VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

combofix log, wmplayer.exe

https://forum.viry.cz:443/viewtopic.php?t=100962

Stránka 1 z 1

combofix log, wmplayer.exe

Napsal: 10 kvě 2010 10:56
od *teo*
zdravim po dlhom case, rad by som poprosil o skontrolovanie combofix logu.. opakovane som nim odstranil rootkit ktory sa prejavoval vytazenim procesoru na 100% procesom wmplayer.exe, po spusteni media playeru.. kedze je to opakovany rootkit a objavil sa znova po optaovnom nahodnom spusteni wmplayeru, prikladam log a dufam ze mi pomozete zbavit sa ho natrvalo - vdacne aj za cenu aj tak nepouzivaneho wmplayeru.
dakujem

Kód: Vybrat vše

ComboFix 10-05-09.04 - matej.zilak 10/05/2010  11:35:28.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.44.1033.18.2038.1513 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.

(((((((((((((((((((((((((   Files Created from 2010-04-10 to 2010-05-10  )))))))))))))))))))))))))))))))
.

2010-05-10 08:53 . 2009-11-27 16:37	8704	-c----w-	c:\windows\system32\dllcache\tsbyuv.dll
2010-05-10 08:53 . 2009-11-27 16:37	48128	-c----w-	c:\windows\system32\dllcache\iyuv_32.dll
2010-05-07 07:05 . 2004-08-04 05:00	221184	----a-w-	c:\windows\system32\wmpns.dll
2010-05-07 07:04 . 2010-05-07 07:04	--------	d-----w-	c:\windows\ServicePackFiles
2010-04-26 15:54 . 2010-04-26 15:54	379	----a-w-	c:\documents and settings\Administrator\Application Data\WinFF\ff100426175407.bat
2010-04-26 08:17 . 2010-04-26 08:19	--------	d-----w-	c:\program files\NetBeans 6.8
2010-04-20 12:19 . 2010-04-20 12:20	--------	d-----w-	c:\program files\Real
2010-04-20 12:19 . 2010-04-20 12:20	--------	d-----w-	c:\program files\Common Files\Real
2010-04-19 10:34 . 2010-04-19 10:34	445	----a-w-	c:\documents and settings\Administrator\Application Data\WinFF\ff100419123448.bat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 09:34 . 2005-04-05 17:21	--------	d-----w-	c:\program files\C4ebreg
2010-05-10 09:29 . 2007-03-05 22:09	40	----a-w-	c:\windows\system32\profile.dat
2010-05-10 09:29 . 2010-01-05 08:14	--------	d-----w-	c:\documents and settings\Administrator\Application Data\.purple
2010-05-10 09:29 . 2009-06-15 07:04	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Desktop Sidebar
2010-05-10 09:23 . 2006-01-24 00:45	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-05-10 08:21 . 2006-03-27 21:50	--------	d-----w-	c:\program files\WST
2010-05-07 14:15 . 2009-01-09 08:17	--------	d-----w-	c:\documents and settings\Administrator\Application Data\FileZilla
2010-05-06 13:22 . 2009-02-03 08:47	--------	d-----w-	c:\documents and settings\Administrator\Application Data\WinFF
2010-05-06 13:20 . 2009-02-03 09:17	--------	d-----w-	c:\documents and settings\Administrator\Application Data\vlc
2010-05-05 08:15 . 2009-07-27 08:32	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Winamp
2010-05-05 07:06 . 2009-11-03 09:08	--------	d-----w-	c:\program files\Opera
2010-05-04 12:22 . 2010-01-05 08:33	--------	d-----w-	c:\documents and settings\Administrator\Application Data\gtk-2.0
