also @ TechSpot: 'Supercapacitor' could fully charge your phone in less than 30 seconds

Svchost.exe trojan.agent malware removal help?

Discussion in 'Virus and Malware Removal' started by rwhite1954, Apr 2, 2012.

Page 3 of 3

  1. rwhite1954 Newcomer, in training Posts: 30

    Combofix Logs Part 2:
    ========================================================================
    + 2012-01-21 22:40 . 2012-01-21 22:40 616216 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
    + 2012-04-10 23:52 . 2012-01-26 23:31 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
    + 2012-01-21 22:40 . 2012-01-21 22:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
    + 2012-04-10 23:52 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 397208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 133544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.Internal\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 201648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 163744 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 141688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 341392 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.Implementation.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 139672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.Implementation.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 171384 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 465304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.Implementation.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 357272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.Implementation.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2012-04-11 00:25 . 2012-04-11 00:25 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2012-04-11 00:25 . 2012-04-11 00:25 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2011-04-19 09:54 . 2011-04-19 09:54 227328 c:\windows\Installer\311432.msi
    + 2011-04-19 09:21 . 2011-04-19 09:21 235520 c:\windows\Installer\31142b.msi
    + 2011-06-20 04:33 . 2011-06-20 04:33 407552 c:\windows\Installer\311405.msp
    + 2011-10-27 04:23 . 2011-10-27 04:23 925696 c:\windows\Installer\311377.msp
    + 2011-10-27 03:46 . 2011-10-27 03:46 794112 c:\windows\Installer\31134d.msp
    + 2011-10-27 03:51 . 2011-10-27 03:51 592896 c:\windows\Installer\31132f.msp
    + 2011-08-22 04:19 . 2011-08-22 04:19 133120 c:\windows\Installer\311276.msp
    + 2012-02-09 12:27 . 2012-02-09 12:27 206848 c:\windows\Installer\29fde0.msp
    + 2012-03-21 10:58 . 2012-03-21 10:58 133120 c:\windows\Installer\29fd9d.msp
    + 2011-04-29 01:27 . 2011-04-29 01:27 608768 c:\windows\Installer\154af0.msp
    + 2012-04-29 20:20 . 2012-04-29 20:20 132754 c:\windows\Installer\{ED1BD69A-07E3-418C-91F1-D856582581BF}\_853F67D554F05449430E7E.exe
    + 2012-04-29 20:25 . 2012-04-29 20:25 132754 c:\windows\Installer\{E44578C7-4667-4124-8BC2-1161BCA54978}\_F69FB2DB3B6672BEBE0F60.exe
    + 2012-04-29 20:25 . 2012-04-29 20:25 132754 c:\windows\Installer\{E44578C7-4667-4124-8BC2-1161BCA54978}\_853F67D554F05449430E7E.exe
    + 2012-04-29 20:25 . 2012-04-29 20:25 132754 c:\windows\Installer\{E44578C7-4667-4124-8BC2-1161BCA54978}\_6CB6AAA874BF315617841D.exe
    + 2012-04-14 19:42 . 2012-04-14 19:42 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
    - 2012-04-09 02:12 . 2012-04-09 02:12 571232 c:\windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
    + 2010-02-13 11:25 . 2010-02-13 11:25 128384 c:\windows\Installer\$PatchCache$\Managed\00004109E60090400000000000F01FEC\14.0.4763\FPLACE.DLL
    + 2010-02-28 08:13 . 2010-02-28 08:13 579968 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\VPREVIEW.EXE
    + 2010-01-10 02:47 . 2010-01-10 02:47 133512 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\TWCUTCHR.DLL
    + 2010-02-28 07:13 . 2010-02-28 07:13 521616 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\SELFCERT.EXE
    + 2010-02-28 09:41 . 2010-02-28 09:41 615800 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONWORDADDIN.DLL
    + 2010-02-28 09:41 . 2010-02-28 09:41 560512 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONPPTADDIN.DLL
    + 2010-03-30 01:26 . 2010-03-30 01:26 140144 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONENOTEMANAGED.DLL
    + 2010-03-30 01:26 . 2010-03-30 01:26 227712 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONENOTEM.EXE
    + 2010-02-28 09:41 . 2010-02-28 09:41 533368 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONBTTNWD.DLL
    + 2010-02-28 09:41 . 2010-02-28 09:41 533376 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONBTTNPPT.DLL
    + 2010-03-01 10:19 . 2010-03-01 10:19 697728 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONBTTNOL.DLL
    + 2010-02-28 07:21 . 2010-02-28 07:21 259960 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OISGRAPH.DLL
    + 2010-02-28 07:21 . 2010-02-28 07:21 886640 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OISAPP.DLL
    + 2010-02-28 07:21 . 2010-02-28 07:21 274280 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OIS.EXE
    + 2010-02-28 07:09 . 2010-02-28 07:09 401784 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OFFXML.DLL
    + 2010-03-11 05:44 . 2010-03-11 05:44 510904 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ODEPLOY.EXE
    + 2010-01-10 02:23 . 2010-01-10 02:23 169352 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OARPMANY.EXE
    + 2010-02-28 07:15 . 2010-02-28 07:15 702312 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSTORDB.EXE
    + 2010-03-30 02:47 . 2010-03-30 02:47 218464 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSPROOF6.DLL
    + 2010-03-16 07:58 . 2010-03-16 07:58 360824 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOUC.EXE
    + 2010-03-16 07:58 . 2010-03-16 07:58 718208 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOSYNC.EXE
    + 2010-03-25 01:28 . 2010-03-25 01:28 473952 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOICONS.EXE
    + 2010-03-06 10:29 . 2010-03-06 10:29 501088 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSODCW.DLL
    + 2010-03-01 10:17 . 2010-03-01 10:17 152952 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSOCF.DLL
    + 2009-09-04 14:02 . 2009-09-04 14:02 591680 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSLID.DLL
    + 2010-03-25 01:28 . 2010-03-25 01:28 571232 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MISC.EXE
    + 2010-02-28 07:15 . 2010-02-28 07:15 698216 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MEDCAT.DLL
    + 2010-03-23 01:36 . 2010-03-23 01:36 178560 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\IETAG.DLL
    + 2010-02-28 09:41 . 2010-02-28 09:41 578472 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\IECONTENTSERVICE.EXE
    + 2010-02-04 09:41 . 2010-02-04 09:41 120160 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\FLTLDR.EXE
    + 2010-02-25 16:07 . 2010-02-25 16:07 452936 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\EXPSRV.DLL
    + 2010-03-23 16:03 . 2010-03-23 16:03 104824 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\EXP_PDF.DLL
    + 2010-02-28 07:09 . 2010-02-28 07:09 519584 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\DWTRIG20.EXE
    + 2010-03-01 10:18 . 2010-03-01 10:18 397656 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\CDLMSO.DLL
    + 2010-01-19 01:59 . 2010-01-19 01:59 998776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ASMAIN.DLL
    + 2010-01-19 01:59 . 2010-01-19 01:59 100280 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ASLTS.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 362904 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEXBE.DLL
    + 2010-03-23 15:54 . 2010-03-23 15:54 220560 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACETXT.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 527776 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEREP.DLL
    + 2010-03-23 01:51 . 2010-03-23 01:51 329624 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACER3X.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 383904 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEOLEDB.DLL
    + 2010-03-23 01:51 . 2010-03-23 01:51 278448 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEODBC.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 643992 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEEXCL.DLL
    + 2010-03-23 15:54 . 2010-03-23 15:54 334752 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEEXCH.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 686504 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEES.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 548792 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEDAO.DLL
    rwhite1954, May 6, 2012
    #41

