Inactive Svchost.exe trojan.agent malware removal help?

Status
Not open for further replies.
Try running the Error Check, then repeat the Bootkit scan. Yes, looks like the system dropped the _

We need to see if the 2 parts of the error check- scan and fix-will remedy the problem running the fix.bat:

ERROR: Can't write first sector of the disk.

The MBR is the very first sector of the hard disk; it contains an MBR Bootstrap ... for the disk partitioning software
=======================================
It seems we're getting conflicting results: MBS check show clean/okay. Bootkit Remover shows rootkit, followed be error message on attempt to fix. See if the Error Check can help with that sector, the go ahead and run this again:
Please download MBRCheck and save to your desktop
  • Double click on MBRCheck.exeto run.(Vista and Windows 7 users will have to confirm the UAC prompt)
  • It will show a Black screen with some information that will contain either the below line if no problem is found:
    [o] Done! Press ENTER to exit...
  • Or you will see more information like below if a problem is found:
    [o] Found non-standard or infected MBR.
    [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
  • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
  • Paste this log to your next message.
=========================================
We will continue based on the results of the Error Check and second MBR Check.

Please take Windows Updates off of the automatic setting while we're working. It's possible that the Windows Malicious program is reading the MBR problem from a location that has handled the problem, but scans don't recognize 'locations' and can report malware anywhere in the system.
 
MBR Check results

I turned Windows Update off, then ran MBR Check. Here's the results:
==========================================================

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 219):
0x02C0F000 \SystemRoot\system32\ntoskrnl.exe
0x031F7000 \SystemRoot\system32\hal.dll
0x00BCF000 \SystemRoot\system32\kdcom.dll
0x00C65000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C72000 \SystemRoot\system32\PSHED.dll
0x00C86000 \SystemRoot\system32\CLFS.SYS
0x00CE4000 \SystemRoot\system32\CI.dll
0x00EA4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F48000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F57000 \SystemRoot\system32\drivers\ACPI.sys
0x00FAE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FB7000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FC1000 \SystemRoot\system32\drivers\pci.sys
0x00E00000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
0x00E22000 \SystemRoot\system32\drivers\compbatt.sys
0x00E2B000 \SystemRoot\system32\drivers\BATTC.SYS
0x00E37000 \SystemRoot\system32\drivers\volmgr.sys
0x00DA4000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E4C000 \SystemRoot\system32\drivers\pciide.sys
0x00E53000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E63000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E7D000 \SystemRoot\system32\drivers\atapi.sys
0x00C00000 \SystemRoot\system32\drivers\ataport.SYS
0x00E86000 \SystemRoot\system32\drivers\msahci.sys
0x00C2A000 \SystemRoot\system32\DRIVERS\amd_sata.sys
0x01053000 \SystemRoot\system32\DRIVERS\storport.sys
0x010B6000 \SystemRoot\system32\DRIVERS\amd_xata.sys
0x010C4000 \SystemRoot\system32\drivers\amdxata.sys
0x010CF000 \SystemRoot\system32\drivers\fltmgr.sys
0x0111B000 \SystemRoot\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
0x0118C000 \SystemRoot\system32\drivers\fileinfo.sys
0x012A8000 \SystemRoot\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
0x0145B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138C000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x0141B000 \SystemRoot\System32\drivers\pcw.sys
0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01618000 \SystemRoot\system32\drivers\ndis.sys
0x0170B000 \SystemRoot\system32\drivers\NETIO.SYS
0x0176B000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0185A000 \SystemRoot\System32\drivers\tcpip.sys
0x01A5E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AA8000 \SystemRoot\system32\drivers\volsnap.sys
0x01AF4000 \SystemRoot\System32\Drivers\spldr.sys
0x01AFC000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B36000 \SystemRoot\System32\Drivers\mup.sys
0x01B48000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B51000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01B5B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B95000 \SystemRoot\system32\drivers\disk.sys
0x01BAB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x0182A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01BF3000 \SystemRoot\System32\Drivers\Null.SYS
0x01796000 \SystemRoot\System32\Drivers\Beep.SYS
0x0179D000 \SystemRoot\System32\drivers\vga.sys
0x017AB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x017D0000 \SystemRoot\System32\drivers\watchdog.sys
0x017E0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x017E9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x017F2000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01600000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01436000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01272000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0160B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02E35000 \SystemRoot\system32\drivers\afd.sys
0x02EBE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02F03000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02F0E000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F17000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F3D000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02F53000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F62000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02F7D000 \SystemRoot\system32\drivers\termdd.sys
0x02F91000 \SystemRoot\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS
0x011A0000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x02E00000 \SystemRoot\system32\drivers\N360x64\0502010.003\Ironx64.SYS
0x013EA000 \SystemRoot\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
0x01000000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01447000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01294000 \SystemRoot\system32\drivers\mssmbios.sys
0x0448C000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120413.001\IDSvia64.sys
0x04509000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04582000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x045A8000 \SystemRoot\System32\drivers\discache.sys
0x045B7000 \SystemRoot\System32\Drivers\dfsc.sys
0x045D5000 \SystemRoot\system32\drivers\blbdrive.sys
0x0422B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120402.001\BHDrvx64.sys
0x0434B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04371000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x04386000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04AA3000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0460B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x046FF000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04745000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04769000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05873000 \SystemRoot\system32\DRIVERS\netr28x.sys
0x059C3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05800000 \SystemRoot\system32\DRIVERS\RtsPStor.sys
0x053CA000 \SystemRoot\system32\DRIVERS\amdxhc.sys
0x05856000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05858000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x059D0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x059DD000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04A00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x059E8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x047D3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x047F1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05409000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05566000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05575000 \SystemRoot\system32\drivers\CmBatt.sys
0x0557A000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x05587000 \SystemRoot\system32\drivers\wmiacpi.sys
0x05590000 \SystemRoot\system32\drivers\CompositeBus.sys
0x055A0000 \SystemRoot\system32\DRIVERS\clwvd.sys
0x055A6000 \SystemRoot\system32\DRIVERS\ks.sys
0x055E9000 \SystemRoot\system32\drivers\ksthunk.sys
0x04A56000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04A6C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x055EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04400000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x043D5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04200000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0442F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x055FB000 \SystemRoot\system32\drivers\swenum.sys
0x04449000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x04A90000 \SystemRoot\system32\DRIVERS\circlass.sys
0x0445D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0446F000 \SystemRoot\system32\DRIVERS\amdhub30.sys
0x06A44000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x06A9E000 \SystemRoot\System32\Drivers\fastfat.SYS
0x06AD4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06AE9000 \SystemRoot\system32\drivers\AtihdW76.sys
0x06B09000 \SystemRoot\system32\drivers\portcls.sys
0x06B46000 \SystemRoot\system32\drivers\drmk.sys
0x06B68000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x06A00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06A1D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06A2B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06BEB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x043F0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x045E6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x070F6000 \SystemRoot\System32\Drivers\usbvideo.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x07124000 \SystemRoot\System32\drivers\Dxapi.sys
0x07172000 \SystemRoot\System32\Drivers\crashdmp.sys
0x07180000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x0718A000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
0x071A1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x071B4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00580000 \SystemRoot\System32\TSDDD.dll
0x00700000 \SystemRoot\System32\cdd.dll
0x00940000 \SystemRoot\System32\ATMFD.DLL
0x071C2000 \SystemRoot\system32\drivers\luafv.sys
0x07000000 \SystemRoot\system32\drivers\WudfPf.sys
0x07021000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x07032000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07063000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07078000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x070CB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x070DE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07E78000 \SystemRoot\system32\drivers\HTTP.sys
0x07F41000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07F5F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07F77000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07FA4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x09210000 \SystemRoot\system32\drivers\peauth.sys
0x092B6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x092C1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x092F2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x09304000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09679000 \SystemRoot\System32\DRIVERS\srv.sys
0x09711000 \SystemRoot\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
0x0A603000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120413.025\EX64.SYS
0x097D1000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120413.025\ENG64.SYS
0x097F1000 \??\C:\Windows\system32\drivers\mbam.sys
0x09600000 \SystemRoot\system32\drivers\spsys.sys
0x777A0000 \Windows\System32\ntdll.dll
0x47CF0000 \Windows\System32\smss.exe
0xFFAC0000 \Windows\System32\apisetschema.dll
0xFF080000 \Windows\System32\autochk.exe
0xFF9A0000 \Windows\System32\msctf.dll
0x77680000 \Windows\System32\kernel32.dll
0xFF980000 \Windows\System32\sechost.dll
0xFF950000 \Windows\System32\imm32.dll
0x77970000 \Windows\System32\normaliz.dll
0xFF740000 \Windows\System32\ole32.dll
0xFF610000 \Windows\System32\rpcrt4.dll
0xFF5A0000 \Windows\System32\gdi32.dll
0xFF500000 \Windows\System32\msvcrt.dll
0xFF430000 \Windows\System32\usp10.dll
0xFF420000 \Windows\System32\nsi.dll
0x77960000 \Windows\System32\psapi.dll
0x77520000 \Windows\System32\wininet.dll
0xFF340000 \Windows\System32\advapi32.dll
0xFF160000 \Windows\System32\setupapi.dll
0xFF140000 \Windows\System32\imagehlp.dll
0xFF0A0000 \Windows\System32\comdlg32.dll
0xFF000000 \Windows\System32\clbcatq.dll
0xFEFF0000 \Windows\System32\lpk.dll
0xFEFA0000 \Windows\System32\ws2_32.dll
0xFEEC0000 \Windows\System32\oleaut32.dll
0xFEE40000 \Windows\System32\difxapi.dll
0xFEDC0000 \Windows\System32\shlwapi.dll
0xFE030000 \Windows\System32\shell32.dll
0xFDFD0000 \Windows\System32\Wldap32.dll
0x77420000 \Windows\System32\user32.dll
0x772D0000 \Windows\System32\urlmon.dll
0x770C0000 \Windows\System32\iertutil.dll
0xFDE60000 \Windows\System32\crypt32.dll
0xFDDC0000 \Windows\System32\comctl32.dll
0xFDDA0000 \Windows\System32\devobj.dll
0xFDD30000 \Windows\System32\KernelBase.dll
0xFDCF0000 \Windows\System32\wintrust.dll
0xFDCB0000 \Windows\System32\cfgmgr32.dll
0xFDCA0000 \Windows\System32\msasn1.dll
0x77060000 \Windows\SysWOW64\normaliz.dll

Processes (total 88):
0 System Idle Process
4 System
308 C:\Windows\System32\smss.exe
452 csrss.exe
512 C:\Windows\System32\wininit.exe
544 csrss.exe
576 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
684 C:\Windows\System32\winlogon.exe
748 C:\Windows\System32\svchost.exe
812 C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
872 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\atiesrxx.exe
992 C:\Windows\System32\svchost.exe
264 C:\Windows\System32\svchost.exe
460 C:\Windows\System32\svchost.exe
408 C:\Program Files\IDT\WDM\stacsv64.exe
1052 C:\Windows\System32\audiodg.exe
1256 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\atieclxx.exe
1320 C:\Windows\System32\hpservice.exe
1404 WUDFHost.exe
1576 C:\Windows\System32\dwm.exe
1600 C:\Windows\explorer.exe
1612 C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
1692 C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
1772 C:\Windows\System32\svchost.exe
1892 C:\Windows\System32\spoolsv.exe
1904 C:\Windows\System32\taskhost.exe
1980 C:\Windows\System32\svchost.exe
2016 C:\Windows\System32\svchost.exe
1228 C:\Program Files\IDT\WDM\AESTSr64.exe
1348 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1656 C:\Windows\SysWOW64\ezSharedSvcHost.exe
2072 C:\Windows\System32\svchost.exe
2100 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
2132 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
2156 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2204 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
2244 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccsvchst.exe
2308 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
2348 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
2480 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2512 C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
2752 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1760 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccsvchst.exe
2972 WmiPrvSE.exe
3188 C:\Windows\System32\wbem\unsecapp.exe
3360 C:\Windows\System32\SearchIndexer.exe
3764 C:\Program Files\IDT\WDM\sttray64.exe
3772 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3836 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
4048 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4064 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
3276 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
1624 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3352 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4004 C:\Windows\System32\svchost.exe
3240 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4312 C:\Program Files\Windows Media Player\wmpnetwk.exe
4688 C:\Windows\System32\svchost.exe
4964 C:\Windows\System32\taskeng.exe
5000 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
4376 dllhost.exe
1100 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3940 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2216 C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
4884 C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
4372 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3440 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
1008 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
4980 C:\Windows\System32\sppsvc.exe
664 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
4992 C:\Windows\servicing\TrustedInstaller.exe
5020 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1096 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4220 C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
4084 C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
4040 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
5128 taskhost.exe
5580 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5024 C:\Windows\System32\SearchProtocolHost.exe
5856 C:\Windows\System32\SearchFilterHost.exe
5152 dllhost.exe
1480 dllhost.exe
6036 C:\Users\Ryan\Desktop\MBRCheck.exe
3304 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`2d200000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS547550A9E384, Rev: JE3OA50A

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
Error check?