2010-04-20 12:20 . 2010-04-20 12:20	49152	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-20 12:20 . 2010-04-20 12:20	45056	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-20 12:20 . 2010-04-20 12:20	45056	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-20 12:20 . 2010-04-20 12:20	45056	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-20 12:20 . 2010-04-20 12:20	45056	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-20 12:20 . 2010-04-20 12:20	40960	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-20 12:20 . 2010-04-20 12:20	308808	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-20 12:20 . 2010-04-20 12:20	14848	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-20 12:20 . 2010-04-20 12:20	341600	----a-w-	c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-20 12:20 . 2010-04-20 12:20	--------	d-----w-	c:\program files\Common Files\xing shared
2010-04-16 11:16 . 2007-10-10 15:20	--------	d-----w-	c:\program files\MSECache
2010-04-14 07:38 . 2010-02-10 12:06	--------	d-----w-	c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2010-04-07 07:01 . 2010-04-07 07:01	--------	d-----w-	c:\program files\Common Files\Java
2010-04-07 07:01 . 2010-04-07 07:01	503808	----a-w-	c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-589d92f9-n\msvcp71.dll
2010-04-07 07:01 . 2010-04-07 07:01	499712	----a-w-	c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-589d92f9-n\jmc.dll
2010-04-07 07:01 . 2010-04-07 07:01	348160	----a-w-	c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-589d92f9-n\msvcr71.dll
2010-04-07 07:01 . 2010-04-07 07:01	61440	----a-w-	c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6bd74384-n\decora-sse.dll
2010-04-07 07:01 . 2010-04-07 07:01	12800	----a-w-	c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6bd74384-n\decora-d3d.dll
2010-04-07 07:00 . 2009-05-20 07:18	--------	d-----w-	c:\program files\Java
2010-04-01 14:22 . 2009-01-15 15:26	--------	d-----w-	c:\program files\IrfanView
2010-03-31 12:41 . 2008-11-05 13:02	--------	d-----w-	c:\program files\Lenovo
2010-03-29 11:31 . 2010-03-29 11:31	91	----a-w-	c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2010-03-29 11:31 . 2010-03-29 11:31	683801	----a-w-	c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWA\unins000.exe
2010-03-29 11:31 . 2010-03-29 11:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\Last.fm
2010-03-29 11:31 . 2010-03-29 11:30	--------	d-----w-	c:\program files\Last.fm
2010-03-22 11:45 . 2009-02-02 10:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-22 10:08 . 2009-01-08 09:28	--------	d-----w-	c:\program files\QIP
2010-03-18 14:02 . 2006-04-12 02:08	--------	d-----w-	c:\program files\Common Files\Adobe
2010-03-18 12:54 . 2010-03-18 12:54	--------	d-----w-	c:\program files\Adobe Media Player
2010-03-18 12:38 . 2010-03-18 12:38	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2010-03-17 13:31 . 2009-10-20 14:06	--------	d-----w-	c:\program files\Algodoo Phun Edition
2010-03-09 02:28 . 2009-05-20 07:19	411368	----a-w-	c:\windows\system32\deploytk.dll
2010-02-26 08:52 . 2009-10-07 13:44	6400	----a-w-	c:\windows\system32\drivers\isamfilter.sys
2010-02-25 18:11 . 2005-07-29 18:05	64792	----a-w-	c:\windows\isamunin.exe
2010-02-24 12:31 . 2004-08-04 05:00	454016	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 12:06 . 2010-02-10 12:06	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-02-10 11:55 . 2010-02-10 11:55	95232	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-02-10 11:55 . 2010-02-10 11:55	8192	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-10 11:55 . 2010-02-10 11:55	61440	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-10 11:55 . 2010-02-10 11:55	10240	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-02-10 11:54 . 2010-02-10 11:56	34686912	----a-w-	c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_slk_web.exe
.

