 C:\Windows\System32\svchost.exe
    776 C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    836 C:\Windows\System32\svchost.exe
    896 C:\Windows\System32\atiesrxx.exe
    936 C:\Windows\System32\winlogon.exe
    980 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    412 C:\Windows\System32\svchost.exe
    460 C:\Program Files\IDT\WDM\stacsv64.exe
    1052 C:\Windows\System32\audiodg.exe
    1252 C:\Windows\System32\svchost.exe
    1300 C:\Windows\System32\hpservice.exe
    1324 C:\Windows\System32\atieclxx.exe
    1412 WUDFHost.exe
    1572 C:\Windows\System32\dwm.exe
    1600 C:\Windows\explorer.exe
    1612 C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    1688 C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    1796 C:\Windows\System32\svchost.exe
    1932 C:\Program Files\IDT\WDM\sttray64.exe
    1940 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2024 C:\Windows\System32\spoolsv.exe
    1180 C:\Windows\System32\taskhost.exe
    1520 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    2068 C:\Windows\System32\svchost.exe
    2112 C:\Windows\System32\svchost.exe
    2368 C:\Program Files\IDT\WDM\AESTSr64.exe
    2396 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    2432 C:\Windows\SysWOW64\ezSharedSvcHost.exe
    2504 C:\Windows\System32\svchost.exe
    2536 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    2620 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    2680 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    2736 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    2744 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    2768 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    2776 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    2800 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccsvchst.exe
    2820 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    2892 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    2924 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    2996 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1148 C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    408 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccsvchst.exe
    3420 WmiPrvSE.exe
    3492 C:\Windows\System32\wbem\unsecapp.exe
    3860 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3892 C:\Windows\System32\SearchIndexer.exe
    3996 C:\Windows\System32\svchost.exe
    4100 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    4192 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4596 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4716 C:\Windows\System32\svchost.exe
    4448 C:\Windows\System32\taskeng.exe
    4572 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    3968 dllhost.exe
    1080 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    4852 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    1332 C:\Windows\System32\taskeng.exe
    4344 C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
    1676 C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    192 WmiPrvSE.exe
    5016 C:\Windows\System32\SearchProtocolHost.exe
    4920 C:\Windows\System32\SearchFilterHost.exe
    1316 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    4560 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    2512 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    4444 C:\Windows\System32\sppsvc.exe
    4116 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    2156 taskhost.exe
    4224 dllhost.exe
    4004 dllhost.exe
    4520 C:\Users\Ryan\Desktop\MBRCheck.exe
    4452 C:\Windows\System32\conhost.exe
    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`2d200000 (NTFS)
    PhysicalDrive0 Model Number: HitachiHTS547550A9E384, Rev: JE3OA50A
    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

    Done!
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    ------------------------------------------------------
    Run the Bootkit Remover again. The MBR check is clean.
  8. rwhite1954

    rwhite1954 Newcomer, in training Topic Starter Posts: 30

    I ran Bootkit Remover again. Appears we're at the same dilemma. Bootkit remover still showing the rootkit, and the fix.bat file showing that it can't write to the first sector. Results are posted below.

    Should I try to rebuild the MBR from my recovery discs?

    Also the Windows "Action Center" is displaying a message in the Systray that points to the following Microsoft KB article (and download) - http://support.microsoft.com/kb/2506014. Thought you might like to know that as well.

    Here's the results of Bootkit Remover:
    =====================================================================
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com
    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!
    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]

    Done;
    Press any key to quit...
    ===================================================
    Here's the results of the Bootkit Remover fix.bat file run:
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com
    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
    Restoring boot code at \\.\PhysicalDrive0...
    ATA_Write(): DeviceIoControl() ERROR 1
    ERROR: Can't write first sector of the disk.
    Done;
    Press any key to quit...
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    By Gorge, I think I found it!

    Please go to VirSCAN.org FREE on-line scan service:
    If busy, you can use one of the following: ( you only need one)
    VirusTotal
    Jotti

    • [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

      Code:
      c:\windows\AxInstSV
      
      [2]. At the upload site, click once inside the window next to Browse.
      [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
      [4]. Click on the Upload button.
      This will perform a scan across multiple different virus scanning engines.
      Your file will possibly be entered into a queue which normally takes less than a minute to clear.
      Important: Wait for all of the scanning engines to complete.
      [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
      [6]. Paste the contents of the Clipboard in your next reply.
    =====================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    DirLook::
    c:\windows\AxInstSV
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Did you want to finish up?
  11. rwhite1954

    rwhite1954 Newcomer, in training Topic Starter Posts: 30

    Edit: Removing quote of my directions

    Sorry, I was away for a while and didn't have access to this computer :-(! I apologize for the period of non-responsiveness.

    I tried the 3 VirScan links you had above. The first link didn't work, but I was able to access the other 2 (Jotti and VirusTotal). However, neither of these 2 allowed me to paste the "c:\windows\AxInstSV" path in the file box. I also couldn't type it in, either. The only option was to click "Browse" to select a file folder. If I tried to type in the "c:\windows\AxInstSV
    " in the file folder box, it opened up to the AxInstSV folder, but the folder was empty, therefore no file was allowed to be selected. So, I don't have any logs from those virus scans. However, I'll go ahead and run the Combofix run with the CFScript you included and post the results after that run.

    Sorry again for the period of inactivity!
     
  12. rwhite1954

    rwhite1954 Newcomer, in training Topic Starter Posts: 30

    combofix logs are too big to put into one post. Here's first part:
    ===================================================================
    ComboFix 12-04-29.02 - Ryan 04/29/2012 15:41:11.5.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2240 [GMT -5:00]
    Running from: c:\users\Ryan\Desktop\friday.exe
    Command switches used :: c:\users\Ryan\Desktop\CFScript.txt
    AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 Premier Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-29 20:55 . 2012-04-29 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-18 01:28 . 2012-04-18 01:28 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-18 01:28 . 2012-04-18 01:28 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-14 20:01 . 2012-04-14 20:01 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    2012-04-14 19:51 . 2012-04-14 19:51 -------- d-----w- C:\HP_TOOLS_mountHPSF
    2012-04-11 00:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-11 00:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-11 00:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-11 00:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-11 00:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-04-11 00:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-04-11 00:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-04-09 02:03 . 2012-04-09 02:03 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
    2012-04-09 02:03 . 2012-04-09 02:03 -------- d-----w- c:\windows\SHELLNEW
    2012-04-09 02:02 . 2012-04-14 19:45 -------- d-----w- c:\programdata\Microsoft Help
    2012-04-09 02:01 . 2012-04-09 02:01 -------- d-----r- C:\MSOCache
    2012-04-09 00:50 . 2012-04-09 00:51 -------- d--h--w- c:\windows\AxInstSV
    2012-04-08 23:11 . 2012-04-08 23:11 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-02 21:34 . 2012-04-02 21:34 -------- d-----w- c:\windows\SysWow64\Wat
    2012-04-02 21:34 . 2012-04-02 21:34 -------- d-----w- c:\windows\system32\Wat
    2012-04-02 13:12 . 2012-04-02 13:12 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-04-02 11:55 . 2012-04-02 11:55 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
    2012-04-02 11:46 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-04-02 02:14 . 2012-04-02 02:14 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2012-04-02 01:46 . 2012-04-02 01:46 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-04-02 01:43 . 2012-04-02 01:43 -------- d-----w- c:\program files (x86)\Java
    2012-04-02 00:55 . 2012-04-02 00:55 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-02 00:55 . 2012-04-10 02:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-02 00:55 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-02 00:19 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-04-02 00:19 . 2012-04-02 00:19 -------- d-----w- c:\program files\Symantec
    2012-04-02 00:19 . 2012-04-02 00:19 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-04-02 00:19 . 2012-04-02 00:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-04-02 00:19 . 2010-08-21 03:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-04-02 00:19 . 2010-08-21 03:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-04-02 00:18 . 2012-04-08 22:59 -------- d-----w- c:\windows\system32\drivers\N360x64
    2012-04-02 00:18 . 2012-04-02 00:18 -------- d-----w- c:\program files (x86)\Norton 360 Premier Edition
    2012-04-02 00:14 . 2012-04-02 00:14 -------- d-----w- c:\programdata\PCSettings
    2012-04-02 00:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-02 00:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-02 00:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-01 23:59 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-04-01 23:59 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-04-01 23:59 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-01 23:59 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-04-01 23:55 . 2012-04-14 20:07 -------- d-----w- c:\users\Ryan
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-02 01:43 . 2011-08-30 01:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-01 23:57 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\windows\AxInstSV ----
    .
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-10_01.33.14 )))))))))))))))))))))))))))))))))))))))))
    Edit: Reviewed and removed lengthy Snapshot.
    .
  13. rwhite1954

    rwhite1954 Newcomer, in training Topic Starter Posts: 30

    Part 5 of Combofix logs:
    =============================================================================
    -- Snapshot reset to current date --
    .Edit: Note: 4 full posts of lengthy Snapshot entries were reviewed and removed. Post have been deleted.