I re-read your last post. You mentioned trying error-check and MBRCheck together? I realized I ran MBRCheck and posted results, but I'm not sure what you meant by running Error Check?

Fyi, after running MBRCheck and posting the results in my last post, I did run Bootkit remover again, and it still shows the rootkit message.

Not sure if I did something wrong or left out something when you said to try "Error Check", so figured I better sit tight and await further instruction.

I apologize for possibly misunderstanding what you wanted me to do.
 
There is site work going on and my internet is bouncing on and off. I've started this reply x4. If you don't mind, I'm going to wait until later to try again. In the meantime, go ahead with the Error Check.
 
You can do the Error Check from Command Prompt:
Using the Command Prompt should have been this: Start> Run> type in cmd> type in Chkdsk /f/r followed by a reboot. Chkdsk will start in a few seconds
 
Bobbye said:
You can do the Error Check from Command Prompt:
Using the Command Prompt should have been this: Start> Run> type in cmd> type in Chkdsk /f/r followed by a reboot. Chkdsk will start in a few seconds
Click to expand...

I ran Chkdsk. I was watching messages as it ran and it appeared to run successfully - with no bad sectors found, etc. After Chkdsk ran and system booted back up again, I ran MBR check. Here are those results:

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 181):
0x02C09000 \SystemRoot\system32\ntoskrnl.exe
0x031F1000 \SystemRoot\system32\hal.dll
0x00BB2000 \SystemRoot\system32\kdcom.dll
0x00C03000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C10000 \SystemRoot\system32\PSHED.dll
0x00C24000 \SystemRoot\system32\CLFS.SYS
0x00C82000 \SystemRoot\system32\CI.dll
0x00D42000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DE6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E4A000 \SystemRoot\system32\drivers\ACPI.sys
0x00EA1000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00EAA000 \SystemRoot\system32\drivers\msisadrv.sys
0x00EB4000 \SystemRoot\system32\drivers\pci.sys
0x00EE7000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EF4000 \SystemRoot\System32\drivers\partmgr.sys
0x00F09000 \SystemRoot\system32\drivers\compbatt.sys
0x00F12000 \SystemRoot\system32\drivers\BATTC.SYS
0x00F1E000 \SystemRoot\system32\drivers\volmgr.sys
0x00F33000 \SystemRoot\System32\drivers\volmgrx.sys
0x00F8F000 \SystemRoot\system32\drivers\pciide.sys
0x00F96000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FA6000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FC0000 \SystemRoot\system32\drivers\atapi.sys
0x00FC9000 \SystemRoot\system32\drivers\ataport.SYS
0x00FF3000 \SystemRoot\system32\drivers\msahci.sys
0x00E00000 \SystemRoot\system32\DRIVERS\amd_sata.sys
0x01082000 \SystemRoot\system32\DRIVERS\storport.sys
0x010E5000 \SystemRoot\system32\DRIVERS\amd_xata.sys
0x010F3000 \SystemRoot\system32\drivers\amdxata.sys
0x010FE000 \SystemRoot\system32\drivers\fltmgr.sys
0x0114A000 \SystemRoot\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
0x011BB000 \SystemRoot\system32\drivers\fileinfo.sys
0x01258000 \SystemRoot\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
0x0144C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0133C000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0141B000 \SystemRoot\System32\drivers\pcw.sys
0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016ED000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01898000 \SystemRoot\System32\drivers\tcpip.sys
0x01A9C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AE6000 \SystemRoot\system32\drivers\volsnap.sys
0x01B32000 \SystemRoot\System32\Drivers\spldr.sys
0x01B3A000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B74000 \SystemRoot\System32\Drivers\mup.sys
0x01B86000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B8F000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01B99000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BD3000 \SystemRoot\system32\drivers\disk.sys
0x01800000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x0168B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01872000 \SystemRoot\System32\Drivers\Null.SYS
0x0187B000 \SystemRoot\System32\Drivers\Beep.SYS
0x01882000 \SystemRoot\System32\drivers\vga.sys
0x016B5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01BE9000 \SystemRoot\System32\drivers\watchdog.sys
0x016DA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x016E3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x017E0000 \SystemRoot\system32\drivers\rdprefmp.sys
0x017E9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01436000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0139A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0425F000 \SystemRoot\system32\drivers\afd.sys
0x042E8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0432D000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x04338000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04341000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04367000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0437D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0438C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x043A7000 \SystemRoot\system32\drivers\termdd.sys
0x0408C000 \SystemRoot\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS
0x040F3000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x04129000 \SystemRoot\system32\drivers\N360x64\0502010.003\Ironx64.SYS
0x04156000 \SystemRoot\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
0x0416C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x041BD000 \SystemRoot\system32\drivers\nsiproxy.sys
0x041C9000 \SystemRoot\system32\drivers\mssmbios.sys
0x04000000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120413.001\IDSvia64.sys
0x04605000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x0467E000 \SystemRoot\System32\drivers\discache.sys
0x0468D000 \SystemRoot\System32\Drivers\dfsc.sys
0x046AB000 \SystemRoot\system32\drivers\blbdrive.sys
0x046BC000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120402.001\BHDrvx64.sys
0x041D4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x047DC000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x04200000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A75000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x05486000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0557A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x055C0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05400000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05875000 \SystemRoot\system32\DRIVERS\netr28x.sys
0x059C5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05800000 \SystemRoot\system32\DRIVERS\RtsPStor.sys
0x0539C000 \SystemRoot\system32\DRIVERS\amdxhc.sys
0x05856000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05858000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x05867000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x059D2000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04A00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x059DD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04A56000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x059EE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05A1B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05B78000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05B87000 \SystemRoot\system32\drivers\CmBatt.sys
0x05B8C000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x05B99000 \SystemRoot\system32\drivers\wmiacpi.sys
0x05BA2000 \SystemRoot\system32\drivers\CompositeBus.sys
0x05BB2000 \SystemRoot\system32\DRIVERS\clwvd.sys
0x05BB8000 \SystemRoot\system32\DRIVERS\ks.sys
0x05A00000 \SystemRoot\system32\drivers\ksthunk.sys
0x0546A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x053CD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05A06000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x043BB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x055E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x013BC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x013DD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05A12000 \SystemRoot\system32\drivers\swenum.sys
0x043EA000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x01200000 \SystemRoot\system32\DRIVERS\circlass.sys
0x01212000 \SystemRoot\system32\DRIVERS\umbus.sys
0x01224000 \SystemRoot\system32\DRIVERS\amdhub30.sys
0x06AB2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x06B0C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06B21000 \SystemRoot\system32\drivers\AtihdW76.sys
0x06B41000 \SystemRoot\system32\drivers\portcls.sys
0x06B7E000 \SystemRoot\system32\drivers\drmk.sys
0x06A00000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x06A83000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06AA0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06BA0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06BB9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06BC2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06BD0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x011CF000 \SystemRoot\System32\Drivers\usbvideo.sys
0x020E0000 \SystemRoot\System32\Drivers\fastfat.SYS
0x02116000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02124000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x0212E000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
0x02145000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x02158000 \SystemRoot\System32\drivers\Dxapi.sys
0x02164000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005C0000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x00990000 \SystemRoot\System32\ATMFD.DLL
0x02172000 \SystemRoot\system32\drivers\luafv.sys
0x02195000 \SystemRoot\system32\drivers\WudfPf.sys
0x021B6000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x021C7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x02000000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02015000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02068000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0207B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x088EF000 \SystemRoot\system32\drivers\HTTP.sys
0x089B8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x089D6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0882D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0887B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x09279000 \SystemRoot\system32\drivers\peauth.sys
0x0931F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0932A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0935B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0936D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x096E7000 \SystemRoot\System32\DRIVERS\srv.sys
0x09600000 \SystemRoot\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
0x09C06000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120413.025\EX64.SYS
0x096C0000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120413.025\ENG64.SYS
0x0977F000 \??\C:\Windows\system32\drivers\mbam.sys
0x09789000 \SystemRoot\system32\drivers\spsys.sys
0x77200000 \Windows\System32\ntdll.dll
0x48350000 \Windows\System32\smss.exe
0xFF520000 \Windows\System32\apisetschema.dll
Processes (total 83):
0 System Idle Process
4 System
300 C:\Windows\System32\smss.exe
464 csrss.exe
520 C:\Windows\System32\wininit.exe
556 csrss.exe
588 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
616 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\svchost.exe
776 C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
836 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\atiesrxx.exe
936 C:\Windows\System32\winlogon.exe
980 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
412 C:\Windows\System32\svchost.exe
460 C:\Program Files\IDT\WDM\stacsv64.exe
1052 C:\Windows\System32\audiodg.exe
1252 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\hpservice.exe
1324 C:\Windows\System32\atieclxx.exe
1412 WUDFHost.exe
1572 C:\Windows\System32\dwm.exe
1600 C:\Windows\explorer.exe
1612 C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
1688 C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
1796 C:\Windows\System32\svchost.exe
1932 C:\Program Files\IDT\WDM\sttray64.exe
1940 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2024 C:\Windows\System32\spoolsv.exe
1180 C:\Windows\System32\taskhost.exe
1520 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
2068 C:\Windows\System32\svchost.exe
2112 C:\Windows\System32\svchost.exe
2368 C:\Program Files\IDT\WDM\AESTSr64.exe
2396 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2432 C:\Windows\SysWOW64\ezSharedSvcHost.exe
2504 C:\Windows\System32\svchost.exe
2536 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
2620 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
2680 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
2736 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2744 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
2768 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
2776 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
2800 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccsvchst.exe
2820 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2892 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
2924 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
2996 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1148 C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
408 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccsvchst.exe
3420 WmiPrvSE.exe
3492 C:\Windows\System32\wbem\unsecapp.exe
3860 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3892 C:\Windows\System32\SearchIndexer.exe
3996 C:\Windows\System32\svchost.exe
4100 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4192 C:\Program Files\Windows Media Player\wmpnetwk.exe
4596 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4716 C:\Windows\System32\svchost.exe
4448 C:\Windows\System32\taskeng.exe
4572 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
3968 dllhost.exe
1080 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4852 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1332 C:\Windows\System32\taskeng.exe
4344 C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
1676 C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
192 WmiPrvSE.exe
5016 C:\Windows\System32\SearchProtocolHost.exe
4920 C:\Windows\System32\SearchFilterHost.exe
1316 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4560 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
2512 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
4444 C:\Windows\System32\sppsvc.exe
4116 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
2156 taskhost.exe
4224 dllhost.exe
4004 dllhost.exe
4520 C:\Users\Ryan\Desktop\MBRCheck.exe
4452 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`2d200000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS547550A9E384, Rev: JE3OA50A
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!
 
Try running the Error Check, then repeat the Bootkit scan. Yes, looks like the system dropped the _

We need to see if the 2 parts of the error check- scan and fix-will remedy the problem running the fix.bat:

ERROR: Can't write first sector of the disk.
The MBR is the very first sector of the hard disk; it contains an MBR Bootstrap ... for the disk partitioning software
Click to expand...
------------------------------------------------------
Run the Bootkit Remover again. The MBR check is clean.
 