(((((((((((((((((((((((((((((   SnapShot@2010-04-30_08.02.53   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-10 09:35 . 2010-05-10 09:35	16384              c:\windows\Temp\Perflib_Perfdata_f0.dat
+ 2010-05-10 09:34 . 2010-05-10 09:34	16384              c:\windows\Temp\Perflib_Perfdata_250.dat
+ 2004-08-04 05:00 . 2009-06-12 11:50	80896              c:\windows\system32\tlntsess.exe
+ 2004-08-04 05:00 . 2009-06-12 11:50	76288              c:\windows\system32\telnet.exe
+ 2005-07-13 22:27 . 2007-07-27 21:11	26488              c:\windows\system32\spupdsvc.exe
- 2006-07-17 20:01 . 2008-07-08 13:02	17272              c:\windows\system32\spmsg.dll
+ 2006-07-17 20:01 . 2009-05-26 11:40	17272              c:\windows\system32\spmsg.dll
+ 2004-08-04 05:00 . 2010-05-07 07:23	69410              c:\windows\system32\perfc009.dat
+ 2004-08-04 05:00 . 2009-11-27 16:37	28672              c:\windows\system32\msvidc32.dll
- 2004-08-04 05:00 . 2004-08-04 05:00	11264              c:\windows\system32\msrle32.dll
+ 2004-08-04 05:00 . 2009-11-27 16:37	11264              c:\windows\system32\msrle32.dll
+ 2004-08-04 00:56 . 2009-11-27 16:37	48128              c:\windows\system32\iyuv_32.dll
+ 2004-08-04 05:00 . 2009-06-12 11:50	80896              c:\windows\system32\dllcache\tlntsess.exe
+ 2004-08-04 05:00 . 2009-06-12 11:50	76288              c:\windows\system32\dllcache\telnet.exe
+ 2004-08-04 05:00 . 2009-11-27 16:37	28672              c:\windows\system32\dllcache\msvidc32.dll
- 2004-08-04 05:00 . 2004-08-04 05:00	11264              c:\windows\system32\dllcache\msrle32.dll
+ 2004-08-04 05:00 . 2009-11-27 16:37	11264              c:\windows\system32\dllcache\msrle32.dll
+ 2004-08-04 05:00 . 2010-01-13 14:10	85504              c:\windows\system32\dllcache\cabview.dll
- 2004-08-04 05:00 . 2004-08-04 05:00	84992              c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-04 05:00 . 2009-11-27 16:37	84992              c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-04 05:00 . 2009-07-17 18:55	58880              c:\windows\system32\dllcache\atl.dll
- 2004-08-04 05:00 . 2004-08-04 05:00	58880              c:\windows\system32\dllcache\atl.dll
+ 2004-08-04 05:00 . 2010-01-13 14:10	85504              c:\windows\system32\cabview.dll
- 2004-08-04 05:00 . 2004-08-04 05:00	84992              c:\windows\system32\avifil32.dll
+ 2004-08-04 05:00 . 2009-11-27 16:37	84992              c:\windows\system32\avifil32.dll
- 2004-08-04 05:00 . 2004-08-04 05:00	58880              c:\windows\system32\atl.dll
+ 2004-08-04 05:00 . 2009-07-17 18:55	58880              c:\windows\system32\atl.dll
+ 2009-06-24 17:56 . 2009-06-24 17:56	73728              c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-27 22:49 . 2008-05-27 22:49	77824              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-13 20:58 . 2007-04-13 20:58	77824              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49	86016              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-13 20:57 . 2007-04-13 20:57	86016              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-13 20:57 . 2007-04-13 20:57	81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49	81920              c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-13 21:30 . 2007-04-13 21:30	32768              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-27 23:30 . 2008-05-27 23:30	32768              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2009-01-13 13:52 . 2010-05-07 07:26	23040              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-13 13:52 . 2010-04-30 07:15	23040              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-01-13 13:52 . 2010-05-07 07:26	27136              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-13 13:52 . 2010-04-30 07:15	27136              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-13 13:52 . 2010-04-30 07:15	11264              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-13 13:52 . 2010-05-07 07:26	11264              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-01-13 13:52 . 2010-04-30 07:15	12288              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-13 13:52 . 2010-05-07 07:26	12288              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-05-10 08:53 . 2009-11-27 16:37	48128              c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-05-07 07:19 . 2010-05-07 07:19	90112              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_700b4ed8\System.Drawing.Design.dll
+ 2010-05-07 07:19 . 2010-05-07 07:19	61440              c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2b925f9b\CustomMarshalers.dll
+ 2010-05-07 07:28 . 2010-05-07 07:28	50688              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b9a622531616dcfbb005e0215d658848\UIAutomationProvider.ni.dll
+ 2010-05-07 07:25 . 2010-05-07 07:25	48640              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\ff3401f9aac1f01e1d15457d602811d3\PresentationFontCache.ni.exe
+ 2010-05-07 07:28 . 2010-05-07 07:28	40960              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\7f9d06eb470a85d80b676c9c8f0fd20d\PresentationCFFRasterizer.ni.dll
+ 2010-05-07 07:27 . 2010-05-07 07:27	17920              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\13076484e58b69aea0f7b017a1a9f726\Microsoft.VisualC.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	81920              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e299fd71b4c71854673c47f85b4cf180\Microsoft.Build.Framework.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	15360              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\662febc2f309e92a880682f527f4e426\dfsvc.ni.exe
+ 2010-05-07 07:27 . 2010-05-07 07:27	27136              c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1a67452bf4558b2574698b6008e7af74\Accessibility.ni.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	90112              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	90112              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2001-08-17 22:36 . 2009-11-27 16:37	8704              c:\windows\system32\tsbyuv.dll