  2. rwhite1954 Newcomer, in training Posts: 30

    Combofix Logs Part 3:
    ===============================================================================
    + 2012-04-14 20:03 . 2012-04-14 20:03 877624 c:\windows\assembly\temp\41S0QPMMGF\HP.SupportFramework.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\3893bfa343bfd255531a743ffa660722\WindowsFormsIntegration.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 314880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.RegularE#\ebfbacf10670251b2db61f2cbca08af3\System.Web.RegularExpressions.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\a38a67bfd6245b2f72eb918a57d37bcd\System.ServiceProcess.ni.dll
    + 2012-04-12 00:42 . 2012-04-12 00:42 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll
    + 2012-04-12 00:42 . 2012-04-12 00:42 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 995328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\2da997f0d78859f06d72fcc61fc1a36f\System.Runtime.Remoting.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 311296 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Cach#\c64bdda4c5b1008a50130456a416e688\System.Runtime.Caching.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll
    + 2012-04-12 00:42 . 2012-04-12 00:42 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\cdf11c8e0679ce7ff91dc37c6e1b5545\System.Messaging.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 292352 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing.Desi#\cb799cb414d94fdd0d6d0e73fb0c7032\System.Drawing.Design.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe
    + 2012-04-12 00:37 . 2012-04-12 00:37 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 169984 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\c45a27e16f1710fbb5f9a1998d91ffc0\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 232960 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\c38c85ad0a6ea744ee4ca440adfebc4e\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 475136 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\b1e9a84a2436a463c35ded871dca6419\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 247808 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\8cc272eda49bc1202de40a2691882fcc\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 864768 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\67278ab733f1baf4132ca4bf85cd5b60\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 992256 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\4c1b69eea40a1af64f8c4f833e367864\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
    + 2012-04-12 00:36 . 2012-04-12 00:36 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b6c591378ae5158071d63be3fb88ef37\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 993280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\e124e073bbf4e06cb775df9d6b8b7979\Microsoft.Office.Tools.Excel.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 199680 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\952e3b13d0001f027a1c3f96e33d5c77\Microsoft.Office.Tools.Outlook.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\94906ec077cf7897d25d2c3659bc7dfe\Microsoft.Office.Tools.Common.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 408576 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\7d87585ac27f3634bc84ac2e65c12bbc\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 851456 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Uti#\ef49e94c2b9e293e658979ba193686c7\Microsoft.Build.Utilities.v4.0.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 353792 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Fra#\f03be672b1993e4a2dee05f0c99cf27a\Microsoft.Build.Framework.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ebd99d5801192b27f605630e2665db37\WindowsFormsIntegration.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\9562374f940f41cdc64d88268d543f0b\UIAutomationTypes.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\641eec5b274fe3972d02892607f9b650\UIAutomationClient.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\0b68854406b775365c6d91e87813c2dc\System.Windows.Input.Manipulations.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\0613bd8bf52bb05610bc85ae9b950e9f\System.Web.RegularExpressions.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5e3cf00b80c0aecd8392f1702d2d0f28\System.Transactions.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9cabbb335fc6dff10392376707a4d0a2\System.ServiceProcess.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d3d9c582c7cd77f17fd93167dc462242\System.ServiceModel.Routing.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7b17528dffe47d9b17be6086a575a516\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 244736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\a89c27bacba019eeed438f67b8544b78\System.Runtime.Caching.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\965e2749489298cc85387f44f76a40f2\System.Net.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\621d2aae96fd06f9ccf66d335d7f1232\System.Messaging.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\1bff2d3e952c2160ba0c790d2342a601\System.Management.Instrumentation.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e6cb98078120266f5310adf0f45aa7df\System.IO.Log.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\22dadf930ad449894633480562d6c913\System.IdentityModel.Selectors.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.Wrapper.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.ni.dll