Bobbye said:
------------------------------------------------------
Run the Bootkit Remover again. The MBR check is clean.
Click to expand...
I ran Bootkit Remover again. Appears we're at the same dilemma. Bootkit remover still showing the rootkit, and the fix.bat file showing that it can't write to the first sector. Results are posted below.

Should I try to rebuild the MBR from my recovery discs?

Also the Windows "Action Center" is displaying a message in the Systray that points to the following Microsoft KB article (and download) - http://support.microsoft.com/kb/2506014. Thought you might like to know that as well.

Here's the results of Bootkit Remover:
=====================================================================
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!
Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]

Done;
Press any key to quit...
===================================================
Here's the results of the Bootkit Remover fix.bat file run:
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
Restoring boot code at \\.\PhysicalDrive0...
ATA_Write(): DeviceIoControl() ERROR 1
ERROR: Can't write first sector of the disk.
Done;
Press any key to quit...
 
By Gorge, I think I found it!

Please go to VirSCAN.org FREE on-line scan service:
If busy, you can use one of the following: ( you only need one)
VirusTotal
Jotti

  • [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

    Code: 
    c:\windows\AxInstSV
    [2]. At the upload site, click once inside the window next to Browse.
    [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
    [4]. Click on the Upload button.
    This will perform a scan across multiple different virus scanning engines.
    Your file will possibly be entered into a queue which normally takes less than a minute to clear.
    Important: Wait for all of the scanning engines to complete.
    [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
    [6]. Paste the contents of the Clipboard in your next reply.
=====================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
DirLook::
c:\windows\AxInstSV
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
 
Edit: Removing quote of my directions

Sorry, I was away for a while and didn't have access to this computer :-(! I apologize for the period of non-responsiveness.

I tried the 3 VirScan links you had above. The first link didn't work, but I was able to access the other 2 (Jotti and VirusTotal). However, neither of these 2 allowed me to paste the "c:\windows\AxInstSV" path in the file box. I also couldn't type it in, either. The only option was to click "Browse" to select a file folder. If I tried to type in the "c:\windows\AxInstSV
" in the file folder box, it opened up to the AxInstSV folder, but the folder was empty, therefore no file was allowed to be selected. So, I don't have any logs from those virus scans. However, I'll go ahead and run the Combofix run with the CFScript you included and post the results after that run.

Sorry again for the period of inactivity!
 
combofix logs are too big to put into one post. Here's first part:
===================================================================
ComboFix 12-04-29.02 - Ryan 04/29/2012 15:41:11.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2240 [GMT -5:00]
Running from: c:\users\Ryan\Desktop\friday.exe
Command switches used :: c:\users\Ryan\Desktop\CFScript.txt
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 20:55 . 2012-04-29 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 01:28 . 2012-04-18 01:28 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-18 01:28 . 2012-04-18 01:28 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-14 20:01 . 2012-04-14 20:01 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-04-14 19:51 . 2012-04-14 19:51 -------- d-----w- C:\HP_TOOLS_mountHPSF
2012-04-11 00:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 00:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 00:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 00:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 00:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 00:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 00:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 02:03 . 2012-04-09 02:03 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-04-09 02:03 . 2012-04-09 02:03 -------- d-----w- c:\windows\SHELLNEW
2012-04-09 02:02 . 2012-04-14 19:45 -------- d-----w- c:\programdata\Microsoft Help
2012-04-09 02:01 . 2012-04-09 02:01 -------- d-----r- C:\MSOCache
2012-04-09 00:50 . 2012-04-09 00:51 -------- d--h--w- c:\windows\AxInstSV
2012-04-08 23:11 . 2012-04-08 23:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-02 21:34 . 2012-04-02 21:34 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-02 21:34 . 2012-04-02 21:34 -------- d-----w- c:\windows\system32\Wat
2012-04-02 13:12 . 2012-04-02 13:12 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-02 11:55 . 2012-04-02 11:55 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-04-02 11:46 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-04-02 02:14 . 2012-04-02 02:14 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-04-02 01:46 . 2012-04-02 01:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-02 01:43 . 2012-04-02 01:43 -------- d-----w- c:\program files (x86)\Java
2012-04-02 00:55 . 2012-04-02 00:55 -------- d-----w- c:\programdata\Malwarebytes
2012-04-02 00:55 . 2012-04-10 02:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-02 00:55 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 00:19 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-02 00:19 . 2012-04-02 00:19 -------- d-----w- c:\program files\Symantec
2012-04-02 00:19 . 2012-04-02 00:19 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-02 00:19 . 2012-04-02 00:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-02 00:19 . 2010-08-21 03:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-04-02 00:19 . 2010-08-21 03:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-04-02 00:18 . 2012-04-08 22:59 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-04-02 00:18 . 2012-04-02 00:18 -------- d-----w- c:\program files (x86)\Norton 360 Premier Edition
2012-04-02 00:14 . 2012-04-02 00:14 -------- d-----w- c:\programdata\PCSettings
2012-04-02 00:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-02 00:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-02 00:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-01 23:59 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-01 23:59 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-01 23:59 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-01 23:59 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-01 23:55 . 2012-04-14 20:07 -------- d-----w- c:\users\Ryan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 01:43 . 2011-08-30 01:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-01 23:57 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\AxInstSV ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-10_01.33.14 )))))))))))))))))))))))))))))))))))))))))
Edit: Reviewed and removed lengthy Snapshot.
.
 
Part 5 of Combofix logs:
=============================================================================
-- Snapshot reset to current date --
.Edit: Note: 4 full posts of lengthy Snapshot entries were reviewed and removed. Post have been deleted.





((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-02 1160824]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120427.001\IDSvia64.sys [2012-03-30 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-09 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 01:28]
.
2012-04-14 c:\windows\Tasks\HPCeeScheduleForRyan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-04-29 16:18:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-29 21:18
ComboFix2.txt 2012-04-10 01:52
.
Pre-Run: 440,416,595,968 bytes free
Post-Run: 440,262,610,944 bytes free
.
- - End Of File - - A07486E5F4ACD9A78D9CFFC04D39F174
 
Okay, these need to be removed:
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
Folder::
c:\windows\AxInstSV
c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
C:\TDSSKiller_Quarantine
 
Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
One more scan:
Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.
When scan has finished, you will see this image:
scan-finished.jpg

  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
If Mbam won't let you update, remove it and re-download and run.

If there are any remaining problems, this would be the time to tell me.
 
Here are Combofix logs from running the CFScript from your last post. Fyi, I also ran MalwareBytes full scan afterward and it came up clean. I'll post those results in a separate post as well. The system is running fine - with the only problem being MBRCheck continuing to report a rootkit in the MBR and BootKitRemover being unable to remove it.

I'm tempted to try to rebuild the master boot record manually per Microsoft instructions using the repair disks. Thoughts on that?