- 2009-01-13 13:52 . 2010-04-30 07:15	4096              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-13 13:52 . 2010-05-07 07:26	4096              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-05-10 08:53 . 2009-11-27 16:37	8704              c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-03-13 20:02 . 2008-03-13 20:02	5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-03-13 20:02 . 2008-03-13 20:02	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-08-04 05:00 . 2009-04-09 23:01	413032              c:\windows\system32\wmspdmod.dll
+ 2004-08-04 05:00 . 2009-07-13 00:18	233472              c:\windows\system32\wmpdxm.dll
- 2004-08-04 05:00 . 2004-08-04 05:00	233472              c:\windows\system32\wmpdxm.dll
+ 2004-08-04 05:00 . 2009-12-24 07:05	177664              c:\windows\system32\wintrust.dll
+ 2004-08-04 05:00 . 2008-12-16 12:47	351232              c:\windows\system32\winhttp.dll
- 2004-08-04 05:00 . 2004-08-04 05:00	351232              c:\windows\system32\winhttp.dll
+ 2004-08-04 05:00 . 2008-10-03 10:15	247326              c:\windows\system32\strmdll.dll
+ 2004-08-04 05:00 . 2010-05-07 07:23	435672              c:\windows\system32\perfh009.dat
+ 2004-08-04 05:00 . 2009-08-05 09:11	204800              c:\windows\system32\mswebdvd.dll
- 2004-08-04 05:00 . 2007-12-18 14:40	450560              c:\windows\system32\jscript.dll
+ 2004-08-04 05:00 . 2009-08-21 09:46	450560              c:\windows\system32\jscript.dll
+ 2004-08-04 05:00 . 2008-10-23 13:01	283648              c:\windows\system32\gdi32.dll
- 2005-04-04 18:34 . 2009-12-17 08:05	439048              c:\windows\system32\FNTCACHE.DAT
+ 2005-04-04 18:34 . 2010-05-10 06:47	439048              c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 05:00 . 2009-04-09 23:01	413032              c:\windows\system32\dllcache\wmspdmod.dll
- 2004-08-04 05:00 . 2004-08-04 05:00	233472              c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-04 05:00 . 2009-07-13 00:18	233472              c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-04 05:00 . 2009-12-24 07:05	177664              c:\windows\system32\dllcache\wintrust.dll
- 2004-08-04 05:00 . 2004-08-04 05:00	351232              c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 05:00 . 2008-12-16 12:47	351232              c:\windows\system32\dllcache\winhttp.dll
- 2005-04-04 17:41 . 2004-08-04 05:00	153088              c:\windows\system32\dllcache\triedit.dll
+ 2005-04-04 17:41 . 2009-06-21 22:04	153088              c:\windows\system32\dllcache\triedit.dll
+ 2004-08-04 05:00 . 2008-10-03 10:15	247326              c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-04 05:00 . 2009-08-05 09:11	204800              c:\windows\system32\dllcache\mswebdvd.dll
+ 2006-05-05 09:41 . 2010-02-24 12:31	454016              c:\windows\system32\dllcache\mrxsmb.sys
+ 2004-08-04 05:00 . 2009-08-21 09:46	450560              c:\windows\system32\dllcache\jscript.dll
- 2004-08-04 05:00 . 2007-12-18 14:40	450560              c:\windows\system32\dllcache\jscript.dll
+ 2004-08-04 05:00 . 2008-10-23 13:01	283648              c:\windows\system32\dllcache\gdi32.dll
+ 2009-08-08 00:35 . 2009-08-08 00:35	819016              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-05-27 22:49 . 2008-05-27 22:49	102400              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-13 20:58 . 2007-04-13 20:58	102400              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-13 20:56 . 2007-04-13 20:56	315392              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48	315392              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-27 23:30 . 2008-05-27 23:30	258048              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-13 21:30 . 2007-04-13 21:30	258048              c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2009-01-13 13:52 . 2010-04-30 07:15	409600              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-13 13:52 . 2010-05-07 07:26	409600              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-13 13:52 . 2010-05-07 07:26	286720              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-01-13 13:52 . 2010-04-30 07:15	286720              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-01-13 13:52 . 2010-04-30 07:15	249856              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-01-13 13:52 . 2010-05-07 07:26	249856              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-01-13 13:52 . 2010-05-07 07:26	794624              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-01-13 13:52 . 2010-04-30 07:15	794624              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-01-13 13:52 . 2010-04-30 07:15	135168              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-13 13:52 . 2010-05-07 07:26	135168              c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2004-10-28 01:14 . 2010-02-24 12:31	454016              c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-03-13 20:02 . 2008-03-13 20:02	372736              c:\windows\assembly\temp\IT2BKS1AJS\System.Management.dll
+ 2008-03-13 20:02 . 2008-03-13 20:02	630784              c:\windows\assembly\temp\EPY7GPY7GO\System.Drawing.dll
+ 2010-05-07 07:19 . 2010-05-07 07:19	835584              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7c7080b6\System.Drawing.dll
+ 2010-05-07 07:20 . 2010-05-07 07:20	192512              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b4bc3980\System.Drawing.Design.dll
+ 2010-05-07 07:20 . 2010-05-07 07:20	118784              c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6764ca05\CustomMarshalers.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	380928              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ee523c18d34c6e11f6096e0bb878e67d\WsatConfig.ni.exe
+ 2010-05-07 08:03 . 2010-05-07 08:03	270336              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a26a28600433ad4907b55e42ceb32a40\WindowsFormsIntegration.ni.dll
+ 2010-05-07 07:28 . 2010-05-07 07:28	196608              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\9fca74ebdde012b503cec6ee0d73b596\UIAutomationTypes.ni.dll