    + 2012-04-11 00:27 . 2012-04-11 00:27 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\7f51b59dc6c39bbc00776c9204d7525d\System.Drawing.Design.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e25cc7918b583b3beffcad52920eae29\System.DirectoryServices.AccountManagement.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\a3be39ae9813098aa81430dd507d22ca\System.DirectoryServices.Protocols.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4975f93d2055b33bd7a91d6f05628e2a\System.Device.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\42d3d301d2adef24edeb3b775fbe3a4b\System.Data.DataSetExtensions.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\e844f0d4cf703c2e97515ed020331b76\System.Configuration.Install.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\9b418b211d6207feafcdc27027d26036\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\a4cfba8e3500f8387fe5924b940983be\System.AddIn.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\520d0ed9f48c121fbe79bda6fc176b74\System.Activities.DurableInstancing.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\98ec8a39382e6eee39845bd4759ecf04\SMSvcHost.ni.exe
    + 2012-04-12 00:31 . 2012-04-12 00:31 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b905cdec5960d51e5bdc7030b005c09\SMDiagnostics.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 210432 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\c94b450a8c2f30439acc69a8823270df\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 708608 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\bea3115c4fb01ef5636cc104793d85c9\Microsoft.VisualStudio.Tools.Office.Runtime.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 177152 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\95cc6c6d8a6966379f51dbc022bdeef6\Microsoft.VisualStudio.Tools.Office.ContainerControl.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\4a71330988e21161159809690e690cc3\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 364544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\20da1f81376916a4f394f3c0781688d4\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 738304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\1917917be6c570244e250b28a9cb819f\Microsoft.VisualStudio.Tools.Applications.ServerDocument.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09237903b1f9e5c7a69a4995d85eaa35\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5958d9610eb58adb2b62153492a7c27e\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 152064 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\e070443fc6be8a8f34f68fb6c9674494\Microsoft.Office.Tools.Outlook.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 865280 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\ce50979942c411efd3323472dc2e6254\Microsoft.Office.Tools.Common.Implementation.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 676864 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\cd38bbc2e82123234ae8fb6c05999af7\Microsoft.Office.Tools.Word.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 730624 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\92d8765edfd33f34e12da0b65c49f9c0\Microsoft.Office.Tools.Excel.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 336384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\59026dafb681def4fa70a4996bb79244\Microsoft.Office.Tools.Common.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 312320 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\4c535bf3606c143cdecd5195c596179a\Microsoft.Office.Tools.Outlook.Implementation.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 631296 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\861156abd2fbeb15a72e479fb140c9b9\Microsoft.Build.Utilities.v4.0.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\03c15533eddd91753b86895c6bfd59aa\Microsoft.Build.Framework.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\2ea95f3113ace6c1adf4ab9f9fc4285e\System.ServiceProcess.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a94125636875d06389922fcd86b7a615\System.Drawing.Design.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 773120 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\f62e745133fcb776cd05bc7a71e1fcfc\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 305664 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b4ca8eca3fb2b9e9eb4dcde40eca00b0\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 495616 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b45b8ce21d0fd161749b2de5bc7df56e\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 215040 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\b1e5be52d573d8203b7ee97196af0956\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 225280 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\841980c52ea05db8c1561ee8f396f19b\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 226304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\624a2b05e9289689e3ab48f2b5b892c6\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 226816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5e3dfcd0cf8a0c016d82a75b1dfcb601\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 956416 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\5d5f9b6272e24579f25243fbe7304f45\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 777728 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\583db918d8c4155fab760bb05f4bebc8\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\1b07f538fe72210d0c2c8b2c55e7b8c0\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\193686cd8f2e68607e6906da98c910c6\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 270336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\17a38b3f6b386d8ae5bfac23a8862d1a\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 124928 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\02fb65084750031d3d1fce63bb3fef35\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 222208 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\a36614337f719e86f7448fa534bc4e3a\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 253952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\44eecde37d940c1c9aaebb700ae81ed5\Microsoft.Office.Tools.v9.0.ni.dll