Combofix logs (Part 1 - too much content to post in one posting):
=============================================================================================
ComboFix 12-04-29.02 - Ryan 04/29/2012 15:41:11.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2240 [GMT -5:00]
Running from: c:\users\Ryan\Desktop\friday.exe
Command switches used :: c:\users\Ryan\Desktop\CFScript.txt
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 20:55 . 2012-04-29 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 01:28 . 2012-04-18 01:28 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-18 01:28 . 2012-04-18 01:28 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-14 20:01 . 2012-04-14 20:01 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-04-14 19:51 . 2012-04-14 19:51 -------- d-----w- C:\HP_TOOLS_mountHPSF
2012-04-11 00:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 00:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 00:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 00:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 00:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 00:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 00:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 02:03 . 2012-04-09 02:03 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-04-09 02:03 . 2012-04-09 02:03 -------- d-----w- c:\windows\SHELLNEW
2012-04-09 02:02 . 2012-04-14 19:45 -------- d-----w- c:\programdata\Microsoft Help
2012-04-09 02:01 . 2012-04-09 02:01 -------- d-----r- C:\MSOCache
2012-04-09 00:50 . 2012-04-09 00:51 -------- d--h--w- c:\windows\AxInstSV
2012-04-08 23:11 . 2012-04-08 23:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-02 21:34 . 2012-04-02 21:34 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-02 21:34 . 2012-04-02 21:34 -------- d-----w- c:\windows\system32\Wat
2012-04-02 13:12 . 2012-04-02 13:12 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-02 11:55 . 2012-04-02 11:55 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-04-02 11:46 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-04-02 02:14 . 2012-04-02 02:14 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-04-02 01:46 . 2012-04-02 01:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-02 01:43 . 2012-04-02 01:43 -------- d-----w- c:\program files (x86)\Java
2012-04-02 00:55 . 2012-04-02 00:55 -------- d-----w- c:\programdata\Malwarebytes
2012-04-02 00:55 . 2012-04-10 02:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-02 00:55 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 00:19 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-02 00:19 . 2012-04-02 00:19 -------- d-----w- c:\program files\Symantec
2012-04-02 00:19 . 2012-04-02 00:19 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-02 00:19 . 2012-04-02 00:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-02 00:19 . 2010-08-21 03:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-04-02 00:19 . 2010-08-21 03:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-04-02 00:18 . 2012-04-08 22:59 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-04-02 00:18 . 2012-04-02 00:18 -------- d-----w- c:\program files (x86)\Norton 360 Premier Edition
2012-04-02 00:14 . 2012-04-02 00:14 -------- d-----w- c:\programdata\PCSettings
2012-04-02 00:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-02 00:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-02 00:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-01 23:59 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-01 23:59 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-01 23:59 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-01 23:59 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-01 23:55 . 2012-04-14 20:07 -------- d-----w- c:\users\Ryan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 01:43 . 2011-08-30 01:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-01 23:57 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\AxInstSV ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-10_01.33.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-29 20:22 . 2011-07-08 18:37 14119 c:\windows\SysWOW64\RaCoInst.dat
+ 2012-04-11 00:22 . 2012-02-28 01:03 72704 c:\windows\SysWOW64\mshtmled.dll
- 2012-04-02 12:45 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-04-11 00:22 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-04-02 12:45 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-04-02 12:45 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-04-11 00:22 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2010-11-21 03:09 . 2012-04-29 20:32 41668 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-29 20:32 42312 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-03-18 16:36 . 2010-03-18 16:36 57168 c:\windows\system32\vcomp100.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 57168 c:\windows\system32\vcomp100.dll
+ 2012-04-29 20:22 . 2011-07-08 18:37 14119 c:\windows\system32\RaCoInst.dat
- 2012-04-02 12:45 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll
+ 2012-04-11 00:22 . 2012-02-28 06:43 96256 c:\windows\system32\mshtmled.dll
- 2012-04-02 12:45 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-04-11 00:22 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 91472 c:\windows\system32\mfcm100u.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 91472 c:\windows\system32\mfcm100u.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 91472 c:\windows\system32\mfcm100.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 91472 c:\windows\system32\mfcm100.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 60752 c:\windows\system32\mfc100rus.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 60752 c:\windows\system32\mfc100rus.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 43344 c:\windows\system32\mfc100kor.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 43344 c:\windows\system32\mfc100kor.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 43856 c:\windows\system32\mfc100jpn.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 43856 c:\windows\system32\mfc100jpn.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 62288 c:\windows\system32\mfc100ita.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 62288 c:\windows\system32\mfc100ita.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 64336 c:\windows\system32\mfc100fra.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 64336 c:\windows\system32\mfc100fra.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 63824 c:\windows\system32\mfc100esn.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 63824 c:\windows\system32\mfc100esn.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 55120 c:\windows\system32\mfc100enu.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 55120 c:\windows\system32\mfc100enu.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 64336 c:\windows\system32\mfc100deu.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 64336 c:\windows\system32\mfc100deu.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 36176 c:\windows\system32\mfc100cht.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 36176 c:\windows\system32\mfc100cht.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 36176 c:\windows\system32\mfc100chs.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 36176 c:\windows\system32\mfc100chs.dll
- 2012-04-02 12:45 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll
+ 2012-04-11 00:22 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll
- 2011-01-26 23:01 . 2011-01-26 23:01 30520 c:\windows\system32\hpservice.exe
+ 2011-05-27 16:20 . 2011-05-27 16:20 30520 c:\windows\system32\hpservice.exe
+ 2011-05-27 16:20 . 2011-05-27 16:20 17720 c:\windows\system32\HPMDPCoInst12.dll
- 2009-07-14 05:30 . 2012-04-02 22:51 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-04-29 20:27 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-10-15 15:13 . 2011-07-08 18:37 14119 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_c28e08a5df4ad1d6\RaCoInst.dat
+ 2011-03-07 17:49 . 2011-03-07 17:49 14051 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9f8280168b82547f\RaCoInst.dat
- 2011-10-15 15:13 . 2011-03-07 16:49 14051 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9f8280168b82547f\RaCoInst.dat
+ 2011-05-27 16:20 . 2011-05-27 16:20 30520 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\hpservice.exe
+ 2011-05-27 16:20 . 2011-05-27 16:20 17720 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\HPMDPCoInst12.dll
+ 2011-05-27 16:20 . 2011-05-27 16:20 30008 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\hpdskflt.sys
+ 2011-05-27 16:20 . 2011-05-27 16:20 20792 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\accelerometerdll.DLL
+ 2011-05-27 16:20 . 2011-05-27 16:20 43320 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\Accelerometer.sys
- 2011-01-26 23:01 . 2011-01-26 23:01 30008 c:\windows\system32\drivers\hpdskflt.sys
+ 2011-01-26 23:01 . 2011-05-27 16:20 30008 c:\windows\system32\drivers\hpdskflt.sys
+ 2011-05-27 16:20 . 2011-05-27 16:20 43320 c:\windows\system32\drivers\Accelerometer.sys
- 2011-01-26 23:01 . 2011-01-26 23:01 43320 c:\windows\system32\drivers\Accelerometer.sys
+ 2012-04-01 23:59 . 2012-04-29 19:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-01 23:59 . 2012-04-09 01:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-02 02:15 . 2012-04-29 19:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-04-02 02:15 . 2012-04-09 01:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 01:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-29 19:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-27 16:20 . 2011-05-27 16:20 20792 c:\windows\system32\accelerometerdll.DLL
- 2011-01-26 23:01 . 2011-01-26 23:01 20792 c:\windows\system32\accelerometerdll.DLL
+ 2009-07-14 04:46 . 2012-04-14 21:02 97496 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-04-02 13:19 . 2012-04-02 13:19 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 76200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 79776 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-02 13:19 . 2012-04-02 13:19 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 15208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 27528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.v4.0.Framework\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.v4.0.Framework.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 56184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 91512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-11 00:25 . 2012-04-11 00:25 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-11 00:25 . 2012-04-11 00:25 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-01-24 22:16 . 2011-01-24 22:16 14336 c:\windows\Installer\311337.msp
- 2012-04-09 02:07 . 2012-04-09 02:14 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-04-09 02:07 . 2012-04-14 19:44 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
- 2012-04-09 02:07 . 2012-04-09 02:14 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
+ 2012-04-09 02:07 . 2012-04-14 19:44 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
- 2012-04-09 02:07 . 2012-04-09 02:14 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-04-09 02:07 . 2012-04-14 19:44 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-08-30 01:33 . 2012-04-10 03:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2011-08-30 01:33 . 2011-08-30 01:33 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 98304 c:\windows\Installer\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\HPSF.exe2_2EBA634C3DB04BEC8765F065A06AB6AA.exe
+ 2012-04-14 20:03 . 2012-04-14 20:03 98304 c:\windows\Installer\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\HPSF.exe1_5321553C1DE9413FB5EC5DBF79DC538E.exe
+ 2012-04-14 20:03 . 2012-04-14 20:03 98304 c:\windows\Installer\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\HPSF.exe_01B09B243E324170B7925EAE4C76365E.exe
+ 2012-04-14 20:03 . 2012-04-14 20:03 98304 c:\windows\Installer\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\ARPPRODUCTICON.exe
+ 2012-04-14 20:04 . 2012-04-14 20:04 10134 c:\windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\ARPPRODUCTICON.exe
+ 2012-04-29 20:23 . 2012-04-29 20:23 90022 c:\windows\Installer\{28FE073B-1230-4BF6-830C-7434FD0C0069}\app_1.exe
+ 2010-02-25 16:07 . 2010-02-25 16:07 49488 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\VBAJET32.DLL
+ 2010-01-10 02:47 . 2010-01-10 02:47 29528 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\THOCRAPI.DLL
+ 2010-03-23 01:36 . 2010-03-23 01:36 82848 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\PEOPLEDATAHANDLER.DLL
+ 2010-03-23 01:36 . 2010-03-23 01:36 45984 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OSETUPPS.DLL
+ 2010-03-23 01:36 . 2010-03-23 01:36 15776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OMUOPTINPS.DLL
+ 2010-02-28 07:13 . 2010-02-28 07:13 20880 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MUOPTIN.DLL
+ 2010-03-01 10:17 . 2010-03-01 10:17 14736 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOCFUIU.DLL
+ 2010-01-11 00:48 . 2010-01-11 00:48 18832 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOCFU.DLL
+ 2010-03-23 01:36 . 2010-03-23 01:36 58232 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\EXP_XPS.DLL
+ 2010-03-23 01:51 . 2010-03-23 01:51 44480 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACERCLR.DLL
+ 2010-03-23 01:51 . 2010-03-23 01:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEODTXT.DLL
+ 2010-03-23 01:51 . 2010-03-23 01:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEODEXL.DLL
+ 2010-03-23 01:51 . 2010-03-23 01:51 14776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEODDBS.DLL
+ 2010-03-23 15:54 . 2010-03-23 15:54 37776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEERR.DLL
+ 2012-04-14 20:06 . 2010-10-27 18:28 11320 c:\windows\Help\OEM\Scripts\HPSARedirectorLauncher.exe
- 2010-10-27 18:28 . 2010-10-27 18:28 11320 c:\windows\Help\OEM\Scripts\HPSARedirectorLauncher.exe
+ 2012-04-14 20:06 . 2011-04-27 15:36 21048 c:\windows\Help\OEM\Scripts\checkMui.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\f137c53afae3903f20eba1fa0f8f8dad\System.Xml.Serialization.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ef151d5b49d8b0d0052d05fc56d25107\System.Windows.Presentation.ni.dll
+ 2012-04-12 00:38 . 2012-04-12 00:38 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c5b08a1a9a7a97922af50f30b5e32268\System.Web.ApplicationServices.ni.dll
+ 2012-04-12 00:40 . 2012-04-12 00:40 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5b53a87f7799ee5454e4fb8faece3a82\System.AddIn.Contract.ni.dll
+ 2012-04-12 00:36 . 2012-04-12 00:36 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 28160 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\6885348510555806f55825539f99691b\Microsoft.Office.Tools.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 55808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\1564c97d4494d51111c907058d8664e8\Microsoft.Office.Tools.v4.0.Framework.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe
+ 2012-04-12 00:34 . 2012-04-12 00:34 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\8dd565cc0b374e1eec73cf7eaba91e92\UIAutomationProvider.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\077e75015456f75a0495f65cfcf140cb\System.Windows.Presentation.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\22a9aa847a8e4e651a35b63270ce8999\System.Web.ApplicationServices.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fdeb5ca04943da59f732d3001d6a0df0\System.ServiceModel.Channels.ni.dll
+ 2012-04-12 00:32 . 2012-04-12 00:32 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\9688786618bf6390637c283b5bd1c9b3\System.AddIn.Contract.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\6ffc3ac04451b4978519218fd266403e\Microsoft.VisualC.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 45056 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\9d5e0f70ee77a55f1ce32fac3366ac38\Microsoft.Office.Tools.v4.0.Framework.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 21504 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\11b10e95e6c0b206ea453097cda58614\Microsoft.Office.Tools.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\8cbc15b63aa3f06453f1aaa8659cf809\Accessibility.ni.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 43520 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\d1f2d3b5e187e3bc12ec2522bb845392\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 84992 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\60011d8c51e32dffe9342397dabf4e5d\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 45056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5b75d5795521241fb2344a38cf42f295\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 86016 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\54372f6724e4b83e703b68a13bf72066\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 93696 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\1bfd71e2bb2110f637dadfdad19c6089\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
+ 2012-04-14 20:01 . 2012-04-14 20:01 86016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cfa1b9febc176c31040ee4df6e8ab1eb\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
+ 2012-04-14 20:01 . 2012-04-14 20:01 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cd2766ef74cee07c420507db80aed932\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll
+ 2012-04-14 20:01 . 2012-04-14 20:01 51712 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b63cd78bf6dd3e9df6dd1b3b8e550c03\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2012-04-14 20:01 . 2012-04-14 20:01 58368 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\625efeb26f5791302a0777b08feeae18\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll
+ 2012-04-14 20:01 . 2012-04-14 20:01 28160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\560af98e8232dfaa8f745112ed6b8be1\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll
+ 2012-04-14 20:01 . 2012-04-14 20:01 66560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0c7d30a3d4b7a03d5d150b40befb02fa\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.ni.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 83896 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 41408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 63408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 77752 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 23976 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 62392 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 32688 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 35256 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 24496 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 41408 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll
+ 2012-04-29 20:26 . 2012-04-29 20:26 91704 c:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 98872 c:\windows\assembly\GAC_MSIL\HP.SupportFramework.Logging\1.0.0.0__a5a013d267b3a679\HP.SupportFramework.Logging.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 22584 c:\windows\assembly\GAC_MSIL\HP.SupportFramework.Communicator\1.0.0.0__370cd15173f7ac8f\HP.SupportFramework.Communicator.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 13368 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant\6.0.1.1__ff8a51a3dda870ab\HP.SupportAssistant.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 25144 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant.ServiceManager\6.0.1.1__afd7346f05a57c11\HP.SupportAssistant.ServiceManager.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 74296 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant.Common\6.0.1.1__41bdec5abf54f6dc\HP.SupportAssistant.Common.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 36920 c:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
+ 2012-04-14 20:04 . 2012-04-14 20:04 36920 c:\windows\assembly\GAC_MSIL\HP.ActiveCheckLocalMode.SessionManager\1.1.0.0__87cc6405259abc0f\HP.ActiveCheckLocalMode.SessionManager.dll
+ 2012-04-14 20:04 . 2012-04-14 20:04 32312 c:\windows\assembly\GAC_MSIL\HP.ActiveCheckLocalMode.ServiceFacade\1.1.0.0__87cc6405259abc0f\HP.ActiveCheckLocalMode.ServiceFacade.dll
+ 2012-04-01 23:57 . 2012-04-29 20:32 5864 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-329077410-4254268383-3766462361-1001_UserData.bin
- 2012-04-10 01:32 . 2012-04-10 01:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-29 20:57 . 2012-04-29 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-10 01:32 . 2012-04-10 01:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-29 20:57 . 2012-04-29 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-29 20:26 . 2012-04-29 20:26 4608 c:\windows\Installer\21a180.msi
+ 2012-04-29 20:26 . 2012-04-29 20:26 8598 c:\windows\Installer\{5601F151-A69F-4E30-8C60-37928124CD07}\controlPanelIcon.exe
+ 2010-03-13 06:01 . 2010-03-13 06:01 9592 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\XLCALL32.DLL
- 2011-08-30 01:45 . 2006-09-29 21:28 4096 c:\windows\Help\OEM\Scripts\Interop.HelpPane.dll
+ 2012-04-14 20:06 . 2006-09-29 19:28 4096 c:\windows\Help\OEM\Scripts\Interop.HelpPane.dll
- 2011-08-30 01:45 . 2008-12-03 17:24 7168 c:\windows\Help\OEM\Scripts\HPHS_Launcher.exe
+ 2012-04-14 20:06 . 2008-12-03 15:24 7168 c:\windows\Help\OEM\Scripts\HPHS_Launcher.exe
+ 2012-04-12 00:34 . 2012-04-12 00:34 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\6bafe185b3d23de57ec689035642fe43\System.Xml.Serialization.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\592252ee904bd41f99cd1d19909b548c\dfsvc.ni.exe
+ 2012-04-11 00:22 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll
- 2012-04-02 12:45 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll
+ 2011-08-19 20:01 . 2011-08-19 20:01 768848 c:\windows\SysWOW64\msvcr100.dll
+ 2011-08-19 20:01 . 2011-08-19 20:01 421200 c:\windows\SysWOW64\msvcp100.dll
- 2010-11-09 22:20 . 2010-11-09 22:20 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2012-04-18 01:28 . 2012-04-18 01:28 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
+ 2012-04-18 01:28 . 2012-04-18 01:28 424608 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.dll
+ 2012-04-18 01:28 . 2012-04-18 01:28 253088 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-02 12:45 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-04-11 00:22 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-04-11 00:22 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll
- 2012-04-02 12:45 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-04-02 00:48 . 2012-04-20 02:04 257762 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2012-04-02 12:45 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll
+ 2012-04-11 00:22 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll
- 2011-10-15 15:13 . 2011-03-07 16:49 327008 c:\windows\system32\RaCoInstx.dll
+ 2011-10-15 15:13 . 2011-07-08 18:37 327008 c:\windows\system32\RaCoInstx.dll
+ 2009-07-14 02:36 . 2012-04-29 20:35 660318 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-09 22:03 660318 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-09 22:03 121214 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-29 20:35 121214 c:\windows\system32\perfc009.dat
+ 2011-01-07 20:02 . 2011-01-07 20:02 827728 c:\windows\system32\msvcr100.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 827728 c:\windows\system32\msvcr100.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 608080 c:\windows\system32\msvcp100.dll
+ 2012-04-11 00:22 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll
- 2012-04-02 12:45 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll
- 2012-04-02 12:45 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll
+ 2012-04-11 00:22 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll
- 2009-07-14 05:30 . 2012-04-02 22:51 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-04-29 20:27 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-04-29 20:26 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-04-02 22:51 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-10-15 15:13 . 2011-07-08 18:37 327008 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_c28e08a5df4ad1d6\RaCoInstx.dll
+ 2011-03-07 17:49 . 2011-03-07 17:49 327008 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9f8280168b82547f\RaCoInstx.dll
- 2011-10-15 15:13 . 2011-03-07 16:49 327008 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9f8280168b82547f\RaCoInstx.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 158536 c:\windows\system32\atl100.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 158536 c:\windows\system32\atl100.dll
+ 2011-10-15 15:36 . 2012-04-29 20:56 722808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-04-10 01:31 318112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-29 20:56 318112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-02 01:01 . 2012-04-10 01:31 918340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-329077410-4254268383-3766462361-1001-8192.dat
+ 2012-04-02 01:01 . 2012-04-29 19:42 918340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-329077410-4254268383-3766462361-1001-8192.dat
==========================================================================================
 