+ 2010-05-07 08:03 . 2010-05-07 08:03	483328              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\6399149bd528ad5c007371ec893d82d7\UIAutomationClient.ni.dll
+ 2010-05-07 07:31 . 2010-05-07 07:31	237568              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6b8f2e778eba3931057217c2512b201c\System.Web.RegularExpressions.ni.dll
+ 2010-05-07 07:30 . 2010-05-07 07:30	684032              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4bdd3ce8337c4619dfb09de5ab3f9b62\System.Transactions.ni.dll
+ 2010-05-07 07:25 . 2010-05-07 07:25	233472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\47d862e0dc37c830cc3397decf6c0590\System.ServiceProcess.ni.dll
+ 2010-05-07 07:26 . 2010-05-07 07:26	733184              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\428a3be3d5be01f129e0effdc455d831\System.Security.ni.dll
+ 2010-05-07 07:26 . 2010-05-07 07:26	339968              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ef827bc54e7620e870821803e8507c8b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-05-07 07:30 . 2010-05-07 07:30	815104              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01a89fef6b3ccb3f9df478fdc37f590b\System.Runtime.Remoting.ni.dll
+ 2010-05-07 08:01 . 2010-05-07 08:01	655360              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\d38cc7087b8514d15dd8372ba76a2033\System.Messaging.ni.dll
+ 2010-05-07 07:59 . 2010-05-07 07:59	417792              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e81f4580e0c23765c6dde900f392f446\System.IO.Log.ni.dll
+ 2010-05-07 07:59 . 2010-05-07 07:59	241664              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ed8e39453591d30135a5674ca7dbbe95\System.IdentityModel.Selectors.ni.dll
+ 2010-05-07 07:30 . 2010-05-07 07:30	294912              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff85d9d54701c8cde7b513ff808fd5e3\System.EnterpriseServices.Wrapper.dll
+ 2010-05-07 07:30 . 2010-05-07 07:30	659456              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff85d9d54701c8cde7b513ff808fd5e3\System.EnterpriseServices.ni.dll
+ 2010-05-07 07:31 . 2010-05-07 07:31	229376              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\4593151ab44d4f61e4cafaf9e77a8d25\System.Drawing.Design.ni.dll
+ 2010-05-07 07:31 . 2010-05-07 07:31	512000              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\135aa2f31c01565700d44313b925a205\System.DirectoryServices.Protocols.ni.dll
+ 2010-05-07 07:26 . 2010-05-07 07:26	163840              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\1105b46975896c9bc6e66d5f9079e716\System.Configuration.Install.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	262144              c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\32efc2695961d84de94a1b1dfd4231ac\sysglobl.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	323584              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d7b7eeaae96dea8991ba2723c93a2392\SMSvcHost.ni.exe
+ 2010-05-07 08:00 . 2010-05-07 08:00	299008              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\47e0aab602bcd6e6e333ac24d7b8f6aa\SMDiagnostics.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	139264              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\8af5d1dac7b4e52f2cf21c6f5c0647c2\ServiceModelReg.ni.exe
+ 2010-05-07 07:31 . 2010-05-07 07:31	393216              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e132e2525f13601d13efbd22549afbca\PresentationFramework.Aero.ni.dll
+ 2010-05-07 07:31 . 2010-05-07 07:31	274432              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c49dd0ac011661f5cd81df49fa2390b9\PresentationFramework.Royale.ni.dll
+ 2010-05-07 07:31 . 2010-05-07 07:31	245760              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c340248174b3999d838745253310e932\PresentationFramework.Classic.ni.dll
+ 2010-05-07 07:31 . 2010-05-07 07:31	552960              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b1f6daefb01fd048efef31dfd3233dff\PresentationFramework.Luna.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	401408              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a27ef93b10fe08816dc25709fb33af7\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	167936              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ab1dd1079764acac4cbe55d6555f4ff7\Microsoft.Build.Utilities.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	876544              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9e2334dbe9e76dd6fc2bde86c9b515b9\Microsoft.Build.Engine.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	237568              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\58ec7ce15fd463d65d3e45db4e0613cf\CustomMarshalers.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	503808              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\c7a907c8b8d42cf645282c32bea13b6d\ComSvcConfig.ni.exe
+ 2010-05-07 07:59 . 2010-05-07 07:59	884736              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\2a66ea6b955eabdb437c6cfcac78c45e\AspNetMMCExt.ni.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	884736              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	884736              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	299008              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	299008              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	630784              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	630784              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	933888              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	933888              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	741376              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	741376              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	671744              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	671744              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	261120              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	261120              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	483840              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	483840              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2004-08-04 05:00 . 2009-05-20 10:24	2373504              c:\windows\system32\WMVCore.dll