    + 2012-04-11 00:32 . 2012-04-11 00:32 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll
    + 2012-04-11 00:32 . 2012-04-11 00:32 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b64b898fd099d1644a8673137ac56011\System.Drawing.Design.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 134144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e4053ef7b971ae81468e7c398f9a0836\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 215040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a278c91a9f9d7c4ea7e1aaf0c290684a\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 650752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9949ca42861385d6f9ed0057faa58027\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 363008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\73a385d0a8e76c44988c813a93d626b3\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\67a0b11d64fd1316376326b78f69e02a\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 179200 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4ed816753c9fedb84dbc6de93744350b\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 617472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1c085ee71c2b8e94aae910a39bc4a212\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
    + 2012-04-14 20:01 . 2012-04-14 20:01 196608 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\035789f7c3aca166d18391af5349bbbb\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\01e71094136bf26bea62a21c69d5aa14\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 155648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\e9fe92f5ee79d406f7e98a12841e2861\Microsoft.Office.Tools.Outlook.v9.0.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 816128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\773d5489dd158e1c72c2b8327c4cffd3\Microsoft.Office.Tools.Common.v9.0.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 854528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\667bce54a4a095320e5c3390e52e9693\Microsoft.Office.Tools.Word.v9.0.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\564ee7c52ff064b953ca9fe02e0a2067\Microsoft.Office.Tools.v9.0.ni.dll
    + 2012-04-10 23:52 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 363936 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 193472 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll
    + 2012-04-14 19:44 . 2012-04-14 19:44 153008 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0\10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll
    + 2012-04-14 20:03 . 2012-04-29 19:55 877952 c:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 150584 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant.Engine\6.0.1.1__e1eab6ede003577a\HP.SupportAssistant.Engine.dll
    + 2012-04-29 20:26 . 2012-04-29 20:26 112696 c:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
    - 2012-04-02 12:45 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll
    + 2012-04-11 00:22 . 2012-02-28 01:11 1127424 c:\windows\SysWOW64\wininet.dll
    + 2012-04-11 00:22 . 2012-02-28 01:12 1103360 c:\windows\SysWOW64\urlmon.dll
    - 2012-04-02 12:45 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll
    + 2012-04-11 00:22 . 2012-03-06 05:59 3913072 c:\windows\SysWOW64\ntoskrnl.exe
    + 2012-04-11 00:22 . 2012-03-06 05:59 3968368 c:\windows\SysWOW64\ntkrnlpa.exe
    - 2012-04-09 00:52 . 2011-11-19 14:50 3968368 c:\windows\SysWOW64\ntkrnlpa.exe
    + 2012-04-11 00:22 . 2012-02-28 01:18 1799168 c:\windows\SysWOW64\jscript9.dll
    - 2012-04-02 12:45 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll
    + 2012-04-11 00:22 . 2012-02-28 01:04 1792000 c:\windows\SysWOW64\iertutil.dll
    + 2012-04-11 00:22 . 2012-02-28 01:27 9705984 c:\windows\SysWOW64\ieframe.dll
    + 2010-10-20 17:44 . 2010-10-20 17:44 1207656 c:\windows\SysWOW64\FM20.DLL
    + 2009-07-14 04:54 . 2012-04-17 22:46 1556480 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-04-09 00:55 1556480 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-04-17 22:46 3719168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-09 00:55 3719168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-09 00:55 1654784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-17 22:46 1654784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-04-11 00:22 . 2012-02-28 06:49 1390080 c:\windows\system32\wininet.dll
    - 2012-04-02 12:45 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll
    - 2012-04-02 12:45 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll
    + 2012-04-11 00:22 . 2012-02-28 06:50 1345536 c:\windows\system32\urlmon.dll
    + 2012-04-11 00:22 . 2012-03-06 06:53 5559152 c:\windows\system32\ntoskrnl.exe
    - 2012-04-09 00:52 . 2011-11-19 15:20 5559152 c:\windows\system32\ntoskrnl.exe
    + 2011-01-07 20:02 . 2011-01-07 20:02 5523280 c:\windows\system32\mfc100u.dll
    + 2011-01-07 20:02 . 2011-01-07 20:02 5493576 c:\windows\system32\mfc100.dll
    - 2010-03-18 16:36 . 2010-03-18 16:36 5493576 c:\windows\system32\mfc100.dll
    + 2012-04-11 00:22 . 2012-02-28 06:56 2311168 c:\windows\system32\jscript9.dll
    + 2012-04-11 00:22 . 2012-02-28 06:43 2144256 c:\windows\system32\iertutil.dll
    - 2012-04-02 12:45 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll
    + 2011-10-15 15:13 . 2011-07-19 15:19 1492992 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_c28e08a5df4ad1d6\netr28x.sys