    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
    "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    .
    c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-02 1160824]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120427.001\IDSvia64.sys [2012-03-30 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-09 138360]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 01:28]
    .
    2012-04-14 c:\windows\Tasks\HPCeeScheduleForRyan.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-29 16:18:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-29 21:18
    ComboFix2.txt 2012-04-10 01:52
    .
    Pre-Run: 440,416,595,968 bytes free
    Post-Run: 440,262,610,944 bytes free
    .
    - - End Of File - - A07486E5F4ACD9A78D9CFFC04D39F174
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, these need to be removed:
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    Folder::
    c:\windows\AxInstSV
    c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    C:\TDSSKiller_Quarantine
     
    Clearjavacache::
     
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    One more scan:
    Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
    If Mbam won't let you update, remove it and re-download and run.

    If there are any remaining problems, this would be the time to tell me.
  15. rwhite1954

    rwhite1954 Newcomer, in training Topic Starter Posts: 30

    Here are Combofix logs from running the CFScript from your last post. Fyi, I also ran MalwareBytes full scan afterward and it came up clean. I'll post those results in a separate post as well. The system is running fine - with the only problem being MBRCheck continuing to report a rootkit in the MBR and BootKitRemover being unable to remove it.

    I'm tempted to try to rebuild the master boot record manually per Microsoft instructions using the repair disks. Thoughts on that?