Combofix Logs Part 2:
========================================================================
+ 2012-01-21 22:40 . 2012-01-21 22:40 616216 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
+ 2012-04-10 23:52 . 2012-01-26 23:31 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-01-21 22:40 . 2012-01-21 22:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2012-04-10 23:52 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 397208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 133544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.Internal\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 201648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 163744 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 141688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 341392 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.Implementation.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 139672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.Implementation.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 171384 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 465304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.Implementation.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 357272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.Implementation.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 00:25 . 2012-04-11 00:25 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 00:25 . 2012-04-11 00:25 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-04-19 09:54 . 2011-04-19 09:54 227328 c:\windows\Installer\311432.msi
+ 2011-04-19 09:21 . 2011-04-19 09:21 235520 c:\windows\Installer\31142b.msi
+ 2011-06-20 04:33 . 2011-06-20 04:33 407552 c:\windows\Installer\311405.msp
+ 2011-10-27 04:23 . 2011-10-27 04:23 925696 c:\windows\Installer\311377.msp
+ 2011-10-27 03:46 . 2011-10-27 03:46 794112 c:\windows\Installer\31134d.msp
+ 2011-10-27 03:51 . 2011-10-27 03:51 592896 c:\windows\Installer\31132f.msp
+ 2011-08-22 04:19 . 2011-08-22 04:19 133120 c:\windows\Installer\311276.msp
+ 2012-02-09 12:27 . 2012-02-09 12:27 206848 c:\windows\Installer\29fde0.msp
+ 2012-03-21 10:58 . 2012-03-21 10:58 133120 c:\windows\Installer\29fd9d.msp
+ 2011-04-29 01:27 . 2011-04-29 01:27 608768 c:\windows\Installer\154af0.msp
+ 2012-04-29 20:20 . 2012-04-29 20:20 132754 c:\windows\Installer\{ED1BD69A-07E3-418C-91F1-D856582581BF}\_853F67D554F05449430E7E.exe
+ 2012-04-29 20:25 . 2012-04-29 20:25 132754 c:\windows\Installer\{E44578C7-4667-4124-8BC2-1161BCA54978}\_F69FB2DB3B6672BEBE0F60.exe
+ 2012-04-29 20:25 . 2012-04-29 20:25 132754 c:\windows\Installer\{E44578C7-4667-4124-8BC2-1161BCA54978}\_853F67D554F05449430E7E.exe
+ 2012-04-29 20:25 . 2012-04-29 20:25 132754 c:\windows\Installer\{E44578C7-4667-4124-8BC2-1161BCA54978}\_6CB6AAA874BF315617841D.exe
+ 2012-04-14 19:42 . 2012-04-14 19:42 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2012-04-09 02:12 . 2012-04-09 02:12 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2012-04-09 02:07 . 2012-04-14 19:44 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
- 2012-04-09 02:07 . 2012-04-09 02:14 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
+ 2012-04-09 02:07 . 2012-04-14 19:44 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
- 2012-04-09 02:07 . 2012-04-09 02:14 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-04-09 02:07 . 2012-04-14 19:44 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
- 2012-04-09 02:07 . 2012-04-09 02:14 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
+ 2012-04-09 02:07 . 2012-04-14 19:44 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
- 2012-04-09 02:07 . 2012-04-09 02:14 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-02-13 11:25 . 2010-02-13 11:25 128384 c:\windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\14.0.4763\FPLACE.DLL
+ 2010-02-28 08:13 . 2010-02-28 08:13 579968 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\VPREVIEW.EXE
+ 2010-01-10 02:47 . 2010-01-10 02:47 133512 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\TWCUTCHR.DLL
+ 2010-02-28 07:13 . 2010-02-28 07:13 521616 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\SELFCERT.EXE
+ 2010-02-28 09:41 . 2010-02-28 09:41 615800 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONWORDADDIN.DLL
+ 2010-02-28 09:41 . 2010-02-28 09:41 560512 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONPPTADDIN.DLL
+ 2010-03-30 01:26 . 2010-03-30 01:26 140144 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONENOTEMANAGED.DLL
+ 2010-03-30 01:26 . 2010-03-30 01:26 227712 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONENOTEM.EXE
+ 2010-02-28 09:41 . 2010-02-28 09:41 533368 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONBTTNWD.DLL
+ 2010-02-28 09:41 . 2010-02-28 09:41 533376 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONBTTNPPT.DLL
+ 2010-03-01 10:19 . 2010-03-01 10:19 697728 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONBTTNOL.DLL
+ 2010-02-28 07:21 . 2010-02-28 07:21 259960 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OISGRAPH.DLL
+ 2010-02-28 07:21 . 2010-02-28 07:21 886640 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OISAPP.DLL
+ 2010-02-28 07:21 . 2010-02-28 07:21 274280 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OIS.EXE
+ 2010-02-28 07:09 . 2010-02-28 07:09 401784 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OFFXML.DLL
+ 2010-03-11 05:44 . 2010-03-11 05:44 510904 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ODEPLOY.EXE
+ 2010-01-10 02:23 . 2010-01-10 02:23 169352 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OARPMANY.EXE
+ 2010-02-28 07:15 . 2010-02-28 07:15 702312 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSTORDB.EXE
+ 2010-03-30 02:47 . 2010-03-30 02:47 218464 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSPROOF6.DLL
+ 2010-03-16 07:58 . 2010-03-16 07:58 360824 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOUC.EXE
+ 2010-03-16 07:58 . 2010-03-16 07:58 718208 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOSYNC.EXE
+ 2010-03-25 01:28 . 2010-03-25 01:28 473952 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOICONS.EXE
+ 2010-03-06 10:29 . 2010-03-06 10:29 501088 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSODCW.DLL
+ 2010-03-01 10:17 . 2010-03-01 10:17 152952 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOCF.DLL
+ 2009-09-04 14:02 . 2009-09-04 14:02 591680 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSLID.DLL
+ 2010-03-25 01:28 . 2010-03-25 01:28 571232 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MISC.EXE
+ 2010-02-28 07:15 . 2010-02-28 07:15 698216 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MEDCAT.DLL
+ 2010-03-23 01:36 . 2010-03-23 01:36 178560 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\IETAG.DLL
+ 2010-02-28 09:41 . 2010-02-28 09:41 578472 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\IECONTENTSERVICE.EXE
+ 2010-02-04 09:41 . 2010-02-04 09:41 120160 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\FLTLDR.EXE
+ 2010-02-25 16:07 . 2010-02-25 16:07 452936 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\EXPSRV.DLL
+ 2010-03-23 16:03 . 2010-03-23 16:03 104824 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\EXP_PDF.DLL
+ 2010-02-28 07:09 . 2010-02-28 07:09 519584 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\DWTRIG20.EXE
+ 2010-03-01 10:18 . 2010-03-01 10:18 397656 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\CDLMSO.DLL
+ 2010-01-19 01:59 . 2010-01-19 01:59 998776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ASMAIN.DLL
+ 2010-01-19 01:59 . 2010-01-19 01:59 100280 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ASLTS.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 362904 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEXBE.DLL
+ 2010-03-23 15:54 . 2010-03-23 15:54 220560 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACETXT.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 527776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEREP.DLL
+ 2010-03-23 01:51 . 2010-03-23 01:51 329624 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACER3X.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 383904 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEOLEDB.DLL
+ 2010-03-23 01:51 . 2010-03-23 01:51 278448 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEODBC.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 643992 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEEXCL.DLL
+ 2010-03-23 15:54 . 2010-03-23 15:54 334752 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEEXCH.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 686504 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEES.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 548792 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEDAO.DLL
 