    - 2011-10-15 15:13 . 2011-03-07 16:55 1353280 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9f8280168b82547f\netr28x.sys
    + 2011-03-07 17:55 . 2011-03-07 17:55 1353280 c:\windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_neutral_9f8280168b82547f\netr28x.sys
    + 2011-10-15 15:13 . 2011-07-19 15:19 1492992 c:\windows\system32\drivers\netr28x.sys
    - 2009-07-14 04:45 . 2012-04-09 02:16 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 04:45 . 2012-04-14 20:12 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2012-04-02 13:19 . 2012-04-02 13:19 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2012-04-11 00:25 . 2012-04-11 00:25 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
    + 2012-04-11 00:25 . 2012-04-11 00:25 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2012-04-02 13:19 . 2012-04-02 13:19 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2012-04-11 00:26 . 2012-04-11 00:26 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
    + 2011-08-23 22:01 . 2011-08-23 22:01 3480576 c:\windows\Installer\b0d42.msi
    + 2011-11-18 23:52 . 2011-11-18 23:52 9183232 c:\windows\Installer\311479.msp
    + 2012-01-05 11:21 . 2012-01-05 11:21 4964864 c:\windows\Installer\311449.msp
    + 2011-03-18 00:20 . 2011-03-18 00:20 1961984 c:\windows\Installer\31141b.msp
    + 2011-07-21 17:34 . 2011-07-21 17:34 3456000 c:\windows\Installer\3113d7.msp
    + 2011-10-16 19:28 . 2011-10-16 19:28 1138688 c:\windows\Installer\3113c1.msp
    + 2011-07-21 17:45 . 2011-07-21 17:45 3809792 c:\windows\Installer\3113a3.msp
    + 2011-10-27 04:23 . 2011-10-27 04:23 8821760 c:\windows\Installer\31138d.msp
    + 2011-07-21 17:41 . 2011-07-21 17:41 8413696 c:\windows\Installer\311363.msp
    + 2011-10-27 03:46 . 2011-10-27 03:46 1833472 c:\windows\Installer\3112ff.msp
    + 2012-03-01 04:55 . 2012-03-01 04:55 3462656 c:\windows\Installer\3112b2.msp
    + 2011-04-16 13:44 . 2011-04-16 13:44 2770944 c:\windows\Installer\31129d.msi
    + 2011-08-22 04:18 . 2011-08-22 04:18 1585152 c:\windows\Installer\31126f.msp
    + 2012-01-22 15:20 . 2012-01-22 15:20 1707520 c:\windows\Installer\29fdea.msp
    + 2012-03-07 20:01 . 2012-03-07 20:01 1907712 c:\windows\Installer\29fdd8.msp
    + 2012-04-01 21:27 . 2012-04-01 21:27 3463168 c:\windows\Installer\29fdc9.msp
    + 2012-02-17 08:50 . 2012-02-17 08:50 1236480 c:\windows\Installer\29fdb3.msp
    + 2012-03-21 10:57 . 2012-03-21 10:57 1591808 c:\windows\Installer\29fd96.msp
    + 2012-04-29 20:24 . 2012-04-29 20:24 4314624 c:\windows\Installer\21a159.msi
    + 2012-04-29 20:19 . 2012-04-29 20:19 1086464 c:\windows\Installer\21a10c.msi
    + 2011-04-29 01:26 . 2011-04-29 01:26 3994624 c:\windows\Installer\1549cc.msp
    + 2011-04-29 01:26 . 2011-04-29 01:26 2426880 c:\windows\Installer\154992.msp
    + 2011-01-08 01:05 . 2011-01-08 01:05 4583936 c:\windows\Installer\13ca77.msp
    - 2012-04-09 02:07 . 2012-04-09 02:14 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
    + 2012-04-09 02:07 . 2012-04-14 19:44 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
    - 2012-04-09 02:07 . 2012-04-09 02:14 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
    + 2010-03-25 01:28 . 2010-03-25 01:28 1479520 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\XLICONS.EXE
    + 2010-02-18 02:56 . 2010-02-18 02:56 1199008 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\WKCONV.EXE
    + 2010-02-25 16:07 . 2010-02-25 16:07 2672456 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\VBE7.DLL
    + 2010-03-01 10:07 . 2010-03-01 10:07 2831768 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\STSLIST.DLL
    + 2010-03-11 05:44 . 2010-03-11 05:44 1100664 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\SETUP.EXE
    + 2010-02-28 07:14 . 2010-02-28 07:14 4520288 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\PROMO.EXE
    + 2010-03-25 01:28 . 2010-03-25 01:28 3792736 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\PPTICO.EXE
    + 2010-03-09 14:57 . 2010-03-09 14:57 9696616 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\PPCORE.DLL
    + 2010-03-09 14:57 . 2010-03-09 14:57 2162024 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\POWERPNT.EXE
    + 2010-03-11 05:44 . 2010-03-11 05:44 5789544 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OSETUP.DLL
    + 2010-03-30 13:29 . 2010-03-30 13:29 1177968 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONFILTER.DLL
    + 2010-03-30 13:29 . 2010-03-30 13:29 1676128 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ONENOTE.EXE
    + 2010-01-10 02:24 . 2010-01-10 02:24 3483000 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OIMG.DLL
    + 2010-02-28 07:19 . 2010-02-28 07:19 7277440 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OFFOWC.DLL
    + 2010-03-30 13:36 . 2010-03-30 13:36 5496688 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\IPEDITOR.DLL
    + 2010-03-13 03:45 . 2010-03-13 03:45 4299648 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\GRAPH.EXE
    + 2010-03-01 10:08 . 2010-03-01 10:08 1746280 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\GFX.DLL
    + 2010-02-20 22:20 . 2010-02-20 22:20 1207144 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\FM20.DLL
    + 2010-01-19 01:59 . 2010-01-19 01:59 2182040 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ASSAPIFE.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 3049376 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACEWDAT.DLL
    + 2010-03-23 15:55 . 2010-03-23 15:55 2193800 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\ACECORE.DLL
    rwhite1954, May 6, 2012
    #42