    Combofix logs (Part 1 - too much content to post in one posting):
    =============================================================================================
    ComboFix 12-04-29.02 - Ryan 04/29/2012 15:41:11.5.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2240 [GMT -5:00]
    Running from: c:\users\Ryan\Desktop\friday.exe
    Command switches used :: c:\users\Ryan\Desktop\CFScript.txt
    AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 Premier Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-29 20:55 . 2012-04-29 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-18 01:28 . 2012-04-18 01:28 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-18 01:28 . 2012-04-18 01:28 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-14 20:01 . 2012-04-14 20:01 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    2012-04-14 19:51 . 2012-04-14 19:51 -------- d-----w- C:\HP_TOOLS_mountHPSF
    2012-04-11 00:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-11 00:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-11 00:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-11 00:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-11 00:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-04-11 00:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-04-11 00:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-04-09 02:03 . 2012-04-09 02:03 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
    2012-04-09 02:03 . 2012-04-09 02:03 -------- d-----w- c:\windows\SHELLNEW
    2012-04-09 02:02 . 2012-04-14 19:45 -------- d-----w- c:\programdata\Microsoft Help
    2012-04-09 02:01 . 2012-04-09 02:01 -------- d-----r- C:\MSOCache
    2012-04-09 00:50 . 2012-04-09 00:51 -------- d--h--w- c:\windows\AxInstSV
    2012-04-08 23:11 . 2012-04-08 23:11 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-02 21:34 . 2012-04-02 21:34 -------- d-----w- c:\windows\SysWow64\Wat
    2012-04-02 21:34 . 2012-04-02 21:34 -------- d-----w- c:\windows\system32\Wat
    2012-04-02 13:12 . 2012-04-02 13:12 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-04-02 11:55 . 2012-04-02 11:55 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
    2012-04-02 11:46 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-04-02 02:14 . 2012-04-02 02:14 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2012-04-02 01:46 . 2012-04-02 01:46 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-04-02 01:43 . 2012-04-02 01:43 -------- d-----w- c:\program files (x86)\Java
    2012-04-02 00:55 . 2012-04-02 00:55 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-02 00:55 . 2012-04-10 02:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-02 00:55 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-02 00:19 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-04-02 00:19 . 2012-04-02 00:19 -------- d-----w- c:\program files\Symantec
    2012-04-02 00:19 . 2012-04-02 00:19 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-04-02 00:19 . 2012-04-02 00:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-04-02 00:19 . 2010-08-21 03:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-04-02 00:19 . 2010-08-21 03:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-04-02 00:18 . 2012-04-08 22:59 -------- d-----w- c:\windows\system32\drivers\N360x64
    2012-04-02 00:18 . 2012-04-02 00:18 -------- d-----w- c:\program files (x86)\Norton 360 Premier Edition
    2012-04-02 00:14 . 2012-04-02 00:14 -------- d-----w- c:\programdata\PCSettings
    2012-04-02 00:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-02 00:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-02 00:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-01 23:59 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-04-01 23:59 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-04-01 23:59 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-01 23:59 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-04-01 23:55 . 2012-04-14 20:07 -------- d-----w- c:\users\Ryan
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-02 01:43 . 2011-08-30 01:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-01 23:57 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\windows\AxInstSV ----
    .
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-10_01.33.14 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-29 20:22 . 2011-07-08 18:37 14119 c:\windows\SysWOW64\RaCoInst.dat
    + 2012-04-11 00:22 . 2012-02-28 01:03 72704 c:\windows\SysWOW64\mshtmled.dll
    - 2012-04-02 12:45 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll
    + 2012-04-11 00:22 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    - 2012-04-02 12:45 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    - 2012-04-02 12:45 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll
    + 2012-04-11 00:22 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll
    + 2010-11-21 03:09 . 2012-04-29 20:32 41668 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-04-29 20:32 42312 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2010-03-18 16:36 . 2010-03-18 16:36 57168 c:\windows\system32\vcomp100.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 57168 c:\windows\system32\vcomp100.dll
    + 2012-04-29 20:22 . 2011-07-08 18:37 14119 c:\windows\system32\RaCoInst.dat
    - 2012-04-02 12:45 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll
    + 2012-04-11 00:22 . 2012-02-28 06:43 96256 c:\windows\system32\mshtmled.dll
    - 2012-04-02 12:45 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll
    + 2012-04-11 00:22 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 91472 c:\windows\system32\mfcm100u.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 91472 c:\windows\system32\mfcm100u.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 91472 c:\windows\system32\mfcm100.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 91472 c:\windows\system32\mfcm100.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 60752 c:\windows\system32\mfc100rus.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 60752 c:\windows\system32\mfc100rus.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 43344 c:\windows\system32\mfc100kor.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 43344 c:\windows\system32\mfc100kor.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 43856 c:\windows\system32\mfc100jpn.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 43856 c:\windows\system32\mfc100jpn.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 62288 c:\windows\system32\mfc100ita.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 62288 c:\windows\system32\mfc100ita.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 64336 c:\windows\system32\mfc100fra.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 64336 c:\windows\system32\mfc100fra.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 63824 c:\windows\system32\mfc100esn.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 63824 c:\windows\system32\mfc100esn.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 55120 c:\windows\system32\mfc100enu.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 55120 c:\windows\system32\mfc100enu.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 64336 c:\windows\system32\mfc100deu.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 64336 c:\windows\system32\mfc100deu.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 36176 c:\windows\system32\mfc100cht.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 36176 c:\windows\system32\mfc100cht.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 36176 c:\windows\system32\mfc100chs.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 36176 c:\windows\system32\mfc100chs.dll
    - 2012-04-02 12:45 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll
    + 2012-04-11 00:22 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll
    - 2011-01-26 23:01 . 2011-01-26 23:01 30520 c:\windows\system32\hpservice.exe
    + 2011-05-27 16:20 . 2011-05-27 16:20 30520 c:\windows\system32\hpservice.exe
    + 2011-05-27 16:20 . 2011-05-27 16:20 17720 c:\windows\system32\HPMDPCoInst12.dll
    - 2009-07-14 05:30 . 2012-04-02 22:51 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2009-07-14 05:30 . 2012-04-29 20:27 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2011-10-15 15:13 . 2011-07-08 18:37 14119 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_c28e08a5df4ad1d6\RaCoInst.dat
    + 2011-03-07 17:49 . 2011-03-07 17:49 14051 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9f8280168b82547f\RaCoInst.dat
    - 2011-10-15 15:13 . 2011-03-07 16:49 14051 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9f8280168b82547f\RaCoInst.dat
    + 2011-05-27 16:20 . 2011-05-27 16:20 30520 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\hpservice.exe
    + 2011-05-27 16:20 . 2011-05-27 16:20 17720 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\HPMDPCoInst12.dll
    + 2011-05-27 16:20 . 2011-05-27 16:20 30008 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\hpdskflt.sys
    + 2011-05-27 16:20 . 2011-05-27 16:20 20792 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\accelerometerdll.DLL
    + 2011-05-27 16:20 . 2011-05-27 16:20 43320 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\Accelerometer.sys
    - 2011-01-26 23:01 . 2011-01-26 23:01 30008 c:\windows\system32\drivers\hpdskflt.sys
    + 2011-01-26 23:01 . 2011-05-27 16:20 30008 c:\windows\system32\drivers\hpdskflt.sys
    + 2011-05-27 16:20 . 2011-05-27 16:20 43320 c:\windows\system32\drivers\Accelerometer.sys
    - 2011-01-26 23:01 . 2011-01-26 23:01 43320 c:\windows\system32\drivers\Accelerometer.sys
    + 2012-04-01 23:59 . 2012-04-29 19:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-04-01 23:59 . 2012-04-09 01:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-04-02 02:15 . 2012-04-29 19:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2012-04-02 02:15 . 2012-04-09 01:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-09 01:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-29 19:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-05-27 16:20 . 2011-05-27 16:20 20792 c:\windows\system32\accelerometerdll.DLL
    - 2011-01-26 23:01 . 2011-01-26 23:01 20792 c:\windows\system32\accelerometerdll.DLL
    + 2009-07-14 04:46 . 2012-04-14 21:02 97496 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2012-04-02 13:19 . 2012-04-02 13:19 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 76200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 79776 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 15208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 27528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.v4.0.Framework\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.v4.0.Framework.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 56184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 91512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2012-04-11 00:25 . 2012-04-11 00:25 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-04-11 00:25 . 2012-04-11 00:25 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2011-01-24 22:16 . 2011-01-24 22:16 14336 c:\windows\Installer\311337.msp
    - 2012-04-09 02:07 . 2012-04-09 02:14 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
    + 2011-08-30 01:33 . 2012-04-10 03:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    - 2011-08-30 01:33 . 2011-08-30 01:33 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 98304 c:\windows\Installer\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\HPSF.exe2_2EBA634C3DB04BEC8765F065A06AB6AA.exe
    + 2012-04-14 20:03 . 2012-04-14 20:03 98304 c:\windows\Installer\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\HPSF.exe1_5321553C1DE9413FB5EC5DBF79DC538E.exe
    + 2012-04-14 20:03 . 2012-04-14 20:03 98304 c:\windows\Installer\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\HPSF.exe_01B09B243E324170B7925EAE4C76365E.exe
    + 2012-04-14 20:03 . 2012-04-14 20:03 98304 c:\windows\Installer\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\ARPPRODUCTICON.exe
    + 2012-04-14 20:04 . 2012-04-14 20:04 10134 c:\windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\ARPPRODUCTICON.exe
    + 2012-04-29 20:23 . 2012-04-29 20:23 90022 c:\windows\Installer\{28FE073B-1230-4BF6-830C-7434FD0C0069}\app_1.exe
    + 2010-02-25 16:07 . 2010-02-25 16:07 49488 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\VBAJET32.DLL
    + 2010-01-10 02:47 . 2010-01-10 02:47 29528 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\THOCRAPI.DLL
    + 2010-03-23 01:36 . 2010-03-23 01:36 82848 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\PEOPLEDATAHANDLER.DLL
    + 2010-03-23 01:36 . 2010-03-23 01:36 45984 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OSETUPPS.DLL
    + 2010-03-23 01:36 . 2010-03-23 01:36 15776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OMUOPTINPS.DLL
    + 2010-02-28 07:13 . 2010-02-28 07:13 20880 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MUOPTIN.DLL
    + 2010-03-01 10:17 . 2010-03-01 10:17 14736 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOCFUIU.DLL
    + 2010-01-11 00:48 . 2010-01-11 00:48 18832 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOCFU.DLL
    + 2010-03-23 01:36 . 2010-03-23 01:36 58232 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\EXP_XPS.DLL
    + 2010-03-23 01:51 . 2010-03-23 01:51 44480 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACERCLR.DLL
    + 2010-03-23 01:51 . 2010-03-23 01:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEODTXT.DLL
    + 2010-03-23 01:51 . 2010-03-23 01:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEODEXL.DLL
    + 2010-03-23 01:51 . 2010-03-23 01:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEODDBS.DLL
    + 2010-03-23 15:54 . 2010-03-23 15:54 37776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEERR.DLL
    + 2012-04-14 20:06 . 2010-10-27 18:28 11320 c:\windows\Help\OEM\Scripts\HPSARedirectorLauncher.exe
    - 2010-10-27 18:28 . 2010-10-27 18:28 11320 c:\windows\Help\OEM\Scripts\HPSARedirectorLauncher.exe
    + 2012-04-14 20:06 . 2011-04-27 15:36 21048 c:\windows\Help\OEM\Scripts\checkMui.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\f137c53afae3903f20eba1fa0f8f8dad\System.Xml.Serialization.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ef151d5b49d8b0d0052d05fc56d25107\System.Windows.Presentation.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c5b08a1a9a7a97922af50f30b5e32268\System.Web.ApplicationServices.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5b53a87f7799ee5454e4fb8faece3a82\System.AddIn.Contract.ni.dll
    + 2012-04-12 00:36 . 2012-04-12 00:36 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 28160 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\6885348510555806f55825539f99691b\Microsoft.Office.Tools.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 55808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\1564c97d4494d51111c907058d8664e8\Microsoft.Office.Tools.v4.0.Framework.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe
    + 2012-04-12 00:34 . 2012-04-12 00:34 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\8dd565cc0b374e1eec73cf7eaba91e92\UIAutomationProvider.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\077e75015456f75a0495f65cfcf140cb\System.Windows.Presentation.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\22a9aa847a8e4e651a35b63270ce8999\System.Web.ApplicationServices.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fdeb5ca04943da59f732d3001d6a0df0\System.ServiceModel.Channels.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\9688786618bf6390637c283b5bd1c9b3\System.AddIn.Contract.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\6ffc3ac04451b4978519218fd266403e\Microsoft.VisualC.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 45056 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\9d5e0f70ee77a55f1ce32fac3366ac38\Microsoft.Office.Tools.v4.0.Framework.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 21504 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\11b10e95e6c0b206ea453097cda58614\Microsoft.Office.Tools.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\8cbc15b63aa3f06453f1aaa8659cf809\Accessibility.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d1f2d3b5e187e3bc12ec2522bb845392\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 84992 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\60011d8c51e32dffe9342397dabf4e5d\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5b75d5795521241fb2344a38cf42f295\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 86016 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\54372f6724e4b83e703b68a13bf72066\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 93696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\1bfd71e2bb2110f637dadfdad19c6089\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cfa1b9febc176c31040ee4df6e8ab1eb\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cd2766ef74cee07c420507db80aed932\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 51712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b63cd78bf6dd3e9df6dd1b3b8e550c03\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 58368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\625efeb26f5791302a0777b08feeae18\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\560af98e8232dfaa8f745112ed6b8be1\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 66560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0c7d30a3d4b7a03d5d150b40befb02fa\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 83896 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 41408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 63408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 77752 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 23976 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 62392 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 32688 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 35256 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 24496 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 41408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll
    + 2012-04-29 20:26 . 2012-04-29 20:26 91704 c:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 98872 c:\windows\assembly\GAC_MSIL\HP.SupportFramework.Logging\1.0.0.0__a5a013d267b3a679\HP.SupportFramework.Logging.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 22584 c:\windows\assembly\GAC_MSIL\HP.SupportFramework.Communicator\1.0.0.0__370cd15173f7ac8f\HP.SupportFramework.Communicator.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 13368 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant\6.0.1.1__ff8a51a3dda870ab\HP.SupportAssistant.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 25144 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant.ServiceManager\6.0.1.1__afd7346f05a57c11\HP.SupportAssistant.ServiceManager.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 74296 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant.Common\6.0.1.1__41bdec5abf54f6dc\HP.SupportAssistant.Common.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 36920 c:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
    + 2012-04-14 20:04 . 2012-04-14 20:04 36920 c:\windows\assembly\GAC_MSIL\HP.ActiveCheckLocalMode.SessionManager\1.1.0.0__87cc6405259abc0f\HP.ActiveCheckLocalMode.SessionManager.dll
    + 2012-04-14 20:04 . 2012-04-14 20:04 32312 c:\windows\assembly\GAC_MSIL\HP.ActiveCheckLocalMode.ServiceFacade\1.1.0.0__87cc6405259abc0f\HP.ActiveCheckLocalMode.ServiceFacade.dll
    + 2012-04-01 23:57 . 2012-04-29 20:32 5864 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-329077410-4254268383-3766462361-1001_UserData.bin
    - 2012-04-10 01:32 . 2012-04-10 01:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-29 20:57 . 2012-04-29 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-04-10 01:32 . 2012-04-10 01:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-04-29 20:57 . 2012-04-29 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-04-29 20:26 . 2012-04-29 20:26 4608 c:\windows\Installer\21a180.msi
    + 2012-04-29 20:26 . 2012-04-29 20:26 8598 c:\windows\Installer\{5601F151-A69F-4E30-8C60-37928124CD07}\controlPanelIcon.exe
    + 2010-03-13 06:01 . 2010-03-13 06:01 9592 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\XLCALL32.DLL
    - 2011-08-30 01:45 . 2006-09-29 21:28 4096 c:\windows\Help\OEM\Scripts\Interop.HelpPane.dll
    + 2012-04-14 20:06 . 2006-09-29 19:28 4096 c:\windows\Help\OEM\Scripts\Interop.HelpPane.dll
    - 2011-08-30 01:45 . 2008-12-03 17:24 7168 c:\windows\Help\OEM\Scripts\HPHS_Launcher.exe
    + 2012-04-14 20:06 . 2008-12-03 15:24 7168 c:\windows\Help\OEM\Scripts\HPHS_Launcher.exe
    + 2012-04-12 00:34 . 2012-04-12 00:34 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\6bafe185b3d23de57ec689035642fe43\System.Xml.Serialization.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\592252ee904bd41f99cd1d19909b548c\dfsvc.ni.exe
    + 2012-04-11 00:22 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll
    - 2012-04-02 12:45 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll
    + 2011-08-19 20:01 . 2011-08-19 20:01 768848 c:\windows\SysWOW64\msvcr100.dll
    + 2011-08-19 20:01 . 2011-08-19 20:01 421200 c:\windows\SysWOW64\msvcp100.dll
    - 2010-11-09 22:20 . 2010-11-09 22:20 421200 c:\windows\SysWOW64\msvcp100.dll
    + 2012-04-18 01:28 . 2012-04-18 01:28 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
    + 2012-04-18 01:28 . 2012-04-18 01:28 424608 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.dll
    + 2012-04-18 01:28 . 2012-04-18 01:28 253088 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    - 2012-04-02 12:45 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll
    + 2012-04-11 00:22 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll
    + 2012-04-11 00:22 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll
    - 2012-04-02 12:45 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll
    + 2012-04-02 00:48 . 2012-04-20 02:04 257762 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2012-04-02 12:45 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll
    + 2012-04-11 00:22 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll
    - 2011-10-15 15:13 . 2011-03-07 16:49 327008 c:\windows\system32\RaCoInstx.dll
    + 2011-10-15 15:13 . 2011-07-08 18:37 327008 c:\windows\system32\RaCoInstx.dll
    + 2009-07-14 02:36 . 2012-04-29 20:35 660318 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-04-09 22:03 660318 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-04-09 22:03 121214 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-04-29 20:35 121214 c:\windows\system32\perfc009.dat
    + 2011-01-07 20:02 . 2011-01-07 20:02 827728 c:\windows\system32\msvcr100.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 827728 c:\windows\system32\msvcr100.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 608080 c:\windows\system32\msvcp100.dll
    + 2012-04-11 00:22 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll
    - 2012-04-02 12:45 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll
    - 2012-04-02 12:45 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll
    + 2012-04-11 00:22 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll
    - 2009-07-14 05:30 . 2012-04-02 22:51 143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2012-04-29 20:27 143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2012-04-29 20:26 143360 c:\windows\system32\DriverStore\infstor.dat
    - 2009-07-14 05:30 . 2012-04-02 22:51 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2011-10-15 15:13 . 2011-07-08 18:37 327008 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_c28e08a5df4ad1d6\RaCoInstx.dll
    + 2011-03-07 17:49 . 2011-03-07 17:49 327008 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9f8280168b82547f\RaCoInstx.dll
    - 2011-10-15 15:13 . 2011-03-07 16:49 327008 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9f8280168b82547f\RaCoInstx.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 158536 c:\windows\system32\atl100.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 158536 c:\windows\system32\atl100.dll
    + 2011-10-15 15:36 . 2012-04-29 20:56 722808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2009-07-14 05:01 . 2012-04-10 01:31 318112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-04-29 20:56 318112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2012-04-02 01:01 . 2012-04-10 01:31 918340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-329077410-4254268383-3766462361-1001-8192.dat
    + 2012-04-02 01:01 . 2012-04-29 19:42 918340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-329077410-4254268383-3766462361-1001-8192.dat
    ==========================================================================================
  16. rwhite1954

    rwhite1954 Newcomer, in training Topic Starter Posts: 30

    Combofix Logs Part 2:
    ========================================================================
    + 2012-01-21 22:40 . 2012-01-21 22:40 616216 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
    + 2012-04-10 23:52 . 2012-01-26 23:31 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
    + 2012-01-21 22:40 . 2012-01-21 22:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
    + 2012-04-10 23:52 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 397208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 133544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.Internal\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 201648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 163744 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 141688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 341392 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.Implementation.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 139672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.Implementation.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 171384 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 465304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.Implementation.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 357272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.Implementation.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2012-04-11 00:25 . 2012-04-11 00:25 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2012-04-11 00:25 . 2012-04-11 00:25 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2011-04-19 09:54 . 2011-04-19 09:54 227328 c:\windows\Installer\311432.msi
    + 2011-04-19 09:21 . 2011-04-19 09:21 235520 c:\windows\Installer\31142b.msi
    + 2011-06-20 04:33 . 2011-06-20 04:33 407552 c:\windows\Installer\311405.msp
    + 2011-10-27 04:23 . 2011-10-27 04:23 925696 c:\windows\Installer\311377.msp
    + 2011-10-27 03:46 . 2011-10-27 03:46 794112 c:\windows\Installer\31134d.msp
    + 2011-10-27 03:51 . 2011-10-27 03:51 592896 c:\windows\Installer\31132f.msp
    + 2011-08-22 04:19 . 2011-08-22 04:19 133120 c:\windows\Installer\311276.msp
    + 2012-02-09 12:27 . 2012-02-09 12:27 206848 c:\windows\Installer\29fde0.msp
    + 2012-03-21 10:58 . 2012-03-21 10:58 133120 c:\windows\Installer\29fd9d.msp
    + 2011-04-29 01:27 . 2011-04-29 01:27 608768 c:\windows\Installer\154af0.msp
    + 2012-04-29 20:20 . 2012-04-29 20:20 132754 c:\windows\Installer\{ED1BD69A-07E3-418C-91F1-D856582581BF}\_853F67D554F05449430E7E.exe
    + 2012-04-29 20:25 . 2012-04-29 20:25 132754 c:\windows\Installer\{E44578C7-4667-4124-8BC2-1161BCA54978}\_F69FB2DB3B6672BEBE0F60.exe
    + 2012-04-29 20:25 . 2012-04-29 20:25 132754 c:\windows\Installer\{E44578C7-4667-4124-8BC2-1161BCA54978}\_853F67D554F05449430E7E.exe
    + 2012-04-29 20:25 . 2012-04-29 20:25 132754 c:\windows\Installer\{E44578C7-4667-4124-8BC2-1161BCA54978}\_6CB6AAA874BF315617841D.exe
    + 2012-04-14 19:42 . 2012-04-14 19:42 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
    - 2012-04-09 02:12 . 2012-04-09 02:12 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
    + 2010-02-13 11:25 . 2010-02-13 11:25 128384 c:\windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\14.0.4763\FPLACE.DLL
    + 2010-02-28 08:13 . 2010-02-28 08:13 579968 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\VPREVIEW.EXE
    + 2010-01-10 02:47 . 2010-01-10 02:47 133512 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\TWCUTCHR.DLL
    + 2010-02-28 07:13 . 2010-02-28 07:13 521616 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\SELFCERT.EXE
    + 2010-02-28 09:41 . 2010-02-28 09:41 615800 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONWORDADDIN.DLL
    + 2010-02-28 09:41 . 2010-02-28 09:41 560512 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONPPTADDIN.DLL
    + 2010-03-30 01:26 . 2010-03-30 01:26 140144 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONENOTEMANAGED.DLL
    + 2010-03-30 01:26 . 2010-03-30 01:26 227712 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONENOTEM.EXE
    + 2010-02-28 09:41 . 2010-02-28 09:41 533368 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONBTTNWD.DLL
    + 2010-02-28 09:41 . 2010-02-28 09:41 533376 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONBTTNPPT.DLL
    + 2010-03-01 10:19 . 2010-03-01 10:19 697728 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONBTTNOL.DLL
    + 2010-02-28 07:21 . 2010-02-28 07:21 259960 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OISGRAPH.DLL
    + 2010-02-28 07:21 . 2010-02-28 07:21 886640 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OISAPP.DLL
    + 2010-02-28 07:21 . 2010-02-28 07:21 274280 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OIS.EXE
    + 2010-02-28 07:09 . 2010-02-28 07:09 401784 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OFFXML.DLL
    + 2010-03-11 05:44 . 2010-03-11 05:44 510904 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ODEPLOY.EXE
    + 2010-01-10 02:23 . 2010-01-10 02:23 169352 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OARPMANY.EXE
    + 2010-02-28 07:15 . 2010-02-28 07:15 702312 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSTORDB.EXE
    + 2010-03-30 02:47 . 2010-03-30 02:47 218464 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSPROOF6.DLL
    + 2010-03-16 07:58 . 2010-03-16 07:58 360824 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOUC.EXE
    + 2010-03-16 07:58 . 2010-03-16 07:58 718208 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOSYNC.EXE
    + 2010-03-25 01:28 . 2010-03-25 01:28 473952 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOICONS.EXE
    + 2010-03-06 10:29 . 2010-03-06 10:29 501088 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSODCW.DLL
    + 2010-03-01 10:17 . 2010-03-01 10:17 152952 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOCF.DLL
    + 2009-09-04 14:02 . 2009-09-04 14:02 591680 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSLID.DLL
    + 2010-03-25 01:28 . 2010-03-25 01:28 571232 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MISC.EXE
    + 2010-02-28 07:15 . 2010-02-28 07:15 698216 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MEDCAT.DLL
    + 2010-03-23 01:36 . 2010-03-23 01:36 178560 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\IETAG.DLL
    + 2010-02-28 09:41 . 2010-02-28 09:41 578472 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\IECONTENTSERVICE.EXE
    + 2010-02-04 09:41 . 2010-02-04 09:41 120160 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\FLTLDR.EXE
    + 2010-02-25 16:07 . 2010-02-25 16:07 452936 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\EXPSRV.DLL
    + 2010-03-23 16:03 . 2010-03-23 16:03 104824 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\EXP_PDF.DLL
    + 2010-02-28 07:09 . 2010-02-28 07:09 519584 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\DWTRIG20.EXE
    + 2010-03-01 10:18 . 2010-03-01 10:18 397656 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\CDLMSO.DLL
    + 2010-01-19 01:59 . 2010-01-19 01:59 998776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ASMAIN.DLL
    + 2010-01-19 01:59 . 2010-01-19 01:59 100280 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ASLTS.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 362904 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEXBE.DLL
    + 2010-03-23 15:54 . 2010-03-23 15:54 220560 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACETXT.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 527776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEREP.DLL
    + 2010-03-23 01:51 . 2010-03-23 01:51 329624 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACER3X.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 383904 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEOLEDB.DLL
    + 2010-03-23 01:51 . 2010-03-23 01:51 278448 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEODBC.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 643992 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEEXCL.DLL
    + 2010-03-23 15:54 . 2010-03-23 15:54 334752 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEEXCH.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 686504 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEES.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 548792 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEDAO.DLL
  17. rwhite1954

    rwhite1954 Newcomer, in training Topic Starter Posts: 30

    Combofix Logs Part 3:
    ===============================================================================
    + 2012-04-14 20:03 . 2012-04-14 20:03 877624 c:\windows\assembly\temp\41S0QPMMGF\HP.SupportFramework.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\3893bfa343bfd255531a743ffa660722\WindowsFormsIntegration.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 314880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.RegularE#\ebfbacf10670251b2db61f2cbca08af3\System.Web.RegularExpressions.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\a38a67bfd6245b2f72eb918a57d37bcd\System.ServiceProcess.ni.dll
    + 2012-04-12 00:42 . 2012-04-12 00:42 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll
    + 2012-04-12 00:42 . 2012-04-12 00:42 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 995328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\2da997f0d78859f06d72fcc61fc1a36f\System.Runtime.Remoting.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 311296 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Cach#\c64bdda4c5b1008a50130456a416e688\System.Runtime.Caching.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll
    + 2012-04-12 00:42 . 2012-04-12 00:42 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\cdf11c8e0679ce7ff91dc37c6e1b5545\System.Messaging.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 292352 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\cb799cb414d94fdd0d6d0e73fb0c7032\System.Drawing.Design.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe
    + 2012-04-12 00:37 . 2012-04-12 00:37 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 169984 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\c45a27e16f1710fbb5f9a1998d91ffc0\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 232960 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\c38c85ad0a6ea744ee4ca440adfebc4e\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 475136 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\b1e9a84a2436a463c35ded871dca6419\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 247808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\8cc272eda49bc1202de40a2691882fcc\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 864768 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\67278ab733f1baf4132ca4bf85cd5b60\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 992256 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\4c1b69eea40a1af64f8c4f833e367864\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
    + 2012-04-12 00:36 . 2012-04-12 00:36 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b6c591378ae5158071d63be3fb88ef37\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 993280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\e124e073bbf4e06cb775df9d6b8b7979\Microsoft.Office.Tools.Excel.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 199680 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\952e3b13d0001f027a1c3f96e33d5c77\Microsoft.Office.Tools.Outlook.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\94906ec077cf7897d25d2c3659bc7dfe\Microsoft.Office.Tools.Common.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 408576 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7d87585ac27f3634bc84ac2e65c12bbc\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 851456 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Uti#\ef49e94c2b9e293e658979ba193686c7\Microsoft.Build.Utilities.v4.0.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 353792 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Fra#\f03be672b1993e4a2dee05f0c99cf27a\Microsoft.Build.Framework.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ebd99d5801192b27f605630e2665db37\WindowsFormsIntegration.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\9562374f940f41cdc64d88268d543f0b\UIAutomationTypes.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\641eec5b274fe3972d02892607f9b650\UIAutomationClient.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\0b68854406b775365c6d91e87813c2dc\System.Windows.Input.Manipulations.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\0613bd8bf52bb05610bc85ae9b950e9f\System.Web.RegularExpressions.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5e3cf00b80c0aecd8392f1702d2d0f28\System.Transactions.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9cabbb335fc6dff10392376707a4d0a2\System.ServiceProcess.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d3d9c582c7cd77f17fd93167dc462242\System.ServiceModel.Routing.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7b17528dffe47d9b17be6086a575a516\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 244736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\a89c27bacba019eeed438f67b8544b78\System.Runtime.Caching.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\965e2749489298cc85387f44f76a40f2\System.Net.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\621d2aae96fd06f9ccf66d335d7f1232\System.Messaging.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\1bff2d3e952c2160ba0c790d2342a601\System.Management.Instrumentation.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e6cb98078120266f5310adf0f45aa7df\System.IO.Log.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\22dadf930ad449894633480562d6c913\System.IdentityModel.Selectors.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.Wrapper.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.ni.dll
    + 2012-04-11 00:27 . 2012-04-11 00:27 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\7f51b59dc6c39bbc00776c9204d7525d\System.Drawing.Design.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e25cc7918b583b3beffcad52920eae29\System.DirectoryServices.AccountManagement.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\a3be39ae9813098aa81430dd507d22ca\System.DirectoryServices.Protocols.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4975f93d2055b33bd7a91d6f05628e2a\System.Device.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\42d3d301d2adef24edeb3b775fbe3a4b\System.Data.DataSetExtensions.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\e844f0d4cf703c2e97515ed020331b76\System.Configuration.Install.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\9b418b211d6207feafcdc27027d26036\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\a4cfba8e3500f8387fe5924b940983be\System.AddIn.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\520d0ed9f48c121fbe79bda6fc176b74\System.Activities.DurableInstancing.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\98ec8a39382e6eee39845bd4759ecf04\SMSvcHost.ni.exe
    + 2012-04-12 00:31 . 2012-04-12 00:31 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b905cdec5960d51e5bdc7030b005c09\SMDiagnostics.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 210432 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\c94b450a8c2f30439acc69a8823270df\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 708608 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\bea3115c4fb01ef5636cc104793d85c9\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 177152 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\95cc6c6d8a6966379f51dbc022bdeef6\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\4a71330988e21161159809690e690cc3\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 364544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\20da1f81376916a4f394f3c0781688d4\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 738304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\1917917be6c570244e250b28a9cb819f\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09237903b1f9e5c7a69a4995d85eaa35\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5958d9610eb58adb2b62153492a7c27e\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 152064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\e070443fc6be8a8f34f68fb6c9674494\Microsoft.Office.Tools.Outlook.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\ce50979942c411efd3323472dc2e6254\Microsoft.Office.Tools.Common.Implementation.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 676864 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\cd38bbc2e82123234ae8fb6c05999af7\Microsoft.Office.Tools.Word.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 730624 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\92d8765edfd33f34e12da0b65c49f9c0\Microsoft.Office.Tools.Excel.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 336384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\59026dafb681def4fa70a4996bb79244\Microsoft.Office.Tools.Common.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 312320 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\4c535bf3606c143cdecd5195c596179a\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\861156abd2fbeb15a72e479fb140c9b9\Microsoft.Build.Utilities.v4.0.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\03c15533eddd91753b86895c6bfd59aa\Microsoft.Build.Framework.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\2ea95f3113ace6c1adf4ab9f9fc4285e\System.ServiceProcess.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a94125636875d06389922fcd86b7a615\System.Drawing.Design.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 773120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\f62e745133fcb776cd05bc7a71e1fcfc\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 305664 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b4ca8eca3fb2b9e9eb4dcde40eca00b0\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 495616 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b45b8ce21d0fd161749b2de5bc7df56e\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 215040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b1e5be52d573d8203b7ee97196af0956\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 225280 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\841980c52ea05db8c1561ee8f396f19b\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 226304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\624a2b05e9289689e3ab48f2b5b892c6\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 226816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5e3dfcd0cf8a0c016d82a75b1dfcb601\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 956416 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5d5f9b6272e24579f25243fbe7304f45\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 777728 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\583db918d8c4155fab760bb05f4bebc8\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\1b07f538fe72210d0c2c8b2c55e7b8c0\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\193686cd8f2e68607e6906da98c910c6\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 270336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\17a38b3f6b386d8ae5bfac23a8862d1a\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 124928 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\02fb65084750031d3d1fce63bb3fef35\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 222208 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\a36614337f719e86f7448fa534bc4e3a\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\44eecde37d940c1c9aaebb700ae81ed5\Microsoft.Office.Tools.v9.0.ni.dll
    + 2012-04-11 00:32 . 2012-04-11 00:32 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll
    + 2012-04-11 00:32 . 2012-04-11 00:32 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b64b898fd099d1644a8673137ac56011\System.Drawing.Design.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 134144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e4053ef7b971ae81468e7c398f9a0836\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 215040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a278c91a9f9d7c4ea7e1aaf0c290684a\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 650752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9949ca42861385d6f9ed0057faa58027\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 363008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\73a385d0a8e76c44988c813a93d626b3\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\67a0b11d64fd1316376326b78f69e02a\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 179200 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4ed816753c9fedb84dbc6de93744350b\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 617472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1c085ee71c2b8e94aae910a39bc4a212\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\035789f7c3aca166d18391af5349bbbb\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\01e71094136bf26bea62a21c69d5aa14\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 155648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\e9fe92f5ee79d406f7e98a12841e2861\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 816128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\773d5489dd158e1c72c2b8327c4cffd3\Microsoft.Office.Tools.Common.v9.0.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 854528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\667bce54a4a095320e5c3390e52e9693\Microsoft.Office.Tools.Word.v9.0.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\564ee7c52ff064b953ca9fe02e0a2067\Microsoft.Office.Tools.v9.0.ni.dll
    + 2012-04-10 23:52 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 363936 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 193472 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 153008 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll
    + 2012-04-14 20:03 . 2012-04-29 19:55 877952 c:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 150584 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant.Engine\6.0.1.1__e1eab6ede003577a\HP.SupportAssistant.Engine.dll
    + 2012-04-29 20:26 . 2012-04-29 20:26 112696 c:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
    - 2012-04-02 12:45 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll
    + 2012-04-11 00:22 . 2012-02-28 01:11 1127424 c:\windows\SysWOW64\wininet.dll
    + 2012-04-11 00:22 . 2012-02-28 01:12 1103360 c:\windows\SysWOW64\urlmon.dll
    - 2012-04-02 12:45 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll
    + 2012-04-11 00:22 . 2012-03-06 05:59 3913072 c:\windows\SysWOW64\ntoskrnl.exe
    + 2012-04-11 00:22 . 2012-03-06 05:59 3968368 c:\windows\SysWOW64\ntkrnlpa.exe
    - 2012-04-09 00:52 . 2011-11-19 14:50 3968368 c:\windows\SysWOW64\ntkrnlpa.exe
    + 2012-04-11 00:22 . 2012-02-28 01:18 1799168 c:\windows\SysWOW64\jscript9.dll
    - 2012-04-02 12:45 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll
    + 2012-04-11 00:22 . 2012-02-28 01:04 1792000 c:\windows\SysWOW64\iertutil.dll
    + 2012-04-11 00:22 . 2012-02-28 01:27 9705984 c:\windows\SysWOW64\ieframe.dll
    + 2010-10-20 17:44 . 2010-10-20 17:44 1207656 c:\windows\SysWOW64\FM20.DLL
    + 2009-07-14 04:54 . 2012-04-17 22:46 1556480 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-04-09 00:55 1556480 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-04-17 22:46 3719168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-09 00:55 3719168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-09 00:55 1654784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-17 22:46 1654784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-04-11 00:22 . 2012-02-28 06:49 1390080 c:\windows\system32\wininet.dll
    - 2012-04-02 12:45 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll
    - 2012-04-02 12:45 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll
    + 2012-04-11 00:22 . 2012-02-28 06:50 1345536 c:\windows\system32\urlmon.dll
    + 2012-04-11 00:22 . 2012-03-06 06:53 5559152 c:\windows\system32\ntoskrnl.exe
    - 2012-04-09 00:52 . 2011-11-19 15:20 5559152 c:\windows\system32\ntoskrnl.exe
    + 2011-01-07 20:02 . 2011-01-07 20:02 5523280 c:\windows\system32\mfc100u.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 5493576 c:\windows\system32\mfc100.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 5493576 c:\windows\system32\mfc100.dll
    + 2012-04-11 00:22 . 2012-02-28 06:56 2311168 c:\windows\system32\jscript9.dll
    + 2012-04-11 00:22 . 2012-02-28 06:43 2144256 c:\windows\system32\iertutil.dll
    - 2012-04-02 12:45 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll
    + 2011-10-15 15:13 . 2011-07-19 15:19 1492992 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_c28e08a5df4ad1d6\netr28x.sys
    - 2011-10-15 15:13 . 2011-03-07 16:55 1353280 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9f8280168b82547f\netr28x.sys
    + 2011-03-07 17:55 . 2011-03-07 17:55 1353280 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9f8280168b82547f\netr28x.sys
    + 2011-10-15 15:13 . 2011-07-19 15:19 1492992 c:\windows\system32\drivers\netr28x.sys
    - 2009-07-14 04:45 . 2012-04-09 02:16 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 04:45 . 2012-04-14 20:12 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2012-04-02 13:19 . 2012-04-02 13:19 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2012-04-11 00:25 . 2012-04-11 00:25 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2012-04-11 00:25 . 2012-04-11 00:25 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2011-08-23 22:01 . 2011-08-23 22:01 3480576 c:\windows\Installer\b0d42.msi
    + 2011-11-18 23:52 . 2011-11-18 23:52 9183232 c:\windows\Installer\311479.msp
    + 2012-01-05 11:21 . 2012-01-05 11:21 4964864 c:\windows\Installer\311449.msp
    + 2011-03-18 00:20 . 2011-03-18 00:20 1961984 c:\windows\Installer\31141b.msp
    + 2011-07-21 17:34 . 2011-07-21 17:34 3456000 c:\windows\Installer\3113d7.msp
    + 2011-10-16 19:28 . 2011-10-16 19:28 1138688 c:\windows\Installer\3113c1.msp
    + 2011-07-21 17:45 . 2011-07-21 17:45 3809792 c:\windows\Installer\3113a3.msp
    + 2011-10-27 04:23 . 2011-10-27 04:23 8821760 c:\windows\Installer\31138d.msp
    + 2011-07-21 17:41 . 2011-07-21 17:41 8413696 c:\windows\Installer\311363.msp
    + 2011-10-27 03:46 . 2011-10-27 03:46 1833472 c:\windows\Installer\3112ff.msp
    + 2012-03-01 04:55 . 2012-03-01 04:55 3462656 c:\windows\Installer\3112b2.msp
    + 2011-04-16 13:44 . 2011-04-16 13:44 2770944 c:\windows\Installer\31129d.msi
    + 2011-08-22 04:18 . 2011-08-22 04:18 1585152 c:\windows\Installer\31126f.msp
    + 2012-01-22 15:20 . 2012-01-22 15:20 1707520 c:\windows\Installer\29fdea.msp
    + 2012-03-07 20:01 . 2012-03-07 20:01 1907712 c:\windows\Installer\29fdd8.msp
    + 2012-04-01 21:27 . 2012-04-01 21:27 3463168 c:\windows\Installer\29fdc9.msp
    + 2012-02-17 08:50 . 2012-02-17 08:50 1236480 c:\windows\Installer\29fdb3.msp
    + 2012-03-21 10:57 . 2012-03-21 10:57 1591808 c:\windows\Installer\29fd96.msp
    + 2012-04-29 20:24 . 2012-04-29 20:24 4314624 c:\windows\Installer\21a159.msi
    + 2012-04-29 20:19 . 2012-04-29 20:19 1086464 c:\windows\Installer\21a10c.msi
    + 2011-04-29 01:26 . 2011-04-29 01:26 3994624 c:\windows\Installer\1549cc.msp
    + 2011-04-29 01:26 . 2011-04-29 01:26 2426880 c:\windows\Installer\154992.msp
    + 2011-01-08 01:05 . 2011-01-08 01:05 4583936 c:\windows\Installer\13ca77.msp
    - 2012-04-09 02:07 . 2012-04-09 02:14 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
    + 2010-03-25 01:28 . 2010-03-25 01:28 1479520 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\XLICONS.EXE
    + 2010-02-18 02:56 . 2010-02-18 02:56 1199008 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\WKCONV.EXE
    + 2010-02-25 16:07 . 2010-02-25 16:07 2672456 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\VBE7.DLL
    + 2010-03-01 10:07 . 2010-03-01 10:07 2831768 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\STSLIST.DLL
    + 2010-03-11 05:44 . 2010-03-11 05:44 1100664 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\SETUP.EXE
    + 2010-02-28 07:14 . 2010-02-28 07:14 4520288 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\PROMO.EXE
    + 2010-03-25 01:28 . 2010-03-25 01:28 3792736 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\PPTICO.EXE
    + 2010-03-09 14:57 . 2010-03-09 14:57 9696616 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\PPCORE.DLL
    + 2010-03-09 14:57 . 2010-03-09 14:57 2162024 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\POWERPNT.EXE
    + 2010-03-11 05:44 . 2010-03-11 05:44 5789544 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OSETUP.DLL
    + 2010-03-30 13:29 . 2010-03-30 13:29 1177968 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONFILTER.DLL
    + 2010-03-30 13:29 . 2010-03-30 13:29 1676128 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONENOTE.EXE
    + 2010-01-10 02:24 . 2010-01-10 02:24 3483000 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OIMG.DLL
    + 2010-02-28 07:19 . 2010-02-28 07:19 7277440 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OFFOWC.DLL
    + 2010-03-30 13:36 . 2010-03-30 13:36 5496688 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\IPEDITOR.DLL
    + 2010-03-13 03:45 . 2010-03-13 03:45 4299648 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\GRAPH.EXE
    + 2010-03-01 10:08 . 2010-03-01 10:08 1746280 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\GFX.DLL
    + 2010-02-20 22:20 . 2010-02-20 22:20 1207144 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\FM20.DLL
    + 2010-01-19 01:59 . 2010-01-19 01:59 2182040 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ASSAPIFE.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 3049376 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEWDAT.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 2193800 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACECORE.DLL
  18. rwhite1954

    rwhite1954 Newcomer, in training Topic Starter Posts: 30

    Combofix Logs Part 4:
    ============================================================
    + 2012-04-12 00:36 . 2012-04-12 00:36 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\fb00cd7183b28470878a3b5687929a56\WindowsBase.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\80de3f9f56bed3e05ba97741905abddb\System.Windows.Forms.DataVisualization.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 2287104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\97b05378b616e023221f9c6072239168\System.Web.Services.ni.dll
    + 2012-04-12 00:42 . 2012-04-12 00:42 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll
    + 2012-04-12 00:42 . 2012-04-12 00:42 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll
    + 2012-04-12 00:42 . 2012-04-12 00:42 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\21c096f214db354198e2664473875f06\System.Printing.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 2303488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\9bcabb321026ee927401cbba73dff054\System.Drawing.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\90ec5a09a2329a45554d79e0fd9fbbee\System.Deployment.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 1498112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.OracleC#\f1e8508072fb84206550bc497dc5b49c\System.Data.OracleClient.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\45d4a9fa235f5658f8c9b89f6a4f691f\System.Activities.Presentation.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8ad595c3d0668d10777d8ce28b88cc7c\ReachFramework.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\cb31bfb24a52f83cf826c00979827ba6\PresentationUI.ni.dll
    + 2012-04-12 00:36 . 2012-04-12 00:36 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\6845c178054282fe6476fdfb0e9a9e6a\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5281ac494089700d1c72c16478ab3363\Microsoft.VisualBasic.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 1118208 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\b32c2fd04c465a5327c25ec5601ff932\Microsoft.Office.Tools.Common.Implementation.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 1070080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\363aac28351f0e2d17dca84f7532d8b1\Microsoft.Office.Tools.Word.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 2035200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\24d55a7a165e590f0760df6ebcad3616\Microsoft.Office.Tools.Excel.Implementation.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\1ce1e4d466ffb69c15da8cf0743aba85\Microsoft.Office.Tools.Word.Implementation.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 3820544 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\9f1c45888c7f1f15d04f30c9437f8bf2\Microsoft.Build.Tasks.v4.0.ni.dll
    + 2012-04-11 00:27 . 2012-04-11 00:27 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\0f5df23e9f268e9ff4c8033f9865a12a\UIAutomationClientsideProviders.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\acae13e8725a0a5da6dcda3e309cb9d2\System.Windows.Forms.DataVisualization.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1925632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b6139cfbdbdc57c3ff421204292f4041\System.Web.Services.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\90de8ba8101001c8845439cd5f9a76eb\System.Speech.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8c12f469cbd6b8d9718c64a4b2c96d47\System.ServiceModel.Activities.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\746651ce870c2f9cd43bc7246154f81a\System.ServiceModel.Discovery.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a14816d568ee8c7cc9f9923d979d682d\System.Runtime.Serialization.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d6b9e13a40ed53cfc10e04c023c62a49\System.Runtime.DurableInstancing.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\7175344bfab919484674d37de776a82f\System.Printing.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2a4589aeec877df58cbbcd633bc18fb6\System.IdentityModel.ni.dll
    + 2012-04-11 00:27 . 2012-04-11 00:27 1665536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6bd4a77663c0e708e0827be849906fdc\System.DirectoryServices.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d0ae88ebdc709e940fbd0c6bafcab13c\System.Deployment.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\4b28434c73ac4229c7ae7c4f0598e25f\System.Data.Services.Client.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\c8b5d26c88a0f00cfb079bf421298076\System.Data.OracleClient.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\7bbd2b637fbe2a5b17a16cd4fcc3c3ca\System.Activities.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\f4311e621d2bbf4de0d32bae765b1484\System.Activities.Presentation.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\819fccf9934ef29a6078d4accbf9ea0c\System.Activities.Core.Presentation.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:32 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\f4ab7bc19b981163de613143a1e1c997\ReachFramework.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3e896ba1c3cc8d62c267508dccd7aa5a\PresentationUI.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7511c9da502ed9c4e630a902d462cdef\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1f54c28f39e25b121c374480ad50d384\Microsoft.VisualBasic.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1ae1a98af2c7d3e68c7525bf1395fa61\Microsoft.VisualBasic.Activities.Compiler.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\fb09c8733a8ef9292079399b25d5d973\Microsoft.Transactions.Bridge.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 1117696 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\82515c0b97a390ceb0763b8f87986cc3\Microsoft.Office.Tools.Word.Implementation.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 1551872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\61c9c57fbd3ee915796a7c647dc9e5b3\Microsoft.Office.Tools.Excel.Implementation.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\8b1e797d9c7f5ef773c150e15b07a087\Microsoft.JScript.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\98d8d80f4b2d74cb4c5dc31483793bfb\Microsoft.Build.Tasks.v4.0.ni.dll
    + 2012-04-11 00:35 . 2012-04-11 00:35 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\d26e6d07c2e10bc55c2bfd2440ec14bc\System.Workflow.ComponentModel.ni.dll
    + 2012-04-11 00:35 . 2012-04-11 00:35 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\f044eaa5dc79454c4081bdbea81bf67e\System.Workflow.Activities.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\7e62d5f06809c96b0e957cc948d98d7c\System.Printing.ni.dll
    + 2012-04-11 00:33 . 2012-04-11 00:33 2317312 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\95d41ace5d8803b9318366ad5f0fbdff\System.Drawing.ni.dll
    + 2012-04-11 00:33 . 2012-04-11 00:33 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\7e705656ef1ee9078e0d51699d9e0858\System.Deployment.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\df3b4d20eaf81da80db9be811947e475\ReachFramework.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\8e76dcfa3f4676022f95437037c8ad51\PresentationUI.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 1875456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\ef37fe70c135b3e38caff59f13265ff8\Microsoft.Office.Tools.Excel.v9.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 1186304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\d4a618d9f5959f658a1892a007f96a04\Microsoft.Office.Tools.Word.v9.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 1093632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\631ae18fbb786ed963eac3080906a3cf\Microsoft.Office.Tools.Common.v9.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\88b7272ddb53920b927a7ef59fd3ad6a\Microsoft.MediaCenter.UI.ni.dll
    + 2012-04-11 00:32 . 2012-04-11 00:32 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6d2f8bad410dae6049507d7bc097a62d\System.Workflow.ComponentModel.ni.dll
    + 2012-04-11 00:32 . 2012-04-11 00:32 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\31fd6842b7ccb502dc2f5f11c1f991bd\System.Workflow.Activities.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0b27d6da6e6bc319c3805435b818c1e5\System.Printing.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 1590784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e45611cad86870a7011bb18b9e993861\System.Deployment.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\ffe872f5d03f8bf4d1e1aca71274aec4\ReachFramework.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\167ae650f54f5cd46c07329972f179ad\PresentationUI.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 1354752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\dbd0c24e7fefe5a2b5f1f86c3bef97a9\Microsoft.Office.Tools.Excel.v9.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 2430008 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant.Localization\6.0.1.1__a2352a4c73e11587\HP.SupportAssistant.Localization.dll
    + 2012-04-11 00:22 . 2012-02-28 01:52 12281856 c:\windows\SysWOW64\mshtml.dll
    - 2009-07-14 02:34 . 2012-04-09 00:53 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:34 . 2012-04-11 00:28 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2012-04-11 00:22 . 2012-02-28 07:34 17790976 c:\windows\system32\mshtml.dll
    + 2012-04-02 21:43 . 2012-04-11 00:19 57249312 c:\windows\system32\MRT.exe
    + 2012-04-11 00:22 . 2012-02-28 07:02 10888704 c:\windows\system32\ieframe.dll
    + 2012-04-02 01:01 . 2012-04-29 20:29 10016412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-329077410-4254268383-3766462361-1001-4096.dat
    + 2012-04-14 20:01 . 2012-04-14 20:01 47848756 c:\windows\Installer\b0d38.msi
    + 2011-10-27 03:45 . 2011-10-27 03:45 66426368 c:\windows\Installer\311460.msp
    + 2011-07-21 17:36 . 2011-07-21 17:36 66808320 c:\windows\Installer\3113ef.msp
    + 2011-06-20 04:28 . 2011-06-20 04:28 18457088 c:\windows\Installer\3113ab.msp
    + 2012-04-10 03:00 . 2012-04-10 03:00 20333056 c:\windows\Installer\31136f.msp
    + 2011-10-27 03:51 . 2011-10-27 03:51 16885760 c:\windows\Installer\31131f.msp
    + 2011-10-27 03:47 . 2011-10-27 03:47 10328064 c:\windows\Installer\3112e9.msp
    + 2011-10-27 03:49 . 2011-10-27 03:49 16245760 c:\windows\Installer\3112d7.msp
    + 2011-10-27 03:49 . 2011-10-27 03:49 10427392 c:\windows\Installer\3112c4.msp
    + 2011-10-27 03:46 . 2011-10-27 03:46 11580928 c:\windows\Installer\31128c.msp
    + 2011-10-22 20:21 . 2011-10-22 20:21 21515264 c:\windows\Installer\311267.msp
    + 2012-03-07 20:03 . 2012-03-07 20:03 23710208 c:\windows\Installer\29fdd1.msp
    + 2012-04-29 20:22 . 2012-04-29 20:22 10125824 c:\windows\Installer\21a148.msi
    + 2011-04-29 04:28 . 2011-04-29 04:28 16972800 c:\windows\Installer\154b0c.msp
    + 2011-04-29 04:28 . 2011-04-29 04:28 11056128 c:\windows\Installer\154b02.msp
    + 2011-04-29 01:34 . 2011-04-29 01:34 11155456 c:\windows\Installer\154af9.msp
    + 2011-04-29 01:27 . 2011-04-29 01:27 14467072 c:\windows\Installer\1549d9.msp
    + 2011-04-29 01:27 . 2011-04-29 01:27 13031936 c:\windows\Installer\1549bc.msp
    + 2010-03-13 05:50 . 2010-03-13 05:50 17800544 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\XL12CNV.EXE
    + 2010-03-13 05:05 . 2010-03-13 05:05 11121528 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OARTCONV.DLL
    + 2010-03-13 20:08 . 2010-03-13 20:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OART.DLL
    + 2010-03-23 01:36 . 2010-03-23 01:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSORES.DLL
    + 2010-03-13 19:53 . 2010-03-13 19:53 20753760 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\EXCEL.EXE
    + 2012-04-12 00:39 . 2012-04-12 00:39 17353728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\c80f2e11e938ed65b843f750add94b35\System.Windows.Forms.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 15762432 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\bf66e2b2a4dfefe1064dc172723b2cdd\System.Web.ni.dll
    + 2012-04-12 00:42 . 2012-04-12 00:42 24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 13314048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\8d8f7d5ddfee1cd87ca1396946aa18f7\System.Design.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 24407040 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\b93196152e384bd43b9abf1e20c8d067\PresentationFramework.ni.dll
    + 2012-04-12 00:36 . 2012-04-12 00:36 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\fc074b5198bd925a4f5b48403bba0e34\PresentationCore.ni.dll
    + 2012-04-11 00:27 . 2012-04-11 00:27 13197312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 12079616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\a0fb4bd3ae9ce574167ae3a79b7a1aa5\System.Web.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c43869b44f633a3ad003a0ad9e79b273\System.ServiceModel.ni.dll
    + 2012-04-11 00:27 . 2012-04-11 00:27 11021824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\cd7e0c408cc063860fbccce73bbc9c8d\System.Design.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b642a4ad94ff1e027a128b9796878372\System.Data.Entity.ni.dll
    + 2012-04-11 00:27 . 2012-04-11 00:27 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
    + 2012-04-11 00:27 . 2012-04-11 00:27 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
    + 2012-04-11 00:33 . 2012-04-11 00:33 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\3466442b4168ba11787961fcfd410adf\System.Windows.Forms.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\79c8a2e836c01784bb8e3e2d0ed26850\System.Web.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\552733f73f5483946cce9229b27bdcb2\System.Design.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\b87e4cff3eb13680c55a5f4ee9786b56\PresentationFramework.ni.dll
    + 2012-04-11 00:32 . 2012-04-11 00:32 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\1233412b58120995b639428b5e6d998e\PresentationCore.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
    + 2012-04-11 00:32 . 2012-04-11 00:32 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\846a51eb446bee41a26a6914a95e38cd\System.Design.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll
    + 2011-10-16 19:38 . 2011-10-16 19:38 100966912 c:\windows\Installer\31125f.msp
    + 2011-04-29 01:33 . 2011-04-29 01:33 425345024 c:\windows\Installer\154ae9.msp
    .
    -- Snapshot reset to current date --
    .
     
  19. rwhite1954

    rwhite1954 Newcomer, in training Topic Starter Posts: 30

    Combofix Logs Part 5:
    =================================================
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
    "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    .
    c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-02 1160824]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120427.001\IDSvia64.sys [2012-03-30 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-09 138360]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 01:28]
    .
    2012-04-14 c:\windows\Tasks\HPCeeScheduleForRyan.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-29 16:18:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-29 21:18
    ComboFix2.txt 2012-04-10 01:52
    .
    Pre-Run: 440,416,595,968 bytes free
    Post-Run: 440,262,610,944 bytes free
    .
    - - End Of File - - A07486E5F4ACD9A78D9CFFC04D39F174
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Let's take a look at this:

    Download aswMBRto your desktop.
    • Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan:
      [​IMG]
    • On completion of the scan click "Save log", save it to your desktop
    • Post in your next reply:
    [​IMG]

    This is not the same programs as the MBR Check.
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    5 days- no reply.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.