Combofix Logs Part 3:
===============================================================================
+ 2012-04-14 20:03 . 2012-04-14 20:03 877624 c:\windows\assembly\temp\41S0QPMMGF\HP.SupportFramework.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\3893bfa343bfd255531a743ffa660722\WindowsFormsIntegration.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll
+ 2012-04-12 00:37 . 2012-04-12 00:37 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 314880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.RegularE#\ebfbacf10670251b2db61f2cbca08af3\System.Web.RegularExpressions.ni.dll
+ 2012-04-12 00:37 . 2012-04-12 00:37 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\a38a67bfd6245b2f72eb918a57d37bcd\System.ServiceProcess.ni.dll
+ 2012-04-12 00:42 . 2012-04-12 00:42 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll
+ 2012-04-12 00:42 . 2012-04-12 00:42 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll
+ 2012-04-12 00:35 . 2012-04-12 00:35 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-04-12 00:38 . 2012-04-12 00:38 995328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\2da997f0d78859f06d72fcc61fc1a36f\System.Runtime.Remoting.ni.dll
+ 2012-04-12 00:38 . 2012-04-12 00:38 311296 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Cach#\c64bdda4c5b1008a50130456a416e688\System.Runtime.Caching.ni.dll
+ 2012-04-12 00:35 . 2012-04-12 00:35 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll
+ 2012-04-12 00:42 . 2012-04-12 00:42 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll
+ 2012-04-12 00:41 . 2012-04-12 00:41 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\cdf11c8e0679ce7ff91dc37c6e1b5545\System.Messaging.ni.dll
+ 2012-04-12 00:41 . 2012-04-12 00:41 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll
+ 2012-04-12 00:41 . 2012-04-12 00:41 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll
+ 2012-04-12 00:41 . 2012-04-12 00:41 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll
+ 2012-04-12 00:38 . 2012-04-12 00:38 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll
+ 2012-04-12 00:35 . 2012-04-12 00:35 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 292352 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\cb799cb414d94fdd0d6d0e73fb0c7032\System.Drawing.Design.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll
+ 2012-04-12 00:41 . 2012-04-12 00:41 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll
+ 2012-04-12 00:40 . 2012-04-12 00:40 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll
+ 2012-04-12 00:40 . 2012-04-12 00:40 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-04-12 00:40 . 2012-04-12 00:40 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll
+ 2012-04-12 00:40 . 2012-04-12 00:40 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe
+ 2012-04-12 00:37 . 2012-04-12 00:37 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll
+ 2012-04-12 00:37 . 2012-04-12 00:37 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll
+ 2012-04-12 00:37 . 2012-04-12 00:37 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll
+ 2012-04-12 00:37 . 2012-04-12 00:37 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll
+ 2012-04-12 00:37 . 2012-04-12 00:37 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 169984 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\c45a27e16f1710fbb5f9a1998d91ffc0\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 232960 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\c38c85ad0a6ea744ee4ca440adfebc4e\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 475136 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\b1e9a84a2436a463c35ded871dca6419\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 247808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\8cc272eda49bc1202de40a2691882fcc\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 864768 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\67278ab733f1baf4132ca4bf85cd5b60\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 992256 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\4c1b69eea40a1af64f8c4f833e367864\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
+ 2012-04-12 00:36 . 2012-04-12 00:36 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b6c591378ae5158071d63be3fb88ef37\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-12 00:35 . 2012-04-12 00:35 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 993280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\e124e073bbf4e06cb775df9d6b8b7979\Microsoft.Office.Tools.Excel.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 199680 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\952e3b13d0001f027a1c3f96e33d5c77\Microsoft.Office.Tools.Outlook.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\94906ec077cf7897d25d2c3659bc7dfe\Microsoft.Office.Tools.Common.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 408576 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7d87585ac27f3634bc84ac2e65c12bbc\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 851456 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Uti#\ef49e94c2b9e293e658979ba193686c7\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-04-12 00:38 . 2012-04-12 00:38 353792 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Fra#\f03be672b1993e4a2dee05f0c99cf27a\Microsoft.Build.Framework.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ebd99d5801192b27f605630e2665db37\WindowsFormsIntegration.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\9562374f940f41cdc64d88268d543f0b\UIAutomationTypes.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\641eec5b274fe3972d02892607f9b650\UIAutomationClient.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\0b68854406b775365c6d91e87813c2dc\System.Windows.Input.Manipulations.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\0613bd8bf52bb05610bc85ae9b950e9f\System.Web.RegularExpressions.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5e3cf00b80c0aecd8392f1702d2d0f28\System.Transactions.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9cabbb335fc6dff10392376707a4d0a2\System.ServiceProcess.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d3d9c582c7cd77f17fd93167dc462242\System.ServiceModel.Routing.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7b17528dffe47d9b17be6086a575a516\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 244736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\a89c27bacba019eeed438f67b8544b78\System.Runtime.Caching.ni.dll
+ 2012-04-12 00:33 . 2012-04-12 00:33 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\965e2749489298cc85387f44f76a40f2\System.Net.ni.dll
+ 2012-04-12 00:33 . 2012-04-12 00:33 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\621d2aae96fd06f9ccf66d335d7f1232\System.Messaging.ni.dll
+ 2012-04-12 00:33 . 2012-04-12 00:33 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\1bff2d3e952c2160ba0c790d2342a601\System.Management.Instrumentation.ni.dll
+ 2012-04-12 00:33 . 2012-04-12 00:33 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e6cb98078120266f5310adf0f45aa7df\System.IO.Log.ni.dll
+ 2012-04-12 00:33 . 2012-04-12 00:33 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\22dadf930ad449894633480562d6c913\System.IdentityModel.Selectors.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.Wrapper.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.ni.dll
+ 2012-04-11 00:27 . 2012-04-11 00:27 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\7f51b59dc6c39bbc00776c9204d7525d\System.Drawing.Design.ni.dll
+ 2012-04-12 00:33 . 2012-04-12 00:33 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e25cc7918b583b3beffcad52920eae29\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\a3be39ae9813098aa81430dd507d22ca\System.DirectoryServices.Protocols.ni.dll
+ 2012-04-12 00:33 . 2012-04-12 00:33 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4975f93d2055b33bd7a91d6f05628e2a\System.Device.ni.dll
+ 2012-04-12 00:32 . 2012-04-12 00:32 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\42d3d301d2adef24edeb3b775fbe3a4b\System.Data.DataSetExtensions.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\e844f0d4cf703c2e97515ed020331b76\System.Configuration.Install.ni.dll
+ 2012-04-12 00:32 . 2012-04-12 00:32 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\9b418b211d6207feafcdc27027d26036\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-04-12 00:32 . 2012-04-12 00:32 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\a4cfba8e3500f8387fe5924b940983be\System.AddIn.ni.dll
+ 2012-04-12 00:32 . 2012-04-12 00:32 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\520d0ed9f48c121fbe79bda6fc176b74\System.Activities.DurableInstancing.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\98ec8a39382e6eee39845bd4759ecf04\SMSvcHost.ni.exe
+ 2012-04-12 00:31 . 2012-04-12 00:31 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b905cdec5960d51e5bdc7030b005c09\SMDiagnostics.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 210432 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\c94b450a8c2f30439acc69a8823270df\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 708608 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\bea3115c4fb01ef5636cc104793d85c9\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 177152 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\95cc6c6d8a6966379f51dbc022bdeef6\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\4a71330988e21161159809690e690cc3\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 364544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\20da1f81376916a4f394f3c0781688d4\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 738304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\1917917be6c570244e250b28a9cb819f\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09237903b1f9e5c7a69a4995d85eaa35\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5958d9610eb58adb2b62153492a7c27e\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 152064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\e070443fc6be8a8f34f68fb6c9674494\Microsoft.Office.Tools.Outlook.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\ce50979942c411efd3323472dc2e6254\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 676864 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\cd38bbc2e82123234ae8fb6c05999af7\Microsoft.Office.Tools.Word.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 730624 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\92d8765edfd33f34e12da0b65c49f9c0\Microsoft.Office.Tools.Excel.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 336384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\59026dafb681def4fa70a4996bb79244\Microsoft.Office.Tools.Common.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 312320 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\4c535bf3606c143cdecd5195c596179a\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\861156abd2fbeb15a72e479fb140c9b9\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\03c15533eddd91753b86895c6bfd59aa\Microsoft.Build.Framework.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll
+ 2012-04-11 00:34 . 2012-04-11 00:34 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\2ea95f3113ace6c1adf4ab9f9fc4285e\System.ServiceProcess.ni.dll
+ 2012-04-11 00:34 . 2012-04-11 00:34 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a94125636875d06389922fcd86b7a615\System.Drawing.Design.ni.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 773120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\f62e745133fcb776cd05bc7a71e1fcfc\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 305664 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b4ca8eca3fb2b9e9eb4dcde40eca00b0\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 495616 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b45b8ce21d0fd161749b2de5bc7df56e\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 215040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b1e5be52d573d8203b7ee97196af0956\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 225280 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\841980c52ea05db8c1561ee8f396f19b\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 226304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\624a2b05e9289689e3ab48f2b5b892c6\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 226816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5e3dfcd0cf8a0c016d82a75b1dfcb601\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 956416 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5d5f9b6272e24579f25243fbe7304f45\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 777728 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\583db918d8c4155fab760bb05f4bebc8\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\1b07f538fe72210d0c2c8b2c55e7b8c0\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\193686cd8f2e68607e6906da98c910c6\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 270336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\17a38b3f6b386d8ae5bfac23a8862d1a\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 124928 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\02fb65084750031d3d1fce63bb3fef35\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 222208 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\a36614337f719e86f7448fa534bc4e3a\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\44eecde37d940c1c9aaebb700ae81ed5\Microsoft.Office.Tools.v9.0.ni.dll
+ 2012-04-11 00:32 . 2012-04-11 00:32 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll
+ 2012-04-11 00:32 . 2012-04-11 00:32 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b64b898fd099d1644a8673137ac56011\System.Drawing.Design.ni.dll
+ 2012-04-14 20:01 . 2012-04-14 20:01 134144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e4053ef7b971ae81468e7c398f9a0836\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 215040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a278c91a9f9d7c4ea7e1aaf0c290684a\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
+ 2012-04-14 20:01 . 2012-04-14 20:01 650752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9949ca42861385d6f9ed0057faa58027\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
+ 2012-04-14 20:01 . 2012-04-14 20:01 363008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\73a385d0a8e76c44988c813a93d626b3\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2012-04-14 20:01 . 2012-04-14 20:01 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\67a0b11d64fd1316376326b78f69e02a\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
+ 2012-04-14 20:01 . 2012-04-14 20:01 179200 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4ed816753c9fedb84dbc6de93744350b\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2012-04-14 20:01 . 2012-04-14 20:01 617472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1c085ee71c2b8e94aae910a39bc4a212\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2012-04-14 20:01 . 2012-04-14 20:01 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\035789f7c3aca166d18391af5349bbbb\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\01e71094136bf26bea62a21c69d5aa14\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 155648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\e9fe92f5ee79d406f7e98a12841e2861\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 816128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\773d5489dd158e1c72c2b8327c4cffd3\Microsoft.Office.Tools.Common.v9.0.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 854528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\667bce54a4a095320e5c3390e52e9693\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\564ee7c52ff064b953ca9fe02e0a2067\Microsoft.Office.Tools.v9.0.ni.dll
+ 2012-04-10 23:52 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 363936 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 193472 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll
+ 2012-04-14 19:44 . 2012-04-14 19:44 153008 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll
+ 2012-04-14 20:03 . 2012-04-29 19:55 877952 c:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 150584 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant.Engine\6.0.1.1__e1eab6ede003577a\HP.SupportAssistant.Engine.dll
+ 2012-04-29 20:26 . 2012-04-29 20:26 112696 c:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
- 2012-04-02 12:45 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-04-11 00:22 . 2012-02-28 01:11 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-04-11 00:22 . 2012-02-28 01:12 1103360 c:\windows\SysWOW64\urlmon.dll
- 2012-04-02 12:45 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-04-11 00:22 . 2012-03-06 05:59 3913072 c:\windows\SysWOW64\ntoskrnl.exe
+ 2012-04-11 00:22 . 2012-03-06 05:59 3968368 c:\windows\SysWOW64\ntkrnlpa.exe
- 2012-04-09 00:52 . 2011-11-19 14:50 3968368 c:\windows\SysWOW64\ntkrnlpa.exe
+ 2012-04-11 00:22 . 2012-02-28 01:18 1799168 c:\windows\SysWOW64\jscript9.dll
- 2012-04-02 12:45 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-04-11 00:22 . 2012-02-28 01:04 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-04-11 00:22 . 2012-02-28 01:27 9705984 c:\windows\SysWOW64\ieframe.dll
+ 2010-10-20 17:44 . 2010-10-20 17:44 1207656 c:\windows\SysWOW64\FM20.DLL
+ 2009-07-14 04:54 . 2012-04-17 22:46 1556480 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-09 00:55 1556480 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-17 22:46 3719168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 00:55 3719168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 00:55 1654784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-17 22:46 1654784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-11 00:22 . 2012-02-28 06:49 1390080 c:\windows\system32\wininet.dll
- 2012-04-02 12:45 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll
- 2012-04-02 12:45 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll
+ 2012-04-11 00:22 . 2012-02-28 06:50 1345536 c:\windows\system32\urlmon.dll
+ 2012-04-11 00:22 . 2012-03-06 06:53 5559152 c:\windows\system32\ntoskrnl.exe
- 2012-04-09 00:52 . 2011-11-19 15:20 5559152 c:\windows\system32\ntoskrnl.exe
+ 2011-01-07 20:02 . 2011-01-07 20:02 5523280 c:\windows\system32\mfc100u.dll
+ 2011-01-07 20:02 . 2011-01-07 20:02 5493576 c:\windows\system32\mfc100.dll
- 2010-03-18 16:36 . 2010-03-18 16:36 5493576 c:\windows\system32\mfc100.dll
+ 2012-04-11 00:22 . 2012-02-28 06:56 2311168 c:\windows\system32\jscript9.dll
+ 2012-04-11 00:22 . 2012-02-28 06:43 2144256 c:\windows\system32\iertutil.dll
- 2012-04-02 12:45 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll
+ 2011-10-15 15:13 . 2011-07-19 15:19 1492992 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_c28e08a5df4ad1d6\netr28x.sys
- 2011-10-15 15:13 . 2011-03-07 16:55 1353280 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9f8280168b82547f\netr28x.sys
+ 2011-03-07 17:55 . 2011-03-07 17:55 1353280 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9f8280168b82547f\netr28x.sys
+ 2011-10-15 15:13 . 2011-07-19 15:19 1492992 c:\windows\system32\drivers\netr28x.sys
- 2009-07-14 04:45 . 2012-04-09 02:16 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-04-14 20:12 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2012-04-02 13:19 . 2012-04-02 13:19 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-11 00:25 . 2012-04-11 00:25 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-11 00:25 . 2012-04-11 00:25 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-02 13:19 . 2012-04-02 13:19 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-11 00:26 . 2012-04-11 00:26 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-08-23 22:01 . 2011-08-23 22:01 3480576 c:\windows\Installer\b0d42.msi
+ 2011-11-18 23:52 . 2011-11-18 23:52 9183232 c:\windows\Installer\311479.msp
+ 2012-01-05 11:21 . 2012-01-05 11:21 4964864 c:\windows\Installer\311449.msp
+ 2011-03-18 00:20 . 2011-03-18 00:20 1961984 c:\windows\Installer\31141b.msp
+ 2011-07-21 17:34 . 2011-07-21 17:34 3456000 c:\windows\Installer\3113d7.msp
+ 2011-10-16 19:28 . 2011-10-16 19:28 1138688 c:\windows\Installer\3113c1.msp
+ 2011-07-21 17:45 . 2011-07-21 17:45 3809792 c:\windows\Installer\3113a3.msp
+ 2011-10-27 04:23 . 2011-10-27 04:23 8821760 c:\windows\Installer\31138d.msp
+ 2011-07-21 17:41 . 2011-07-21 17:41 8413696 c:\windows\Installer\311363.msp
+ 2011-10-27 03:46 . 2011-10-27 03:46 1833472 c:\windows\Installer\3112ff.msp
+ 2012-03-01 04:55 . 2012-03-01 04:55 3462656 c:\windows\Installer\3112b2.msp
+ 2011-04-16 13:44 . 2011-04-16 13:44 2770944 c:\windows\Installer\31129d.msi
+ 2011-08-22 04:18 . 2011-08-22 04:18 1585152 c:\windows\Installer\31126f.msp
+ 2012-01-22 15:20 . 2012-01-22 15:20 1707520 c:\windows\Installer\29fdea.msp
+ 2012-03-07 20:01 . 2012-03-07 20:01 1907712 c:\windows\Installer\29fdd8.msp
+ 2012-04-01 21:27 . 2012-04-01 21:27 3463168 c:\windows\Installer\29fdc9.msp
+ 2012-02-17 08:50 . 2012-02-17 08:50 1236480 c:\windows\Installer\29fdb3.msp
+ 2012-03-21 10:57 . 2012-03-21 10:57 1591808 c:\windows\Installer\29fd96.msp
+ 2012-04-29 20:24 . 2012-04-29 20:24 4314624 c:\windows\Installer\21a159.msi
+ 2012-04-29 20:19 . 2012-04-29 20:19 1086464 c:\windows\Installer\21a10c.msi
+ 2011-04-29 01:26 . 2011-04-29 01:26 3994624 c:\windows\Installer\1549cc.msp
+ 2011-04-29 01:26 . 2011-04-29 01:26 2426880 c:\windows\Installer\154992.msp
+ 2011-01-08 01:05 . 2011-01-08 01:05 4583936 c:\windows\Installer\13ca77.msp
- 2012-04-09 02:07 . 2012-04-09 02:14 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-04-09 02:07 . 2012-04-14 19:44 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
- 2012-04-09 02:07 . 2012-04-09 02:14 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-04-09 02:07 . 2012-04-14 19:44 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-04-09 02:07 . 2012-04-14 19:44 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
- 2012-04-09 02:07 . 2012-04-09 02:14 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
+ 2012-04-09 02:07 . 2012-04-14 19:44 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
+ 2012-04-09 02:07 . 2012-04-14 19:44 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
- 2012-04-09 02:07 . 2012-04-09 02:14 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-03-25 01:28 . 2010-03-25 01:28 1479520 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\XLICONS.EXE
+ 2010-02-18 02:56 . 2010-02-18 02:56 1199008 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\WKCONV.EXE
+ 2010-02-25 16:07 . 2010-02-25 16:07 2672456 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\VBE7.DLL
+ 2010-03-01 10:07 . 2010-03-01 10:07 2831768 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\STSLIST.DLL
+ 2010-03-11 05:44 . 2010-03-11 05:44 1100664 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\SETUP.EXE
+ 2010-02-28 07:14 . 2010-02-28 07:14 4520288 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\PROMO.EXE
+ 2010-03-25 01:28 . 2010-03-25 01:28 3792736 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\PPTICO.EXE
+ 2010-03-09 14:57 . 2010-03-09 14:57 9696616 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\PPCORE.DLL
+ 2010-03-09 14:57 . 2010-03-09 14:57 2162024 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\POWERPNT.EXE
+ 2010-03-11 05:44 . 2010-03-11 05:44 5789544 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OSETUP.DLL
+ 2010-03-30 13:29 . 2010-03-30 13:29 1177968 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONFILTER.DLL
+ 2010-03-30 13:29 . 2010-03-30 13:29 1676128 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONENOTE.EXE
+ 2010-01-10 02:24 . 2010-01-10 02:24 3483000 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OIMG.DLL
+ 2010-02-28 07:19 . 2010-02-28 07:19 7277440 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OFFOWC.DLL
+ 2010-03-30 13:36 . 2010-03-30 13:36 5496688 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\IPEDITOR.DLL
+ 2010-03-13 03:45 . 2010-03-13 03:45 4299648 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\GRAPH.EXE
+ 2010-03-01 10:08 . 2010-03-01 10:08 1746280 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\GFX.DLL
+ 2010-02-20 22:20 . 2010-02-20 22:20 1207144 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\FM20.DLL
+ 2010-01-19 01:59 . 2010-01-19 01:59 2182040 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ASSAPIFE.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 3049376 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEWDAT.DLL
+ 2010-03-23 15:55 . 2010-03-23 15:55 2193800 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACECORE.DLL
 
Combofix Logs Part 4:
============================================================
+ 2012-04-12 00:36 . 2012-04-12 00:36 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\fb00cd7183b28470878a3b5687929a56\WindowsBase.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll
+ 2012-04-12 00:35 . 2012-04-12 00:35 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll
+ 2012-04-12 00:37 . 2012-04-12 00:37 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\80de3f9f56bed3e05ba97741905abddb\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-04-12 00:38 . 2012-04-12 00:38 2287104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\97b05378b616e023221f9c6072239168\System.Web.Services.ni.dll
+ 2012-04-12 00:42 . 2012-04-12 00:42 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll
+ 2012-04-12 00:42 . 2012-04-12 00:42 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll
+ 2012-04-12 00:42 . 2012-04-12 00:42 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll
+ 2012-04-12 00:37 . 2012-04-12 00:37 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll
+ 2012-04-12 00:37 . 2012-04-12 00:37 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\21c096f214db354198e2664473875f06\System.Printing.ni.dll
+ 2012-04-12 00:41 . 2012-04-12 00:41 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll
+ 2012-04-12 00:41 . 2012-04-12 00:41 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll
+ 2012-04-12 00:38 . 2012-04-12 00:38 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll
+ 2012-04-12 00:37 . 2012-04-12 00:37 2303488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\9bcabb321026ee927401cbba73dff054\System.Drawing.ni.dll
+ 2012-04-12 00:41 . 2012-04-12 00:41 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-04-12 00:38 . 2012-04-12 00:38 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\90ec5a09a2329a45554d79e0fd9fbbee\System.Deployment.ni.dll
+ 2012-04-12 00:38 . 2012-04-12 00:38 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll
+ 2012-04-12 00:35 . 2012-04-12 00:35 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll
+ 2012-04-12 00:41 . 2012-04-12 00:41 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 1498112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.OracleC#\f1e8508072fb84206550bc497dc5b49c\System.Data.OracleClient.ni.dll
+ 2012-04-12 00:41 . 2012-04-12 00:41 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll
+ 2012-04-12 00:35 . 2012-04-12 00:35 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll
+ 2012-04-12 00:40 . 2012-04-12 00:40 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll
+ 2012-04-12 00:40 . 2012-04-12 00:40 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll
+ 2012-04-12 00:40 . 2012-04-12 00:40 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\45d4a9fa235f5658f8c9b89f6a4f691f\System.Activities.Presentation.ni.dll
+ 2012-04-12 00:40 . 2012-04-12 00:40 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll
+ 2012-04-12 00:40 . 2012-04-12 00:40 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8ad595c3d0668d10777d8ce28b88cc7c\ReachFramework.ni.dll
+ 2012-04-12 00:37 . 2012-04-12 00:37 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\cb31bfb24a52f83cf826c00979827ba6\PresentationUI.ni.dll
+ 2012-04-12 00:36 . 2012-04-12 00:36 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\6845c178054282fe6476fdfb0e9a9e6a\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-04-12 00:35 . 2012-04-12 00:35 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5281ac494089700d1c72c16478ab3363\Microsoft.VisualBasic.ni.dll
+ 2012-04-12 00:35 . 2012-04-12 00:35 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-04-12 00:35 . 2012-04-12 00:35 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 1118208 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\b32c2fd04c465a5327c25ec5601ff932\Microsoft.Office.Tools.Common.Implementation.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 1070080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\363aac28351f0e2d17dca84f7532d8b1\Microsoft.Office.Tools.Word.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 2035200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\24d55a7a165e590f0760df6ebcad3616\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2012-04-14 20:02 . 2012-04-14 20:02 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\1ce1e4d466ffb69c15da8cf0743aba85\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2012-04-12 00:41 . 2012-04-12 00:41 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll
+ 2012-04-12 00:35 . 2012-04-12 00:35 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 3820544 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\9f1c45888c7f1f15d04f30c9437f8bf2\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-04-11 00:27 . 2012-04-11 00:27 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\0f5df23e9f268e9ff4c8033f9865a12a\UIAutomationClientsideProviders.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\acae13e8725a0a5da6dcda3e309cb9d2\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 1925632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b6139cfbdbdc57c3ff421204292f4041\System.Web.Services.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\90de8ba8101001c8845439cd5f9a76eb\System.Speech.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8c12f469cbd6b8d9718c64a4b2c96d47\System.ServiceModel.Activities.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\746651ce870c2f9cd43bc7246154f81a\System.ServiceModel.Discovery.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a14816d568ee8c7cc9f9923d979d682d\System.Runtime.Serialization.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d6b9e13a40ed53cfc10e04c023c62a49\System.Runtime.DurableInstancing.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\7175344bfab919484674d37de776a82f\System.Printing.ni.dll
+ 2012-04-12 00:33 . 2012-04-12 00:33 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
+ 2012-04-12 00:33 . 2012-04-12 00:33 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2a4589aeec877df58cbbcd633bc18fb6\System.IdentityModel.ni.dll
+ 2012-04-11 00:27 . 2012-04-11 00:27 1665536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6bd4a77663c0e708e0827be849906fdc\System.DirectoryServices.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d0ae88ebdc709e940fbd0c6bafcab13c\System.Deployment.ni.dll
+ 2012-04-12 00:33 . 2012-04-12 00:33 1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\4b28434c73ac4229c7ae7c4f0598e25f\System.Data.Services.Client.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\c8b5d26c88a0f00cfb079bf421298076\System.Data.OracleClient.ni.dll
+ 2012-04-12 00:32 . 2012-04-12 00:32 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\7bbd2b637fbe2a5b17a16cd4fcc3c3ca\System.Activities.ni.dll
+ 2012-04-12 00:32 . 2012-04-12 00:32 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\f4311e621d2bbf4de0d32bae765b1484\System.Activities.Presentation.ni.dll
+ 2012-04-12 00:32 . 2012-04-12 00:32 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\819fccf9934ef29a6078d4accbf9ea0c\System.Activities.Core.Presentation.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:32 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\f4ab7bc19b981163de613143a1e1c997\ReachFramework.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3e896ba1c3cc8d62c267508dccd7aa5a\PresentationUI.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7511c9da502ed9c4e630a902d462cdef\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1f54c28f39e25b121c374480ad50d384\Microsoft.VisualBasic.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1ae1a98af2c7d3e68c7525bf1395fa61\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\fb09c8733a8ef9292079399b25d5d973\Microsoft.Transactions.Bridge.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 1117696 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\82515c0b97a390ceb0763b8f87986cc3\Microsoft.Office.Tools.Word.Implementation.ni.dll
+ 2012-04-14 20:00 . 2012-04-14 20:00 1551872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\61c9c57fbd3ee915796a7c647dc9e5b3\Microsoft.Office.Tools.Excel.Implementation.ni.dll
+ 2012-04-12 00:33 . 2012-04-12 00:33 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\8b1e797d9c7f5ef773c150e15b07a087\Microsoft.JScript.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\98d8d80f4b2d74cb4c5dc31483793bfb\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-04-11 00:35 . 2012-04-11 00:35 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\d26e6d07c2e10bc55c2bfd2440ec14bc\System.Workflow.ComponentModel.ni.dll
+ 2012-04-11 00:35 . 2012-04-11 00:35 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\f044eaa5dc79454c4081bdbea81bf67e\System.Workflow.Activities.ni.dll
+ 2012-04-11 00:34 . 2012-04-11 00:34 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\7e62d5f06809c96b0e957cc948d98d7c\System.Printing.ni.dll
+ 2012-04-11 00:33 . 2012-04-11 00:33 2317312 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\95d41ace5d8803b9318366ad5f0fbdff\System.Drawing.ni.dll
+ 2012-04-11 00:33 . 2012-04-11 00:33 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\7e705656ef1ee9078e0d51699d9e0858\System.Deployment.ni.dll
+ 2012-04-11 00:34 . 2012-04-11 00:34 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\df3b4d20eaf81da80db9be811947e475\ReachFramework.ni.dll
+ 2012-04-11 00:34 . 2012-04-11 00:34 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\8e76dcfa3f4676022f95437037c8ad51\PresentationUI.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 1875456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\ef37fe70c135b3e38caff59f13265ff8\Microsoft.Office.Tools.Excel.v9.0.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 1186304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\d4a618d9f5959f658a1892a007f96a04\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 1093632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\631ae18fbb786ed963eac3080906a3cf\Microsoft.Office.Tools.Common.v9.0.ni.dll
+ 2012-04-12 00:43 . 2012-04-12 00:43 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\88b7272ddb53920b927a7ef59fd3ad6a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-04-11 00:32 . 2012-04-11 00:32 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6d2f8bad410dae6049507d7bc097a62d\System.Workflow.ComponentModel.ni.dll
+ 2012-04-11 00:32 . 2012-04-11 00:32 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\31fd6842b7ccb502dc2f5f11c1f991bd\System.Workflow.Activities.ni.dll
+ 2012-04-11 00:31 . 2012-04-11 00:31 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0b27d6da6e6bc319c3805435b818c1e5\System.Printing.ni.dll
+ 2012-04-11 00:31 . 2012-04-11 00:31 1590784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
+ 2012-04-11 00:31 . 2012-04-11 00:31 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e45611cad86870a7011bb18b9e993861\System.Deployment.ni.dll
+ 2012-04-11 00:31 . 2012-04-11 00:31 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\ffe872f5d03f8bf4d1e1aca71274aec4\ReachFramework.ni.dll
+ 2012-04-11 00:31 . 2012-04-11 00:31 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\167ae650f54f5cd46c07329972f179ad\PresentationUI.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 1354752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\dbd0c24e7fefe5a2b5f1f86c3bef97a9\Microsoft.Office.Tools.Excel.v9.0.ni.dll
+ 2012-04-14 20:03 . 2012-04-14 20:03 2430008 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant.Localization\6.0.1.1__a2352a4c73e11587\HP.SupportAssistant.Localization.dll
+ 2012-04-11 00:22 . 2012-02-28 01:52 12281856 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2012-04-09 00:53 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-04-11 00:28 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-04-11 00:22 . 2012-02-28 07:34 17790976 c:\windows\system32\mshtml.dll
+ 2012-04-02 21:43 . 2012-04-11 00:19 57249312 c:\windows\system32\MRT.exe
+ 2012-04-11 00:22 . 2012-02-28 07:02 10888704 c:\windows\system32\ieframe.dll
+ 2012-04-02 01:01 . 2012-04-29 20:29 10016412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-329077410-4254268383-3766462361-1001-4096.dat
+ 2012-04-14 20:01 . 2012-04-14 20:01 47848756 c:\windows\Installer\b0d38.msi
+ 2011-10-27 03:45 . 2011-10-27 03:45 66426368 c:\windows\Installer\311460.msp
+ 2011-07-21 17:36 . 2011-07-21 17:36 66808320 c:\windows\Installer\3113ef.msp
+ 2011-06-20 04:28 . 2011-06-20 04:28 18457088 c:\windows\Installer\3113ab.msp
+ 2012-04-10 03:00 . 2012-04-10 03:00 20333056 c:\windows\Installer\31136f.msp
+ 2011-10-27 03:51 . 2011-10-27 03:51 16885760 c:\windows\Installer\31131f.msp
+ 2011-10-27 03:47 . 2011-10-27 03:47 10328064 c:\windows\Installer\3112e9.msp
+ 2011-10-27 03:49 . 2011-10-27 03:49 16245760 c:\windows\Installer\3112d7.msp
+ 2011-10-27 03:49 . 2011-10-27 03:49 10427392 c:\windows\Installer\3112c4.msp
+ 2011-10-27 03:46 . 2011-10-27 03:46 11580928 c:\windows\Installer\31128c.msp
+ 2011-10-22 20:21 . 2011-10-22 20:21 21515264 c:\windows\Installer\311267.msp
+ 2012-03-07 20:03 . 2012-03-07 20:03 23710208 c:\windows\Installer\29fdd1.msp
+ 2012-04-29 20:22 . 2012-04-29 20:22 10125824 c:\windows\Installer\21a148.msi
+ 2011-04-29 04:28 . 2011-04-29 04:28 16972800 c:\windows\Installer\154b0c.msp
+ 2011-04-29 04:28 . 2011-04-29 04:28 11056128 c:\windows\Installer\154b02.msp
+ 2011-04-29 01:34 . 2011-04-29 01:34 11155456 c:\windows\Installer\154af9.msp
+ 2011-04-29 01:27 . 2011-04-29 01:27 14467072 c:\windows\Installer\1549d9.msp
+ 2011-04-29 01:27 . 2011-04-29 01:27 13031936 c:\windows\Installer\1549bc.msp
+ 2010-03-13 05:50 . 2010-03-13 05:50 17800544 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\XL12CNV.EXE
+ 2010-03-13 05:05 . 2010-03-13 05:05 11121528 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OARTCONV.DLL
+ 2010-03-13 20:08 . 2010-03-13 20:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OART.DLL
+ 2010-03-23 01:36 . 2010-03-23 01:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSORES.DLL
+ 2010-03-13 19:53 . 2010-03-13 19:53 20753760 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\EXCEL.EXE
+ 2012-04-12 00:39 . 2012-04-12 00:39 17353728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\c80f2e11e938ed65b843f750add94b35\System.Windows.Forms.ni.dll
+ 2012-04-12 00:38 . 2012-04-12 00:38 15762432 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\bf66e2b2a4dfefe1064dc172723b2cdd\System.Web.ni.dll
+ 2012-04-12 00:42 . 2012-04-12 00:42 24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll
+ 2012-04-12 00:39 . 2012-04-12 00:39 13314048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\8d8f7d5ddfee1cd87ca1396946aa18f7\System.Design.ni.dll
+ 2012-04-12 00:41 . 2012-04-12 00:41 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll
+ 2012-04-12 00:35 . 2012-04-12 00:35 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll
+ 2012-04-12 00:37 . 2012-04-12 00:37 24407040 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\b93196152e384bd43b9abf1e20c8d067\PresentationFramework.ni.dll
+ 2012-04-12 00:36 . 2012-04-12 00:36 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\fc074b5198bd925a4f5b48403bba0e34\PresentationCore.ni.dll
+ 2012-04-11 00:27 . 2012-04-11 00:27 13197312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
+ 2012-04-12 00:31 . 2012-04-12 00:31 12079616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\a0fb4bd3ae9ce574167ae3a79b7a1aa5\System.Web.ni.dll
+ 2012-04-12 00:34 . 2012-04-12 00:34 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c43869b44f633a3ad003a0ad9e79b273\System.ServiceModel.ni.dll
+ 2012-04-11 00:27 . 2012-04-11 00:27 11021824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\cd7e0c408cc063860fbccce73bbc9c8d\System.Design.ni.dll
+ 2012-04-12 00:33 . 2012-04-12 00:33 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b642a4ad94ff1e027a128b9796878372\System.Data.Entity.ni.dll
+ 2012-04-11 00:27 . 2012-04-11 00:27 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
+ 2012-04-11 00:27 . 2012-04-11 00:27 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
+ 2012-04-11 00:33 . 2012-04-11 00:33 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\3466442b4168ba11787961fcfd410adf\System.Windows.Forms.ni.dll
+ 2012-04-11 00:34 . 2012-04-11 00:34 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\79c8a2e836c01784bb8e3e2d0ed26850\System.Web.ni.dll
+ 2012-04-11 00:34 . 2012-04-11 00:34 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\552733f73f5483946cce9229b27bdcb2\System.Design.ni.dll
+ 2012-04-11 00:34 . 2012-04-11 00:34 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\b87e4cff3eb13680c55a5f4ee9786b56\PresentationFramework.ni.dll
+ 2012-04-11 00:32 . 2012-04-11 00:32 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\1233412b58120995b639428b5e6d998e\PresentationCore.ni.dll
+ 2012-04-11 00:31 . 2012-04-11 00:31 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
+ 2012-04-11 00:31 . 2012-04-11 00:31 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
+ 2012-04-11 00:32 . 2012-04-11 00:32 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\846a51eb446bee41a26a6914a95e38cd\System.Design.ni.dll
+ 2012-04-11 00:31 . 2012-04-11 00:31 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll
+ 2012-04-11 00:31 . 2012-04-11 00:31 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll
+ 2011-10-16 19:38 . 2011-10-16 19:38 100966912 c:\windows\Installer\31125f.msp
+ 2011-04-29 01:33 . 2011-04-29 01:33 425345024 c:\windows\Installer\154ae9.msp
.
-- Snapshot reset to current date --
.
 
Combofix Logs Part 5:
=================================================
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-02 1160824]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120427.001\IDSvia64.sys [2012-03-30 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-09 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 01:28]
.
2012-04-14 c:\windows\Tasks\HPCeeScheduleForRyan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-04-29 16:18:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-29 21:18
ComboFix2.txt 2012-04-10 01:52
.
Pre-Run: 440,416,595,968 bytes free
Post-Run: 440,262,610,944 bytes free
.
- - End Of File - - A07486E5F4ACD9A78D9CFFC04D39F174
 
Let's take a look at this:

Download aswMBRto your desktop.
  • Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan:
    p4477038.gif
  • On completion of the scan click "Save log", save it to your desktop
  • Post in your next reply:
p4477039.gif


This is not the same programs as the MBR Check.
 
Status
Not open for further replies.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
Z
The Windows Photos app gets new AI object removal feature
Replies
2
Views
208
erickmendes
erickmendes
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back