+ 2004-08-04 05:00 . 2010-02-16 05:27	4734976              c:\windows\system32\wmp.dll
- 2004-08-04 05:00 . 2007-04-30 02:22	4734976              c:\windows\system32\wmp.dll
+ 2004-08-04 05:00 . 2009-08-14 12:19	1850112              c:\windows\system32\win32k.sys
+ 2005-04-04 17:40 . 2009-06-09 15:06	1871872              c:\windows\system32\mstscax.dll
+ 2004-08-04 05:00 . 2009-05-20 10:24	2373504              c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 05:00 . 2010-02-16 05:27	4734976              c:\windows\system32\dllcache\wmp.dll
- 2004-08-04 05:00 . 2007-04-30 02:22	4734976              c:\windows\system32\dllcache\wmp.dll
+ 2004-08-04 05:00 . 2009-08-14 12:19	1850112              c:\windows\system32\dllcache\win32k.sys
+ 2005-04-04 17:40 . 2009-06-09 15:06	1871872              c:\windows\system32\dllcache\mstscax.dll
+ 2005-04-04 17:42 . 2009-10-23 14:27	3555328              c:\windows\system32\dllcache\moviemk.exe
- 2005-04-04 17:42 . 2004-08-04 05:00	3555328              c:\windows\system32\dllcache\moviemk.exe
+ 2009-08-08 00:35 . 2009-08-08 00:35	5849920              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 00:35 . 2009-08-08 00:35	4345856              c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-05-27 23:35 . 2008-05-27 23:35	1265664              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-13 21:35 . 2007-04-13 21:35	1265664              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-13 21:35 . 2007-04-13 21:35	1232896              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-27 23:35 . 2008-05-27 23:35	1232896              c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48	2514944              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-13 20:57 . 2007-04-13 20:57	2514944              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-13 20:57 . 2007-04-13 20:57	2523136              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-27 22:48 . 2008-05-27 22:48	2523136              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-13 20:50 . 2007-04-13 20:50	2142208              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-27 22:43 . 2008-05-27 22:43	2142208              c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-06-18 16:31 . 2009-06-18 16:31	7672832              c:\windows\Installer\8a48d.msp
+ 2009-06-18 16:30 . 2009-06-18 16:30	6818816              c:\windows\Installer\8a479.msp
+ 2010-02-16 14:24 . 2010-02-16 14:24	5050368              c:\windows\Installer\1bf6d5.msp
+ 2010-01-27 18:07 . 2010-01-27 18:07	7681024              c:\windows\Installer\1bf6c1.msp
+ 2009-08-09 21:32 . 2009-08-09 21:32	5288960              c:\windows\Installer\1bf6ae.msp
+ 2010-05-05 07:06 . 2010-05-05 07:06	2644480              c:\windows\Installer\100260.msi
+ 2007-04-19 13:49 . 2007-04-19 13:49	1661280              c:\windows\Installer\$PatchCache$\Managed\9040210900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2008-03-13 20:02 . 2008-03-13 20:02	5013504              c:\windows\assembly\temp\3FOX5ENW4D\System.Windows.Forms.dll
+ 2010-05-07 07:19 . 2010-05-07 07:19	4792320              c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_c678583a\System.dll
+ 2010-05-07 07:19 . 2010-05-07 07:19	1966080              c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_729f3f88\System.dll
+ 2010-05-07 07:20 . 2010-05-07 07:20	5513216              c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2e88ae24\System.Xml.dll
+ 2010-05-07 07:19 . 2010-05-07 07:19	2088960              c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_1da4e289\System.Xml.dll
+ 2010-05-07 07:20 . 2010-05-07 07:20	7884800              c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b6b5fd87\System.Windows.Forms.dll
+ 2010-05-07 07:19 . 2010-05-07 07:19	3018752              c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a7421f06\System.Windows.Forms.dll
+ 2010-05-07 07:20 . 2010-05-07 07:20	2244608              c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_2ec6d788\System.Drawing.dll
+ 2010-05-07 07:20 . 2010-05-07 07:20	3395584              c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_aadb0eed\System.Design.dll
+ 2010-05-07 07:19 . 2010-05-07 07:19	1470464              c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7ad9e43a\System.Design.dll
+ 2010-05-07 07:19 . 2010-05-07 07:19	3391488              c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6d04c93d\mscorlib.dll
+ 2010-05-07 07:20 . 2010-05-07 07:20	8908800              c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_46745bcf\mscorlib.dll
+ 2010-05-07 07:27 . 2010-05-07 07:27	3403776              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\dfd60c318a7316f9a7b7b3d997ee4ebd\WindowsBase.ni.dll
+ 2010-05-07 08:03 . 2010-05-07 08:03	1118208              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\8c2536730a74819833e8d1eb69a9a646\UIAutomationClientsideProviders.ni.dll
+ 2010-05-07 07:25 . 2010-05-07 07:25	8310784              c:\windows\assembly\NativeImages_v2.0.50727_32\System\ccfeb59f4a9b75909eb2d1121232a769\System.ni.dll
+ 2010-05-07 07:25 . 2010-05-07 07:25	5771264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\717cce3690d643df19d6a4117283048e\System.Xml.ni.dll
+ 2010-05-07 08:01 . 2010-05-07 08:01	2105344              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\423638994e98efd90ec1dfde0649cc91\System.Workflow.Runtime.ni.dll
+ 2010-05-07 08:01 . 2010-05-07 08:01	4583424              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\227149a442681e36715bb88e3589e039\System.Workflow.ComponentModel.ni.dll
+ 2010-05-07 08:01 . 2010-05-07 08:01	3088384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\379eb1ae2d1ad4f4e6da6c5865322c55\System.Workflow.Activities.ni.dll