  3. rwhite1954 Newcomer, in training Posts: 30

    Combofix Logs Part 4:
    ============================================================
    + 2012-04-12 00:36 . 2012-04-12 00:36 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\fb00cd7183b28470878a3b5687929a56\WindowsBase.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\80de3f9f56bed3e05ba97741905abddb\System.Windows.Forms.DataVisualization.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 2287104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\97b05378b616e023221f9c6072239168\System.Web.Services.ni.dll
    + 2012-04-12 00:42 . 2012-04-12 00:42 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll
    + 2012-04-12 00:42 . 2012-04-12 00:42 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll
    + 2012-04-12 00:42 . 2012-04-12 00:42 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\21c096f214db354198e2664473875f06\System.Printing.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 2303488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\9bcabb321026ee927401cbba73dff054\System.Drawing.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\90ec5a09a2329a45554d79e0fd9fbbee\System.Deployment.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 1498112 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.OracleC#\f1e8508072fb84206550bc497dc5b49c\System.Data.OracleClient.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\45d4a9fa235f5658f8c9b89f6a4f691f\System.Activities.Presentation.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll
    + 2012-04-12 00:40 . 2012-04-12 00:40 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8ad595c3d0668d10777d8ce28b88cc7c\ReachFramework.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\cb31bfb24a52f83cf826c00979827ba6\PresentationUI.ni.dll
    + 2012-04-12 00:36 . 2012-04-12 00:36 1829888 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\6845c178054282fe6476fdfb0e9a9e6a\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5281ac494089700d1c72c16478ab3363\Microsoft.VisualBasic.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 1118208 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\b32c2fd04c465a5327c25ec5601ff932\Microsoft.Office.Tools.Common.Implementation.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 1070080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\363aac28351f0e2d17dca84f7532d8b1\Microsoft.Office.Tools.Word.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 2035200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\24d55a7a165e590f0760df6ebcad3616\Microsoft.Office.Tools.Excel.Implementation.ni.dll
    + 2012-04-14 20:02 . 2012-04-14 20:02 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Office.To#\1ce1e4d466ffb69c15da8cf0743aba85\Microsoft.Office.Tools.Word.Implementation.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 3820544 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Build.Tas#\9f1c45888c7f1f15d04f30c9437f8bf2\Microsoft.Build.Tasks.v4.0.ni.dll
    + 2012-04-11 00:27 . 2012-04-11 00:27 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\0f5df23e9f268e9ff4c8033f9865a12a\UIAutomationClientsideProviders.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\acae13e8725a0a5da6dcda3e309cb9d2\System.Windows.Forms.DataVisualization.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1925632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b6139cfbdbdc57c3ff421204292f4041\System.Web.Services.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\90de8ba8101001c8845439cd5f9a76eb\System.Speech.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8c12f469cbd6b8d9718c64a4b2c96d47\System.ServiceModel.Activities.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\746651ce870c2f9cd43bc7246154f81a\System.ServiceModel.Discovery.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a14816d568ee8c7cc9f9923d979d682d\System.Runtime.Serialization.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d6b9e13a40ed53cfc10e04c023c62a49\System.Runtime.DurableInstancing.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\7175344bfab919484674d37de776a82f\System.Printing.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2a4589aeec877df58cbbcd633bc18fb6\System.IdentityModel.ni.dll
    + 2012-04-11 00:27 . 2012-04-11 00:27 1665536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6bd4a77663c0e708e0827be849906fdc\System.DirectoryServices.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d0ae88ebdc709e940fbd0c6bafcab13c\System.Deployment.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\4b28434c73ac4229c7ae7c4f0598e25f\System.Data.Services.Client.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1189376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\c8b5d26c88a0f00cfb079bf421298076\System.Data.OracleClient.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\7bbd2b637fbe2a5b17a16cd4fcc3c3ca\System.Activities.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\f4311e621d2bbf4de0d32bae765b1484\System.Activities.Presentation.ni.dll
    + 2012-04-12 00:32 . 2012-04-12 00:32 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\819fccf9934ef29a6078d4accbf9ea0c\System.Activities.Core.Presentation.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:32 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\f4ab7bc19b981163de613143a1e1c997\ReachFramework.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3e896ba1c3cc8d62c267508dccd7aa5a\PresentationUI.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7511c9da502ed9c4e630a902d462cdef\Microsoft.VisualBasic.Compatibility.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1f54c28f39e25b121c374480ad50d384\Microsoft.VisualBasic.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1ae1a98af2c7d3e68c7525bf1395fa61\Microsoft.VisualBasic.Activities.Compiler.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\fb09c8733a8ef9292079399b25d5d973\Microsoft.Transactions.Bridge.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 1117696 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\82515c0b97a390ceb0763b8f87986cc3\Microsoft.Office.Tools.Word.Implementation.ni.dll
    + 2012-04-14 20:00 . 2012-04-14 20:00 1551872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\61c9c57fbd3ee915796a7c647dc9e5b3\Microsoft.Office.Tools.Excel.Implementation.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\8b1e797d9c7f5ef773c150e15b07a087\Microsoft.JScript.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 2877440 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\98d8d80f4b2d74cb4c5dc31483793bfb\Microsoft.Build.Tasks.v4.0.ni.dll
    + 2012-04-11 00:35 . 2012-04-11 00:35 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\d26e6d07c2e10bc55c2bfd2440ec14bc\System.Workflow.ComponentModel.ni.dll
    + 2012-04-11 00:35 . 2012-04-11 00:35 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\f044eaa5dc79454c4081bdbea81bf67e\System.Workflow.Activities.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\7e62d5f06809c96b0e957cc948d98d7c\System.Printing.ni.dll
    + 2012-04-11 00:33 . 2012-04-11 00:33 2317312 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\95d41ace5d8803b9318366ad5f0fbdff\System.Drawing.ni.dll
    + 2012-04-11 00:33 . 2012-04-11 00:33 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\7e705656ef1ee9078e0d51699d9e0858\System.Deployment.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\df3b4d20eaf81da80db9be811947e475\ReachFramework.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\8e76dcfa3f4676022f95437037c8ad51\PresentationUI.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 1875456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\ef37fe70c135b3e38caff59f13265ff8\Microsoft.Office.Tools.Excel.v9.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 1186304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\d4a618d9f5959f658a1892a007f96a04\Microsoft.Office.Tools.Word.v9.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 1093632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\631ae18fbb786ed963eac3080906a3cf\Microsoft.Office.Tools.Common.v9.0.ni.dll
    + 2012-04-12 00:43 . 2012-04-12 00:43 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\88b7272ddb53920b927a7ef59fd3ad6a\Microsoft.MediaCenter.UI.ni.dll
    + 2012-04-11 00:32 . 2012-04-11 00:32 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6d2f8bad410dae6049507d7bc097a62d\System.Workflow.ComponentModel.ni.dll
    + 2012-04-11 00:32 . 2012-04-11 00:32 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\31fd6842b7ccb502dc2f5f11c1f991bd\System.Workflow.Activities.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0b27d6da6e6bc319c3805435b818c1e5\System.Printing.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 1590784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e45611cad86870a7011bb18b9e993861\System.Deployment.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\ffe872f5d03f8bf4d1e1aca71274aec4\ReachFramework.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\167ae650f54f5cd46c07329972f179ad\PresentationUI.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 1354752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\dbd0c24e7fefe5a2b5f1f86c3bef97a9\Microsoft.Office.Tools.Excel.v9.0.ni.dll
    + 2012-04-14 20:03 . 2012-04-14 20:03 2430008 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant.Localization\6.0.1.1__a2352a4c73e11587\HP.SupportAssistant.Localization.dll
    + 2012-04-11 00:22 . 2012-02-28 01:52 12281856 c:\windows\SysWOW64\mshtml.dll
    - 2009-07-14 02:34 . 2012-04-09 00:53 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:34 . 2012-04-11 00:28 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2012-04-11 00:22 . 2012-02-28 07:34 17790976 c:\windows\system32\mshtml.dll
    + 2012-04-02 21:43 . 2012-04-11 00:19 57249312 c:\windows\system32\MRT.exe
    + 2012-04-11 00:22 . 2012-02-28 07:02 10888704 c:\windows\system32\ieframe.dll
    + 2012-04-02 01:01 . 2012-04-29 20:29 10016412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-329077410-4254268383-3766462361-1001-4096.dat
    + 2012-04-14 20:01 . 2012-04-14 20:01 47848756 c:\windows\Installer\b0d38.msi
    + 2011-10-27 03:45 . 2011-10-27 03:45 66426368 c:\windows\Installer\311460.msp
    + 2011-07-21 17:36 . 2011-07-21 17:36 66808320 c:\windows\Installer\3113ef.msp
    + 2011-06-20 04:28 . 2011-06-20 04:28 18457088 c:\windows\Installer\3113ab.msp
    + 2012-04-10 03:00 . 2012-04-10 03:00 20333056 c:\windows\Installer\31136f.msp
    + 2011-10-27 03:51 . 2011-10-27 03:51 16885760 c:\windows\Installer\31131f.msp
    + 2011-10-27 03:47 . 2011-10-27 03:47 10328064 c:\windows\Installer\3112e9.msp
    + 2011-10-27 03:49 . 2011-10-27 03:49 16245760 c:\windows\Installer\3112d7.msp
    + 2011-10-27 03:49 . 2011-10-27 03:49 10427392 c:\windows\Installer\3112c4.msp
    + 2011-10-27 03:46 . 2011-10-27 03:46 11580928 c:\windows\Installer\31128c.msp
    + 2011-10-22 20:21 . 2011-10-22 20:21 21515264 c:\windows\Installer\311267.msp
    + 2012-03-07 20:03 . 2012-03-07 20:03 23710208 c:\windows\Installer\29fdd1.msp
    + 2012-04-29 20:22 . 2012-04-29 20:22 10125824 c:\windows\Installer\21a148.msi
    + 2011-04-29 04:28 . 2011-04-29 04:28 16972800 c:\windows\Installer\154b0c.msp
    + 2011-04-29 04:28 . 2011-04-29 04:28 11056128 c:\windows\Installer\154b02.msp
    + 2011-04-29 01:34 . 2011-04-29 01:34 11155456 c:\windows\Installer\154af9.msp
    + 2011-04-29 01:27 . 2011-04-29 01:27 14467072 c:\windows\Installer\1549d9.msp
    + 2011-04-29 01:27 . 2011-04-29 01:27 13031936 c:\windows\Installer\1549bc.msp
    + 2010-03-13 05:50 . 2010-03-13 05:50 17800544 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\XL12CNV.EXE
    + 2010-03-13 05:05 . 2010-03-13 05:05 11121528 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OARTCONV.DLL
    + 2010-03-13 20:08 . 2010-03-13 20:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\OART.DLL
    + 2010-03-23 01:36 . 2010-03-23 01:36 72521600 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSORES.DLL
    + 2010-03-13 19:53 . 2010-03-13 19:53 20753760 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\EXCEL.EXE
    + 2012-04-12 00:39 . 2012-04-12 00:39 17353728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\c80f2e11e938ed65b843f750add94b35\System.Windows.Forms.ni.dll
    + 2012-04-12 00:38 . 2012-04-12 00:38 15762432 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web\bf66e2b2a4dfefe1064dc172723b2cdd\System.Web.ni.dll
    + 2012-04-12 00:42 . 2012-04-12 00:42 24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll
    + 2012-04-12 00:39 . 2012-04-12 00:39 13314048 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Design\8d8f7d5ddfee1cd87ca1396946aa18f7\System.Design.ni.dll
    + 2012-04-12 00:41 . 2012-04-12 00:41 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll
    + 2012-04-12 00:35 . 2012-04-12 00:35 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll
    + 2012-04-12 00:37 . 2012-04-12 00:37 24407040 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\b93196152e384bd43b9abf1e20c8d067\PresentationFramework.ni.dll
    + 2012-04-12 00:36 . 2012-04-12 00:36 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\fc074b5198bd925a4f5b48403bba0e34\PresentationCore.ni.dll
    + 2012-04-11 00:27 . 2012-04-11 00:27 13197312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
    + 2012-04-12 00:31 . 2012-04-12 00:31 12079616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\a0fb4bd3ae9ce574167ae3a79b7a1aa5\System.Web.ni.dll
    + 2012-04-12 00:34 . 2012-04-12 00:34 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c43869b44f633a3ad003a0ad9e79b273\System.ServiceModel.ni.dll
    + 2012-04-11 00:27 . 2012-04-11 00:27 11021824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\cd7e0c408cc063860fbccce73bbc9c8d\System.Design.ni.dll
    + 2012-04-12 00:33 . 2012-04-12 00:33 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b642a4ad94ff1e027a128b9796878372\System.Data.Entity.ni.dll
    + 2012-04-11 00:27 . 2012-04-11 00:27 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
    + 2012-04-11 00:27 . 2012-04-11 00:27 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
    + 2012-04-11 00:33 . 2012-04-11 00:33 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\3466442b4168ba11787961fcfd410adf\System.Windows.Forms.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\79c8a2e836c01784bb8e3e2d0ed26850\System.Web.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\552733f73f5483946cce9229b27bdcb2\System.Design.ni.dll
    + 2012-04-11 00:34 . 2012-04-11 00:34 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\b87e4cff3eb13680c55a5f4ee9786b56\PresentationFramework.ni.dll
    + 2012-04-11 00:32 . 2012-04-11 00:32 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\1233412b58120995b639428b5e6d998e\PresentationCore.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
    + 2012-04-11 00:32 . 2012-04-11 00:32 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\846a51eb446bee41a26a6914a95e38cd\System.Design.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll
    + 2012-04-11 00:31 . 2012-04-11 00:31 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll
    + 2011-10-16 19:38 . 2011-10-16 19:38 100966912 c:\windows\Installer\31125f.msp
    + 2011-04-29 01:33 . 2011-04-29 01:33 425345024 c:\windows\Installer\154ae9.msp
    .
    -- Snapshot reset to current date --
    .
    rwhite1954, May 6, 2012
    #43

  4. rwhite1954 Newcomer, in training Posts: 30

    Combofix Logs Part 5:
    =================================================
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
    "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    .
    c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-02 1160824]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120427.001\IDSvia64.sys [2012-03-30 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-09 138360]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 01:28]
    .
    2012-04-14 c:\windows\Tasks\HPCeeScheduleForRyan.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-29 16:18:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-29 21:18
    ComboFix2.txt 2012-04-10 01:52
    .
    Pre-Run: 440,416,595,968 bytes free
    Post-Run: 440,262,610,944 bytes free
    .
    - - End Of File - - A07486E5F4ACD9A78D9CFFC04D39F174
    rwhite1954, May 6, 2012
    #44

  5. Bobbye Helper on the Fringe Posts: 16,406   +16

    Let's take a look at this:

    Download aswMBRto your desktop.
    • Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan:
      [IMG]
    • On completion of the scan click "Save log", save it to your desktop
    • Post in your next reply:
    [IMG]

    This is not the same programs as the MBR Check.
    Bobbye, May 7, 2012
    #45

  6. Bobbye Helper on the Fringe Posts: 16,406   +16

    5 days- no reply.
    Bobbye, May 11, 2012
    #46
     
Page 3 of 3
Topic Status:
Not open for further replies.

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.