+ 2010-05-07 07:31 . 2010-05-07 07:31	1986560              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\aa319d767042e97c692041f76f123f2f\System.Web.Services.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	2342912              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\b7092e8403b56e3913488855e45a35ff\System.Web.Mobile.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	2039808              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\736d8a2291d7173935e6e0945e5c17cd\System.Speech.ni.dll
+ 2010-05-07 07:59 . 2010-05-07 07:59	2445312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\44fce5ee5d99270d4b6edc34256d6b21\System.Runtime.Serialization.ni.dll
+ 2010-05-07 07:29 . 2010-05-07 07:29	1134592              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\b2f88468f0bef357e846afa982a2499a\System.Printing.ni.dll
+ 2010-05-07 07:59 . 2010-05-07 07:59	1122304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\7781d1b2914db9b9792ba20230f52bf5\System.IdentityModel.ni.dll
+ 2010-05-07 07:26 . 2010-05-07 07:26	1667072              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e58e83951091f2616344c5d2a6787660\System.Drawing.ni.dll
+ 2010-05-07 07:29 . 2010-05-07 07:29	1224704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\e96695c65a4104ee4687f3e5f0581d34\System.DirectoryServices.ni.dll
+ 2010-05-07 07:27 . 2010-05-07 07:27	1798144              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f0a1895c7d475f156ed4cdd9f0bd2797\System.Deployment.ni.dll
+ 2010-05-07 07:30 . 2010-05-07 07:30	7102464              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\b39a611d2b2fc659d5472dd76b24d3b2\System.Data.ni.dll
+ 2010-05-07 07:26 . 2010-05-07 07:26	2756608              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\a40074cafd6ba635e32950af0e099c7d\System.Data.SqlXml.ni.dll
+ 2010-05-07 07:31 . 2010-05-07 07:31	1183744              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\42eb25a3f57fc22e9d2cc12b372bbfb3\System.Data.OracleClient.ni.dll
+ 2010-05-07 07:25 . 2010-05-07 07:25	1011712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e2de26078a8c3d29dbfcf408e23aa2b1\System.Configuration.ni.dll
+ 2010-05-07 07:29 . 2010-05-07 07:29	2416640              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\50372bb0a6034564ae23694c9f7f072c\ReachFramework.ni.dll
+ 2010-05-07 07:29 . 2010-05-07 07:29	2035712              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\c052ed4c2cafacbde96dd4984611269f\PresentationUI.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	1581056              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\5b363159779eca8315a5d4bcf07823f2\PresentationBuildTasks.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	1740800              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ed0cdc51d89bb41a9ab760ca3cf52bf9\Microsoft.VisualBasic.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	1232896              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\a1bbeca12b0ba2e80de08ebe6b13a862\Microsoft.Transactions.Bridge.ni.dll
+ 2010-05-07 08:00 . 2010-05-07 08:00	1695744              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\b846f5c1b90e4222e79a420d92062f79\Microsoft.Build.Tasks.ni.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	3076096              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	3076096              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	2068480              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	2068480              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	5013504              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	5013504              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	5070848              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	5070848              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	5431296              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	5431296              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	3036160              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-03-13 20:02 . 2008-03-13 20:02	3036160              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-05-07 07:23 . 2010-05-07 07:23	4345856              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-09-05 19:50 . 2007-09-05 19:50	1232896              c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-05-07 07:19 . 2010-05-07 07:19	1232896              c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-09-05 19:50 . 2007-09-05 19:50	1265664              c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-05-07 07:19 . 2010-05-07 07:19	1265664              c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-08-10 19:08 . 2009-08-10 19:08	11315712              c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-10 12:09 . 2009-08-10 12:09	17254912              c:\windows\Installer\1bf6a6.msp
+ 2010-05-07 07:27 . 2010-05-07 07:27	13193216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9d25b8eabd8203e4d0490363140c4526\System.Windows.Forms.ni.dll
+ 2010-05-07 07:30 . 2010-05-07 07:31	12517376              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\16a34a274ee877b4cf03d1a1bb57eb82\System.Web.ni.dll
+ 2010-05-07 07:59 . 2010-05-07 07:59	18153472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\299c38b70a596904e4274c9450221e6a\System.ServiceModel.ni.dll
+ 2010-05-07 07:31 . 2010-05-07 07:31	10936320              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\2aab58cae4d998cf867f483302e94c27\System.Design.ni.dll
+ 2010-05-07 07:29 . 2010-05-07 07:29	15044608              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\620c65049de60114ae182c70ebbb3305\PresentationFramework.ni.dll
+ 2010-05-07 07:28 . 2010-05-07 07:28	12595200              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\dbfa432eec6dd6c069fc11ce09a967e6\PresentationCore.ni.dll
+ 2010-05-07 07:24 . 2010-05-07 07:24	11436032              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\fee8c8ba9b84a7832274adcbfc9d5ca4\mscorlib.ni.dll
.
-- Snapshot reset to current date --

Re: combofix log, wmplayer.exe

Napsal: 10 kvě 2010 10:57
od *teo*

Kód: Vybrat vše

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"="c:\program files\AT&T Network Client\NetSP.exe" [2007-01-13 24576]
"SIDEBAR"="c:\program files\Desktop Sidebar\dsidebar.exe" [2006-07-09 1777664]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pmonmh"="c:\program files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.19" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"stgclean"="c:\sdwork\w32maing.exe" [2010-05-07 268288]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 125168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2007-11-02 28672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-15 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-15 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-29 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-29 208896]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"TpShocks"="TpShocks.exe" [2008-06-06 181536]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"ipmcmu"="c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe" [2009-01-08 204800]
"MyHelpService"="c:\program files\IBM\My Help\workspace\service\delayStart.exe" [2009-03-13 94208]
"C4EBReg"="c:\program files\c4ebreg\c4ebreg.exe" [2010-02-25 482584]
"Isamtray"="c:\program files\c4ebreg\isamtray.exe" [2010-02-25 285976]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2010-02-11 241392]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"UltraNav Keyboard"="c:\program files\Lenovo\UltraNav Keyboard\SkdUNav.exe" [2006-08-22 258048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-20 202256]
"SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080529-0018\preload.exe" [2008-07-10 40960]
"Boots"="c:\sdwork\w32boots.exe" [2010-04-07 91136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Infoprint Select Notification.lnk - c:\program files\IBM\Infoprint Select\ipnotify.exe [2005-4-5 143360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-7 813584]
Network Print Information Frontend.lnk - c:\program files\IBM\Network Print Information Frontend\npif.exe [2008-11-5 110592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28	72208	----a-w-	c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2007-11-02 10:45	49152	----a-w-	c:\windows\system32\pcsinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37	34344	----a-w-	c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 16:02	34080	----a-w-	c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"IBMconfig"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14/05/2008 18:21 19496]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18/11/2009 14:14 222968]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [02/11/2007 06:09 70656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/09/2009 16:44 102448]
R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [07/10/2009 15:44 6400]
S2 artstartsvc;IBM Mobility Client Start Utility;c:\program files\IBM\Mobility Client\artstartsvc.exe [29/12/2009 10:54 11264]
S3 csrcmds;csrcmds;c:\program files\IBM\Personal Communications\csrcmds.exe [02/11/2007 06:09 49152]
S3 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [02/11/2007 06:09 36864]
S3 wcndis;Mobility Client Virtual Miniport;c:\windows\system32\drivers\wcndis.sys [29/12/2009 10:55 8704]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 17:06 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/02/2010 14:06 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-05-07 c:\windows\Tasks\At1.job
- c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe [2008-11-05 08:07]

2010-05-10 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-11-05 08:43]

2010-05-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3995469548-559484266-3537901583-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-05-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3995469548-559484266-3537901583-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
uInternet Settings,ProxyOverride = ;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} - hxxp://
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab
DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} - hxxp://w3.ibm.com/tools/print/plugin/gpwsx.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y16y8pr8.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y16y8pr8.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y16y8pr8.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y16y8pr8.default\extensions\bpaddtonab@firefox-extensions.ibm.com\plugins\npaddtonab.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\y16y8pr8.default\extensions\ibmtool@ibm.org\plugins\npietab.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcpsweb.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 11:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  ipmcmu = c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\program files\IBM\IPM Client Migration Utility"?run key ipmcmu was set successfully?run key ipmcmu was not set successfully?Error, Windows run key not found?The service "Task Scheduler" is not ru 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xA8E60000]<< >>UNKNOWN [0xF76B7000]<< >>UNKNOWN [0xF76A7000]<< >>UNKNOWN [0xF75A8000]<< >>UNKNOWN [0x806ED000]<< >>UNKNOWN [0xF7B21000]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0xf76bbfc3
\Driver\ACPI -> 0xf75aecb8
\Driver\atapi -> 0xf746a814
\Driver\iaStor -> 0xf7b2ac1a
IoDeviceObjectType -> DeleteProcedure -> 0x805a00ad
 ParseProcedure -> 0x8056d57b
\Device\Harddisk0\DR0 -> DeleteProcedure -> 0x805a00ad
 ParseProcedure -> 0x8056d57b
NDIS: 11a/b/g Wireless LAN Mini PCI Express Adapter -> SendCompleteHandler -> 0xba62ebd4
 PacketIndicateHandler -> 0xba61ca0d
 SendHandler -> 0xba630b40
user & kernel MBR OK 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1112)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\windows\system32\pcsinst.dll
.
Completion time: 2010-05-10  11:45:15
ComboFix-quarantined-files.txt  2010-05-10 09:44
ComboFix2.txt  2010-04-30 08:12

Pre-Run: 5,620,146,176 bytes free
Post-Run: 5,844,836,352 bytes free

- - End Of File - - 73B750CC432480734436FAA4744B1063

Re: combofix log, wmplayer.exe

Napsal: 10 kvě 2010 11:59
od motji
Hezké odpoledne :)
Prosím odstrante log z code, špatně se to čte. Děkuji :) .

:arrow: odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

:arrow: Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer


:arrow: Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

:arrow: stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu


:arrow: start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t
ok

:arrow: vytvoří se log s názvem mbr.log, vložte ho zde [/quote]

Re: combofix log, wmplayer.exe

Napsal: 12 kvě 2010 12:24
od motji
Jak to tu vypadá? :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz