ComboFix 08-06-16.5 - ennitti 06/18/2008 3:10:36.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.47.1044.18.1048 [GMT 2:00] Running from: C:\Users\ennitti\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\Temp\vtmp2 C:\Users\ennitti\AppData\Roaming\Microsoft\dtsc C:\Users\ennitti\AppData\Roaming\Microsoft\dtsc\s C:\Windows\ctfmon32.exe C:\Windows\ctrlpan.dll C:\Windows\directx32.exe C:\Windows\dnsrelay.dll C:\Windows\editpad.exe C:\Windows\explorer32.exe C:\Windows\funniest.exe C:\Windows\funny.exe C:\Windows\gfmnaaa.dll C:\Windows\helpcvs.exe C:\Windows\index.html C:\Windows\inetinf.exe C:\Windows\mainms.vpi C:\Windows\megavid.cdt C:\Windows\msconfd.dll C:\Windows\msspi.dll C:\Windows\mswsc10.dll C:\Windows\mswsc20.dll C:\Windows\muotr.so C:\Windows\qttasks.exe C:\Windows\quicken.exe C:\Windows\rundll16.exe C:\Windows\rundll32.vbe C:\Windows\searchword.dll C:\Windows\sistem.exe C:\Windows\svcinit.exe C:\Windows\system32\hljwugsf.bin C:\Windows\system32\MSINET.oca ----- BITS: Possible infected sites ----- hxxp://theinstalls.com . ((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-18 00:49 --------- d-----w C:\Users\ennitti\AppData\Roaming\uTorrent 2008-06-18 00:05 --------- d---a-w C:\ProgramData\TEMP 2008-06-18 00:05 --------- d-----w C:\Program Files\Poker Tracker V2 2008-06-17 22:46 --------- d-----w C:\Program Files\SunPoker.com 2008-06-16 12:59 54,503 ----a-w C:\Users\ennitti\AppData\Roaming\nvModes.dat 2008-06-16 12:57 --------- d-----w C:\Program Files\Norman 2008-06-16 09:32 --------- d-----w C:\Program Files\InterPoker 2008-06-16 01:10 1,104 ----a-w C:\Users\ennitti\AppData\Roaming\wklnhst.dat 2008-06-16 00:24 --------- d-----w C:\Program Files\Full Tilt Poker 2008-06-15 22:38 --------- d-----w C:\Users\ennitti\AppData\Roaming\Skype 2008-06-15 22:09 --------- d-----w C:\Users\ennitti\AppData\Roaming\skypePM 2008-06-15 14:36 --------- d-----w C:\Program Files\Betsafe Poker 2008-06-15 11:24 1,438,178 ----a-w C:\SDFix.exe 2008-06-12 14:40 --------- d-----w C:\Program Files\DivX 2008-06-10 11:42 --------- d-----w C:\ProgramData\Lavasoft 2008-06-10 04:09 --------- d-----w C:\Program Files\Windows Mail 2008-06-09 22:17 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys 2008-06-09 22:17 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-06-09 22:17 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-06-09 22:17 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-06-09 22:16 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-06-09 22:16 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-06-09 22:16 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-06-09 22:16 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-06-09 22:16 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-06-09 22:16 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-06-09 22:16 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-06-09 22:15 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-06-09 22:15 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-06-09 22:15 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-06-09 22:15 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-06-09 22:15 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-06-09 22:13 1,585,664 ----a-w C:\Windows\System32\setupapi.dll 2008-06-09 22:11 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-06-09 22:10 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-06-09 22:09 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-06-09 22:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-09 22:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-06-09 22:09 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-06-09 22:09 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-06-09 22:09 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-06-09 22:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-06-09 22:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-09 22:09 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-06-09 22:06 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-06-09 22:06 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-06-09 22:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-06-09 22:06 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-06-09 22:05 99,840 ----a-w C:\Windows\System32\poqexec.exe 2008-06-09 22:02 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-06-09 15:38 --------- d-----w C:\Users\ennitti\AppData\Roaming\Malwarebytes 2008-06-09 15:38 --------- d-----w C:\ProgramData\Malwarebytes 2008-06-09 15:38 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-06-09 11:03 5,092 ----a-w C:\Windows\System32\tmp.reg 2008-06-09 11:01 --------- d-----w C:\Program Files\Sun 2008-06-09 11:01 --------- d-----w C:\Program Files\Java 2008-06-09 10:42 --------- d-----w C:\Program Files\Trend Micro 2008-06-09 09:59 286,090 ----a-w C:\Pass2.cmd 2008-06-09 09:40 --------- d-----w C:\Program Files\Quick StartUp 2008-06-09 09:24 --------- d-----w C:\Program Files\TweakNow RegCleaner Std 2008-06-09 09:05 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-06-09 08:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-09 01:04 12,632 ----a-w C:\Windows\System32\lsdelete.exe 2008-06-05 14:04 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys 2008-06-05 14:04 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-06-03 09:56 --------- d-----w C:\Users\ennitti\AppData\Roaming\mIRC 2008-06-03 09:55 --------- d-----w C:\Program Files\mIRC 2008-06-01 20:05 --------- d-----w C:\Program Files\PokerStars 2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-05-29 07:35 86,528 ----a-w C:\Windows\System32\VACFix.exe 2008-05-26 19:38 --------- d-----w C:\Program Files\PokerStove 2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2008-05-18 19:40 82,944 ----a-w C:\Windows\System32\IEDFix.exe 2008-05-18 19:40 82,944 ----a-w C:\Windows\System32\404Fix.exe 2008-05-15 12:35 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-14 20:12 --------- d-----w C:\ProgramData\Roxio 2008-05-13 21:23 --------- d-----w C:\ProgramData\TrackMania 2008-05-13 15:34 --------- d-----w C:\Program Files\TmNationsForever 2008-05-10 23:18 --------- d-----w C:\Program Files\Recover Files 2008-04-27 10:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-18 01:48 --------- d-----w C:\Program Files\Google 2008-01-11 00:21 32 ----a-w C:\Users\All Users\ezsid.dat 2008-01-11 00:21 32 ----a-w C:\ProgramData\ezsid.dat . ((((((((((((((((((((((((((((( snapshot@Fri 04-18-2008_ 3.51.46.02 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-13 15:35:14 53,248 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2008-05-13 15:35:14 12,800 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll + 2008-05-13 15:35:15 473,600 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2008-05-13 15:35:02 2,676,224 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-13 15:35:07 2,846,720 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-13 15:35:08 563,712 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-13 15:35:09 567,296 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-13 15:35:09 576,000 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-13 15:35:10 577,024 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-13 15:35:11 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-13 15:35:12 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-13 15:35:13 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-13 15:35:15 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-13 15:35:16 145,920 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2008-05-13 15:35:16 159,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll + 2008-05-13 15:35:17 364,544 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2008-05-13 15:35:18 178,176 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2008-05-13 15:35:14 223,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll - 2008-01-06 19:22:57 864,256 ----a-w C:\Windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll + 2008-06-09 22:02:29 864,256 ----a-w C:\Windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll - 2008-01-06 19:22:51 135,168 ----a-w C:\Windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe + 2008-06-09 22:02:18 135,168 ----a-w C:\Windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe - 2008-01-06 19:22:57 77,824 ----a-w C:\Windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll + 2008-06-09 22:02:29 77,824 ----a-w C:\Windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll - 2008-01-06 19:22:50 4,370,432 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll + 2008-06-09 22:02:16 4,370,432 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll - 2008-01-06 19:22:51 1,196,032 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll + 2008-06-09 22:02:17 1,196,032 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll - 2008-01-06 19:22:50 2,342,912 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll + 2008-06-09 22:02:17 2,342,912 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll - 2008-01-06 19:22:51 217,088 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll + 2008-06-09 22:02:18 217,088 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll - 2008-04-18 01:48:58 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-16 12:57:57 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-04-18 01:47:27 2,484 ----a-w C:\Windows\bthservsdp.dat + 2008-06-16 12:53:58 2,484 ----a-w C:\Windows\bthservsdp.dat - 2008-01-06 19:22:53 21,504 ----a-w C:\Windows\ehome\ehdebug.dll + 2008-06-09 22:02:25 21,504 ----a-w C:\Windows\ehome\ehdebug.dll - 2008-01-06 19:22:57 864,256 ----a-w C:\Windows\ehome\ehepg.dll + 2008-06-09 22:02:29 864,256 ----a-w C:\Windows\ehome\ehepg.dll - 2008-01-06 19:22:51 135,168 ----a-w C:\Windows\ehome\ehexthost.exe + 2008-06-09 22:02:18 135,168 ----a-w C:\Windows\ehome\ehexthost.exe - 2008-01-06 19:22:57 77,824 ----a-w C:\Windows\ehome\ehiExtens.dll + 2008-06-09 22:02:29 77,824 ----a-w C:\Windows\ehome\ehiExtens.dll - 2008-01-06 19:22:51 103,936 ----a-w C:\Windows\ehome\ehPresenter.dll + 2008-06-09 22:02:17 103,936 ----a-w C:\Windows\ehome\ehPresenter.dll - 2008-01-06 19:22:57 252,416 ----a-w C:\Windows\ehome\ehReplay.dll + 2008-06-09 22:02:28 252,416 ----a-w C:\Windows\ehome\ehReplay.dll - 2008-01-06 19:22:53 10,094,080 ----a-w C:\Windows\ehome\ehres.dll + 2008-06-09 22:02:24 10,094,080 ----a-w C:\Windows\ehome\ehres.dll - 2008-01-06 19:22:50 4,370,432 ----a-w C:\Windows\ehome\ehshell.dll + 2008-06-09 22:02:16 4,370,432 ----a-w C:\Windows\ehome\ehshell.dll - 2008-01-06 19:22:51 18,944 ----a-w C:\Windows\ehome\ehtrace.dll + 2008-06-09 22:02:19 18,944 ----a-w C:\Windows\ehome\ehtrace.dll - 2008-01-06 19:22:51 517,120 ----a-w C:\Windows\ehome\ehui.dll + 2008-06-09 22:02:18 517,120 ----a-w C:\Windows\ehome\ehui.dll - 2008-01-06 19:22:49 1,497,600 ----a-w C:\Windows\ehome\ehuihlp.dll + 2008-06-09 22:02:14 1,497,600 ----a-w C:\Windows\ehome\ehuihlp.dll - 2008-01-06 19:22:56 6,656 ----a-w C:\Windows\ehome\McrMgr.dll + 2008-06-09 22:02:28 6,656 ----a-w C:\Windows\ehome\McrMgr.dll - 2008-01-06 19:22:56 173,056 ----a-w C:\Windows\ehome\McrMgr.exe + 2008-06-09 22:02:27 173,056 ----a-w C:\Windows\ehome\McrMgr.exe - 2008-01-06 19:22:51 217,088 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.dll + 2008-06-09 22:02:18 217,088 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.dll - 2008-01-06 19:22:51 1,196,032 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.Shell.dll + 2008-06-09 22:02:17 1,196,032 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.Shell.dll - 2008-01-06 19:22:50 2,342,912 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll + 2008-06-09 22:02:17 2,342,912 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll - 2008-01-09 21:48:27 665,600 ----a-w C:\Windows\inf\drvindex.dat + 2008-06-10 04:09:33 665,600 ----a-w C:\Windows\inf\drvindex.dat - 2008-01-24 21:23:37 51,200 ----a-w C:\Windows\inf\infpub.dat + 2008-06-10 04:09:38 51,200 ----a-w C:\Windows\inf\infpub.dat - 2008-01-24 21:23:36 86,016 ----a-w C:\Windows\inf\infstor.dat + 2008-06-10 04:09:38 86,016 ----a-w C:\Windows\inf\infstor.dat - 2008-01-24 21:23:36 86,016 ----a-w C:\Windows\inf\infstrng.dat + 2008-06-10 04:09:38 86,016 ----a-w C:\Windows\inf\infstrng.dat + 2008-05-15 12:36:23 295,606 ----a-r C:\Windows\Installer\{AC76BA86-7AD7-1044-7B44-A81200000003}\SC_Reader.exe + 2005-03-18 14:23:10 53,248 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll + 2005-03-18 14:23:10 12,800 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll + 2005-03-18 14:23:14 473,600 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll + 2004-09-29 10:38:58 2,676,224 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll + 2005-03-18 14:23:10 145,920 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll + 2005-03-18 14:23:10 159,232 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll + 2005-03-18 14:23:14 364,544 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll + 2005-03-18 14:23:12 178,176 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll + 2005-03-18 14:23:14 223,232 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll + 2004-12-01 13:53:06 2,846,720 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll + 2005-02-05 17:32:54 563,712 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll + 2005-03-18 15:23:14 567,296 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll + 2005-05-26 13:15:56 576,000 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll + 2005-07-22 15:21:34 577,024 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll + 2005-09-28 12:11:52 577,536 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll + 2005-12-05 15:20:50 577,536 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll + 2006-02-03 05:40:48 578,560 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll + 2006-03-31 09:27:50 578,560 ----a-w C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll + 2008-06-16 12:57:58 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-06-16 12:57:58 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-03-31 14:42:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-04-23 23:21:30 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-03-31 14:42:02 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-04-23 23:21:30 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-18 01:07:15 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-06-09 22:05:17 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-03-31 14:42:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-04-23 23:21:30 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-04-18 01:49:25 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-16 13:00:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-04-18 01:40:59 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-06-09 22:05:46 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-04-18 01:49:25 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-17 18:09:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-17 18:09:28 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2006-11-02 09:46:02 17,408 ----a-w C:\Windows\servicing\CbsMsg.dll + 2008-06-09 22:12:53 18,432 ----a-w C:\Windows\servicing\CbsMsg.dll - 2006-11-02 09:45:49 26,112 ----a-w C:\Windows\servicing\TrustedInstaller.exe + 2008-06-09 22:12:51 27,136 ----a-w C:\Windows\servicing\TrustedInstaller.exe - 2008-04-17 17:13:40 393,792 ----a-w C:\Windows\SoftwareDistribution\Download\Install\mpas-d.exe - 2008-01-06 19:19:37 124,928 ----a-w C:\Windows\System32\advpack.dll + 2008-06-09 22:06:45 124,928 ----a-w C:\Windows\System32\advpack.dll - 2006-11-02 09:46:02 11,776 ----a-w C:\Windows\System32\batt.dll + 2008-06-09 22:12:50 12,800 ----a-w C:\Windows\System32\batt.dll - 2006-11-02 09:46:02 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll + 2008-06-09 22:12:56 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll - 2006-11-02 09:51:44 615,528 ----a-w C:\Windows\System32\ci.dll + 2008-06-09 22:12:57 620,088 ----a-w C:\Windows\System32\ci.dll - 2006-11-02 09:51:25 221,800 ----a-w C:\Windows\System32\clfs.sys + 2008-06-09 22:12:56 224,824 ----a-w C:\Windows\System32\clfs.sys + 2008-06-08 23:24:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat + 2008-06-08 22:54:46 16,384 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT - 2008-04-17 16:00:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-06-11 00:41:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-06-08 23:24:10 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008060920080610\index.dat + 2008-06-08 22:54:45 78,924 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat - 2008-04-17 16:00:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-11 00:41:27 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-17 16:00:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-11 00:41:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-04-18 01:41:47 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-06-18 01:10:20 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-06-18 01:10:20 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 + 2005-02-05 17:45:26 2,222,800 ----a-w C:\Windows\System32\d3dx9_24.dll + 2005-03-18 15:19:58 2,337,488 ----a-w C:\Windows\System32\d3dx9_25.dll + 2005-05-26 13:34:52 2,297,552 ----a-w C:\Windows\System32\d3dx9_26.dll + 2005-07-22 17:59:04 2,319,568 ----a-w C:\Windows\System32\d3dx9_27.dll + 2005-12-05 16:09:18 2,323,664 ----a-w C:\Windows\System32\d3dx9_28.dll + 2006-02-03 06:43:16 2,332,368 ----a-w C:\Windows\System32\d3dx9_29.dll + 2006-03-31 10:40:58 2,388,176 ----a-w C:\Windows\System32\d3dx9_30.dll - 2006-11-02 09:46:03 35,328 ----a-w C:\Windows\System32\dispci.dll + 2008-06-09 22:12:50 35,328 ----a-w C:\Windows\System32\dispci.dll - 2006-11-02 09:46:04 162,816 ----a-w C:\Windows\System32\dnsapi.dll + 2008-06-09 22:09:19 162,816 ----a-w C:\Windows\System32\dnsapi.dll - 2006-11-02 09:46:04 256,512 ----a-w C:\Windows\System32\dpx.dll + 2008-06-09 22:12:55 260,096 ----a-w C:\Windows\System32\dpx.dll - 2006-11-02 08:51:13 54,784 ----a-w C:\Windows\System32\drivers\i8042prt.sys + 2008-06-09 22:12:50 54,784 ----a-w C:\Windows\System32\drivers\i8042prt.sys - 2006-11-02 09:49:57 32,872 ----a-w C:\Windows\System32\drivers\kbdclass.sys + 2008-06-09 22:12:50 35,384 ----a-w C:\Windows\System32\drivers\kbdclass.sys - 2006-11-02 08:51:12 15,872 ----a-w C:\Windows\System32\drivers\kbdhid.sys + 2008-06-09 22:12:50 15,872 ----a-w C:\Windows\System32\drivers\kbdhid.sys - 2006-11-02 09:49:54 31,848 ----a-w C:\Windows\System32\drivers\mouclass.sys + 2008-06-09 22:12:50 34,360 ----a-w C:\Windows\System32\drivers\mouclass.sys - 2006-11-02 08:51:12 15,872 ----a-w C:\Windows\System32\drivers\mouhid.sys + 2008-06-09 22:12:50 15,872 ----a-w C:\Windows\System32\drivers\mouhid.sys - 2006-11-02 08:51:11 19,968 ----a-w C:\Windows\System32\drivers\sermouse.sys + 2008-06-09 22:12:50 19,968 ----a-w C:\Windows\System32\drivers\sermouse.sys - 2006-11-02 09:51:41 492,648 ----a-w C:\Windows\System32\drivers\Wdf01000.sys + 2008-06-09 22:12:51 495,160 ----a-w C:\Windows\System32\drivers\Wdf01000.sys - 2006-11-02 09:49:59 32,872 ----a-w C:\Windows\System32\drivers\WdfLdr.sys + 2008-06-09 22:12:51 35,384 ----a-w C:\Windows\System32\drivers\WdfLdr.sys + 2008-06-09 22:12:50 54,784 ----a-w C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\i8042prt.sys + 2008-06-09 22:12:50 6,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\kbd106.dll + 2008-06-09 22:12:50 35,384 ----a-w C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\kbdclass.sys + 2008-06-09 22:12:50 15,872 ----a-w C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\kbdhid.sys + 2008-06-09 22:17:20 41,984 ----a-w C:\Windows\System32\DriverStore\FileRepository\monitor.inf_1a316eff\monitor.sys + 2008-06-09 22:16:07 17,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\aliide.sys + 2008-06-09 22:16:07 17,976 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\amdide.sys + 2008-06-09 22:16:07 21,560 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys + 2008-06-09 22:16:07 109,624 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\ataport.sys + 2008-06-09 22:16:06 19,000 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\cmdide.sys + 2008-06-09 22:16:06 17,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\intelide.sys + 2008-06-09 22:16:06 25,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\msahci.sys + 2008-06-09 22:16:07 15,928 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\pciide.sys + 2008-06-09 22:16:07 45,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\pciidex.sys + 2008-06-09 22:16:07 20,024 ----a-w C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\viaide.sys + 2008-06-09 22:12:50 54,784 ----a-w C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_f4514c17\i8042prt.sys + 2008-06-09 22:12:50 34,360 ----a-w C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_f4514c17\mouclass.sys + 2008-06-09 22:12:50 15,872 ----a-w C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_f4514c17\mouhid.sys + 2008-06-09 22:12:50 19,968 ----a-w C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_f4514c17\sermouse.sys - 2006-11-02 09:45:03 100,864 ----a-w C:\Windows\System32\drvinst.exe + 2008-06-09 22:12:56 101,888 ----a-w C:\Windows\System32\drvinst.exe + 2004-07-31 16:50:36 51,200 ----a-w C:\Windows\System32\dumphive.exe - 2008-01-06 19:19:34 347,136 ----a-w C:\Windows\System32\dxtmsft.dll + 2008-06-09 22:06:43 347,136 ----a-w C:\Windows\System32\dxtmsft.dll - 2008-01-06 19:19:34 214,528 ----a-w C:\Windows\System32\dxtrans.dll + 2008-06-09 22:06:43 214,528 ----a-w C:\Windows\System32\dxtrans.dll - 2006-11-02 09:39:22 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll + 2008-06-09 22:12:50 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll - 2008-02-26 11:41:01 322,216 ----a-w C:\Windows\System32\FNTCACHE.DAT + 2008-06-10 10:17:21 322,216 ----a-w C:\Windows\System32\FNTCACHE.DAT - 2008-01-06 19:19:33 63,488 ----a-w C:\Windows\System32\icardie.dll + 2008-06-09 22:06:37 63,488 ----a-w C:\Windows\System32\icardie.dll - 2008-01-06 19:19:30 70,656 ----a-w C:\Windows\System32\ie4uinit.exe + 2008-06-09 22:06:32 70,656 ----a-w C:\Windows\System32\ie4uinit.exe - 2008-01-06 19:19:35 383,488 ----a-w C:\Windows\System32\ieapfltr.dll + 2008-06-09 22:06:45 383,488 ----a-w C:\Windows\System32\ieapfltr.dll - 2008-01-06 19:19:42 6,065,664 ----a-w C:\Windows\System32\ieframe.dll + 2008-06-09 22:06:42 6,066,176 ----a-w C:\Windows\System32\ieframe.dll - 2008-01-06 19:19:30 44,544 ----a-w C:\Windows\System32\iernonce.dll + 2008-06-09 22:06:32 44,544 ----a-w C:\Windows\System32\iernonce.dll - 2008-01-06 19:19:43 180,736 ----a-w C:\Windows\System32\ieui.dll + 2008-06-09 22:06:42 180,736 ----a-w C:\Windows\System32\ieui.dll - 2007-09-24 21:30:28 135,168 ----a-w C:\Windows\System32\java.exe + 2008-03-24 23:28:39 135,168 ----a-w C:\Windows\System32\java.exe - 2007-09-24 21:30:30 135,168 ----a-w C:\Windows\System32\javaw.exe + 2008-03-24 23:28:43 135,168 ----a-w C:\Windows\System32\javaw.exe - 2007-09-24 22:31:42 139,264 ----a-w C:\Windows\System32\javaws.exe + 2008-03-25 00:37:01 139,264 ----a-w C:\Windows\System32\javaws.exe - 2008-01-06 19:19:36 27,648 ----a-w C:\Windows\System32\jsproxy.dll + 2008-06-09 22:06:44 27,648 ----a-w C:\Windows\System32\jsproxy.dll - 2006-11-02 09:39:43 6,656 ----a-w C:\Windows\System32\kbd106n.dll + 2008-06-09 22:12:55 6,656 ----a-w C:\Windows\System32\kbd106n.dll - 2006-11-02 08:30:44 8,704 ----a-w C:\Windows\System32\kd1394.dll + 2008-06-09 22:12:57 19,000 ----a-w C:\Windows\System32\kd1394.dll - 2006-11-02 09:46:05 113,664 ----a-w C:\Windows\System32\loadperf.dll + 2008-06-09 22:12:54 115,200 ----a-w C:\Windows\System32\loadperf.dll - 2006-11-02 09:45:21 38,912 ----a-w C:\Windows\System32\lodctr.exe + 2008-06-09 22:12:54 39,424 ----a-w C:\Windows\System32\lodctr.exe - 2006-11-02 09:46:13 120,320 ----a-w C:\Windows\System32\migration\CntrtextMig.dll + 2008-06-09 22:12:54 120,320 ----a-w C:\Windows\System32\migration\CntrtextMig.dll - 2008-01-09 21:38:21 49,152 ----a-w C:\Windows\System32\migration\netiomig.dll + 2008-06-09 22:15:38 49,152 ----a-w C:\Windows\System32\migration\netiomig.dll - 2008-01-06 19:19:36 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll + 2008-06-09 22:06:44 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll - 2008-01-02 18:21:36 17,642,616 ----a-w C:\Windows\System32\mrt.exe + 2008-05-09 12:35:06 16,863,864 ----a-w C:\Windows\System32\mrt.exe - 2008-01-06 19:19:39 3,590,656 ----a-w C:\Windows\System32\mshtml.dll + 2008-06-09 22:06:40 3,591,680 ----a-w C:\Windows\System32\mshtml.dll - 2008-01-06 19:19:40 478,208 ----a-w C:\Windows\System32\mshtmled.dll + 2008-06-09 22:06:40 478,208 ----a-w C:\Windows\System32\mshtmled.dll - 2008-01-06 19:19:33 671,232 ----a-w C:\Windows\System32\mstime.dll + 2008-06-09 22:06:37 671,232 ----a-w C:\Windows\System32\mstime.dll + 2008-05-19 07:23:59 2,456 ----a-w C:\Windows\System32\networklist\icons\{0616E4C2-C283-4903-BD45-52626C0DD044}_24.bin + 2008-05-19 07:23:59 4,280 ----a-w C:\Windows\System32\networklist\icons\{0616E4C2-C283-4903-BD45-52626C0DD044}_32.bin + 2008-05-19 07:23:59 9,560 ----a-w C:\Windows\System32\networklist\icons\{0616E4C2-C283-4903-BD45-52626C0DD044}_48.bin + 2008-04-23 20:14:35 2,456 ----a-w C:\Windows\System32\networklist\icons\{0BBD145C-CA47-4935-A2FF-C3CCF52B18B4}_24.bin + 2008-04-23 20:14:35 4,280 ----a-w C:\Windows\System32\networklist\icons\{0BBD145C-CA47-4935-A2FF-C3CCF52B18B4}_32.bin + 2008-04-23 20:14:35 9,560 ----a-w C:\Windows\System32\networklist\icons\{0BBD145C-CA47-4935-A2FF-C3CCF52B18B4}_48.bin + 2008-06-14 19:50:18 2,456 ----a-w C:\Windows\System32\networklist\icons\{57AC5DFE-8976-4C5D-AEDD-F52FEFF4587C}_24.bin + 2008-06-14 19:50:18 4,280 ----a-w C:\Windows\System32\networklist\icons\{57AC5DFE-8976-4C5D-AEDD-F52FEFF4587C}_32.bin + 2008-06-14 19:50:18 9,560 ----a-w C:\Windows\System32\networklist\icons\{57AC5DFE-8976-4C5D-AEDD-F52FEFF4587C}_48.bin + 2008-06-16 13:20:20 2,456 ----a-w C:\Windows\System32\networklist\icons\{6789380C-69D8-4346-9858-6E3B7B599B31}_24.bin + 2008-06-16 13:20:20 4,280 ----a-w C:\Windows\System32\networklist\icons\{6789380C-69D8-4346-9858-6E3B7B599B31}_32.bin + 2008-06-16 13:20:20 9,560 ----a-w C:\Windows\System32\networklist\icons\{6789380C-69D8-4346-9858-6E3B7B599B31}_48.bin + 2008-06-04 22:55:02 2,456 ----a-w C:\Windows\System32\networklist\icons\{D7600D7D-914E-4FBF-BB68-0776515EE2D8}_24.bin + 2008-06-04 22:55:02 4,280 ----a-w C:\Windows\System32\networklist\icons\{D7600D7D-914E-4FBF-BB68-0776515EE2D8}_32.bin + 2008-06-04 22:55:02 9,560 ----a-w C:\Windows\System32\networklist\icons\{D7600D7D-914E-4FBF-BB68-0776515EE2D8}_48.bin - 2006-11-02 09:46:12 23,040 ----a-w C:\Windows\System32\nshhttp.dll + 2008-06-09 22:12:55 23,552 ----a-w C:\Windows\System32\nshhttp.dll - 2006-11-02 09:46:12 558,080 ----a-w C:\Windows\System32\oleaut32.dll + 2008-06-09 22:12:55 558,080 ----a-w C:\Windows\System32\oleaut32.dll - 2008-04-17 15:59:10 101,424 ----a-w C:\Windows\System32\perfc009.dat + 2008-06-16 13:03:10 101,424 ----a-w C:\Windows\System32\perfc009.dat - 2008-04-17 15:59:10 76,640 ----a-w C:\Windows\System32\perfc014.dat + 2008-06-16 13:03:10 76,640 ----a-w C:\Windows\System32\perfc014.dat - 2008-04-17 15:59:10 587,568 ----a-w C:\Windows\System32\perfh009.dat + 2008-06-16 13:03:10 587,568 ----a-w C:\Windows\System32\perfh009.dat - 2008-04-17 15:59:10 452,704 ----a-w C:\Windows\System32\perfh014.dat + 2008-06-16 13:03:10 452,704 ----a-w C:\Windows\System32\perfh014.dat - 2006-11-02 09:46:12 44,544 ----a-w C:\Windows\System32\pngfilt.dll + 2008-06-09 22:06:33 44,544 ----a-w C:\Windows\System32\pngfilt.dll - 2006-11-02 09:42:44 17,408 ----a-w C:\Windows\System32\prflbmsg.dll + 2008-06-09 22:12:54 17,408 ----a-w C:\Windows\System32\prflbmsg.dll + 2003-06-05 19:13:00 53,248 ----a-w C:\Windows\System32\Process.exe - 2006-11-02 12:36:17 313,856 ----a-w C:\Windows\System32\rstrui.exe + 2008-06-09 22:12:59 313,856 ----a-w C:\Windows\System32\rstrui.exe - 2006-11-02 09:46:12 595,456 ----a-w C:\Windows\System32\schedsvc.dll + 2008-06-09 22:12:52 595,456 ----a-w C:\Windows\System32\schedsvc.dll - 2008-02-07 23:56:41 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2008-06-15 11:38:15 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2006-04-27 15:49:30 288,417 ----a-w C:\Windows\System32\SrchSTS.exe - 2006-11-02 12:36:17 40,960 ----a-w C:\Windows\System32\srclient.dll + 2008-06-09 22:12:59 40,960 ----a-w C:\Windows\System32\srclient.dll - 2006-11-02 12:36:17 371,712 ----a-w C:\Windows\System32\srcore.dll + 2008-06-09 22:12:59 371,712 ----a-w C:\Windows\System32\srcore.dll - 2006-11-02 12:36:17 16,384 ----a-w C:\Windows\System32\srdelayed.exe + 2008-06-09 22:12:59 16,384 ----a-w C:\Windows\System32\srdelayed.exe - 2006-11-02 09:46:13 221,184 ----a-w C:\Windows\System32\umpnpmgr.dll + 2008-06-09 22:12:56 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll - 2006-11-02 09:45:50 32,256 ----a-w C:\Windows\System32\unlodctr.exe + 2008-06-09 22:12:54 32,256 ----a-w C:\Windows\System32\unlodctr.exe - 2008-01-06 19:19:36 1,159,680 ----a-w C:\Windows\System32\urlmon.dll + 2008-06-09 22:06:33 1,159,680 ----a-w C:\Windows\System32\urlmon.dll + 2007-09-05 22:22:23 289,144 ----a-w C:\Windows\System32\VCCLSID.exe - 2008-04-17 15:56:04 7,930 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1365638748-907170335-1329176293-1000_UserData.bin + 2008-06-16 13:00:33 8,792 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1365638748-907170335-1329176293-1000_UserData.bin - 2008-04-17 15:56:04 72,086 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-16 13:00:33 74,198 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-04-18 01:47:35 5,066 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat + 2008-06-16 12:50:58 2,770 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat - 2008-04-17 16:42:16 37,130 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-06-16 13:00:31 42,004 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-04-17 15:48:10 349,596 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-06-16 09:02:47 366,272 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2008-04-12 07:22:31 281,108 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2008-06-14 21:36:23 290,148 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin - 2006-11-02 09:52:01 940,648 ----a-w C:\Windows\System32\winload.exe + 2008-06-09 22:12:57 944,184 ----a-w C:\Windows\System32\winload.exe - 2006-11-02 09:52:02 902,248 ----a-w C:\Windows\System32\winresume.exe + 2008-06-09 22:12:57 905,400 ----a-w C:\Windows\System32\winresume.exe - 2006-11-02 09:46:14 613,888 ----a-w C:\Windows\System32\wpd_ci.dll + 2008-06-09 22:12:58 613,888 ----a-w C:\Windows\System32\wpd_ci.dll + 2007-10-03 22:36:46 25,600 ----a-w C:\Windows\System32\WS2Fix.exe + 2006-02-03 06:41:26 14,032 ----a-w C:\Windows\System32\x3daudio1_0.dll + 2006-02-03 06:42:06 230,096 ----a-w C:\Windows\System32\xactengine2_0.dll + 2006-03-31 10:39:48 229,584 ----a-w C:\Windows\System32\xactengine2_1.dll + 2006-05-31 05:24:16 230,168 ----a-w C:\Windows\System32\xactengine2_2.dll + 2006-03-31 10:39:24 62,672 ----a-w C:\Windows\System32\xinput1_1.dll + 2008-06-09 22:02:29 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16625_none_d9ac5ba2d1cd93c1\ehepg.dll + 2008-06-09 22:02:29 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.20750_none_da108737eb0808ab\ehepg.dll + 2008-06-09 22:02:18 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16625_none_bcf1d858c1bcf70c\ehexthost.exe + 2008-06-09 22:02:13 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20750_none_bd5603eddaf76bf6\ehexthost.exe + 2008-06-09 22:02:29 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16625_none_fbd4df3d09c25501\ehiExtens.dll + 2008-06-09 22:02:28 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.20750_none_fc390ad222fcc9eb\ehiExtens.dll + 2008-06-09 22:02:16 4,370,432 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16625_none_899f76e344812213\ehshell.dll + 2008-06-09 22:02:12 4,382,720 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.20750_none_8a03a2785dbb96fd\ehshell.dll + 2008-06-09 22:02:17 1,196,032 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16625_none_4e9d1a9a98c598a9\Microsoft.MediaCenter.Shell.dll + 2008-06-09 22:02:13 1,269,760 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20750_none_4f01462fb2000d93\Microsoft.MediaCenter.Shell.dll + 2008-06-09 22:02:17 2,342,912 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16625_none_312b694a5a1995c3\Microsoft.MediaCenter.UI.dll + 2008-06-09 22:02:12 2,351,104 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20750_none_318f94df73540aad\Microsoft.MediaCenter.UI.dll + 2008-06-09 22:02:18 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16625_none_2386c23dcf3201d9\Microsoft.MediaCenter.dll + 2008-06-09 22:02:14 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20750_none_23eaedd2e86c76c3\Microsoft.MediaCenter.dll + 2008-06-09 22:12:50 54,784 ----a-w C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\i8042prt.sys + 2008-06-09 22:12:50 6,656 ----a-w C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\kbd106.dll + 2008-06-09 22:12:50 35,384 ----a-w C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\kbdclass.sys + 2008-06-09 22:12:50 15,872 ----a-w C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\kbdhid.sys + 2008-06-09 22:12:49 54,784 ----a-w C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys + 2008-06-09 22:12:49 6,656 ----a-w C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\kbd106.dll + 2008-06-09 22:12:49 35,384 ----a-w C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\kbdclass.sys + 2008-06-09 22:12:49 15,872 ----a-w C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\kbdhid.sys + 2008-06-09 22:09:53 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16651_none_0a06ea31f54d7fe8\AcRes.dll + 2008-06-09 22:09:53 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20788_none_0a77193f0e7d24e6\AcRes.dll + 2008-06-09 22:09:49 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18032_none_0c03c8f9f262f24e\AcRes.dll + 2008-06-09 22:09:48 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22132_none_0c8d65c50b809218\AcRes.dll + 2008-06-09 22:09:52 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16651_none_0a08eac5f54bb296\AcGenral.dll + 2008-06-09 22:09:52 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20788_none_0a7919d30e7b5794\AcGenral.dll + 2008-06-09 22:09:47 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18032_none_0c05c98df26124fc\AcGenral.dll + 2008-06-09 22:09:47 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22132_none_0c8f66590b7ec4c6\AcGenral.dll + 2008-06-09 22:09:51 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16651_none_0a09eb0ff54acbed\AcSpecfc.dll + 2008-06-09 22:09:51 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20788_none_0a7a1a1d0e7a70eb\AcSpecfc.dll + 2008-06-09 22:09:47 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18032_none_0c06c9d7f2603e53\AcSpecfc.dll + 2008-06-09 22:09:47 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22132_none_0c9066a30b7dde1d\AcSpecfc.dll + 2008-06-09 22:09:51 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcLayers.dll + 2008-06-09 22:09:51 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcXtrnal.dll + 2008-06-09 22:09:51 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcLayers.dll + 2008-06-09 22:09:51 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcXtrnal.dll + 2008-06-09 22:09:47 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcLayers.dll + 2008-06-09 22:09:47 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcXtrnal.dll + 2008-06-09 22:09:47 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcLayers.dll + 2008-06-09 22:09:47 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcXtrnal.dll + 2008-06-09 22:06:45 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16643_none_a9bce801f5c7b8c8\advpack.dll + 2008-06-09 22:06:45 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20777_none_aa2a16310efa11c1\advpack.dll + 2008-06-09 22:12:47 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\setbcdlocale.dll + 2008-06-09 22:12:47 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winload.exe + 2008-06-09 22:12:47 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winresume.exe + 2008-06-09 22:12:47 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\setbcdlocale.dll + 2008-06-09 22:12:47 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winload.exe + 2008-06-09 22:12:47 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winresume.exe + 2008-06-09 22:12:57 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.16646_none_61bfda98f6d6f5d5\kd1394.dll + 2008-06-09 22:12:57 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.20782_none_621a368c1018a007\kd1394.dll + 2008-06-09 22:12:48 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.18027_none_63bcb960f3ec683b\kd1394.dll + 2008-06-09 22:12:47 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.22125_none_644455980d0bd557\kd1394.dll + 2008-06-09 22:12:57 944,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winload.exe + 2008-06-09 22:12:57 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winresume.exe + 2008-06-09 22:12:57 944,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winload.exe + 2008-06-09 22:12:57 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winresume.exe + 2008-06-09 22:12:49 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winload.exe + 2008-06-09 22:12:49 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winresume.exe + 2008-06-09 22:12:49 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winload.exe + 2008-06-09 22:12:49 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winresume.exe + 2008-06-09 22:12:57 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.16642_none_9e68737c07b7f5c7\ci.dll + 2008-06-09 22:12:57 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.20775_none_9ed4a16120eb3569\ci.dll + 2008-06-09 22:12:47 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.18023_none_a065524404cd682d\ci.dll + 2008-06-09 22:12:47 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.22120_none_a0ebee311dedbbf2\ci.dll + 2008-06-09 22:12:56 224,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.16609_none_7ca55ea12a5d5913\clfs.sys + 2008-06-09 22:12:56 224,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.20734_none_7d098a364397cdfd\clfs.sys + 2008-06-09 22:12:56 19,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23\cfgmgr32.dll + 2008-06-09 22:12:56 101,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23\drvinst.exe + 2008-06-09 22:12:56 221,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23\umpnpmgr.dll + 2008-06-09 22:12:56 19,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.20734_none_75889abf48f7c10d\cfgmgr32.dll + 2008-06-09 22:12:55 101,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.20734_none_75889abf48f7c10d\drvinst.exe + 2008-06-09 22:12:55 221,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.20734_none_75889abf48f7c10d\umpnpmgr.dll + 2008-06-09 22:12:55 260,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16609_none_68015a2337d92e69\dpx.dll + 2008-06-09 22:12:55 260,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.20734_none_686585b85113a353\dpx.dll + 2008-06-09 22:09:19 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsapi.dll + 2008-06-09 22:09:18 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe + 2008-06-09 22:09:19 83,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll + 2008-06-09 22:09:18 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsapi.dll + 2008-06-09 22:09:18 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnscacheugc.exe + 2008-06-09 22:09:18 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll + 2008-06-09 22:02:28 252,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16625_none_12c09b07a297f371\ehReplay.dll + 2008-06-09 22:02:28 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20750_none_1324c69cbbd2685b\ehReplay.dll + 2008-06-09 22:02:28 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16625_none_32330b5ddcdf57cf\McrMgr.dll + 2008-06-09 22:02:27 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16625_none_32330b5ddcdf57cf\McrMgr.exe + 2008-06-09 22:02:27 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20750_none_329736f2f619ccb9\McrMgr.dll + 2008-06-09 22:02:27 172,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20750_none_329736f2f619ccb9\McrMgr.exe + 2008-06-09 22:02:25 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16625_none_2de6da1585272f3f\ehdebug.dll + 2008-06-09 22:02:24 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20750_none_2e4b05aa9e61a429\ehdebug.dll + 2008-06-09 22:02:17 103,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16625_none_24d1ba8c64df4a0e\ehPresenter.dll + 2008-06-09 22:02:12 103,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20750_none_2535e6217e19bef8\ehPresenter.dll + 2008-06-09 22:02:24 10,094,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16625_none_501526e9535d51c0\ehres.dll + 2008-06-09 22:02:19 10,103,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20750_none_5079527e6c97c6aa\ehres.dll + 2008-06-09 22:02:19 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16625_none_36c5ec1516c514d5\ehtrace.dll + 2008-06-09 22:02:19 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20750_none_372a17aa2fff89bf\ehtrace.dll + 2008-06-09 22:02:18 517,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16625_none_cccd3f3fcc4ce7da\ehui.dll + 2008-06-09 22:02:13 521,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20750_none_cd316ad4e5875cc4\ehui.dll + 2008-06-09 22:02:14 1,497,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16625_none_3a1431762e229c7c\ehuihlp.dll + 2008-06-09 22:02:11 1,498,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20750_none_3a785d0b475d1166\ehuihlp.dll + 2008-06-09 22:09:50 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\gameux.dll + 2008-06-09 22:09:51 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\GameUXLegacyGDFs.dll + 2008-06-09 22:09:49 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\gameux.dll + 2008-06-09 22:09:49 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\GameUXLegacyGDFs.dll + 2008-06-09 22:09:46 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\gameux.dll + 2008-06-09 22:09:46 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\GameUXLegacyGDFs.dll + 2008-06-09 22:09:45 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\gameux.dll + 2008-06-09 22:09:46 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\GameUXLegacyGDFs.dll + 2008-06-09 22:10:45 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16643_none_57702c844c48b643\gdi32.dll + 2008-06-09 22:10:45 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20777_none_57dd5ab3657b0f3c\gdi32.dll + 2008-06-09 22:10:45 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\gdi32.dll + 2008-06-09 22:10:45 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22120_none_59f2a6ef627f6317\gdi32.dll + 2008-06-09 22:06:33 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16643_none_ebb7f1b116609ec7\pngfilt.dll + 2008-06-09 22:06:32 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20777_none_ec251fe02f92f7c0\pngfilt.dll + 2008-06-09 22:06:33 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16643_none_b2d49a63d9c1162b\urlmon.dll + 2008-06-09 22:06:33 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20777_none_b341c892f2f36f24\urlmon.dll + 2008-06-09 22:06:28 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18023_none_b4d078e1d6d76f3a\urlmon.dll + 2008-06-09 22:06:28 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22120_none_b55714ceeff7c2ff\urlmon.dll + 2008-06-09 22:12:50 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.16646_none_ebb5eec692f230bc\f3ahvoas.dll + 2008-06-09 22:12:50 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.20782_none_ec104ab9ac33daee\f3ahvoas.dll + 2008-06-09 22:06:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16643_none_deb7292c7f69d59a\mstime.dll + 2008-06-09 22:06:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20777_none_df24575b989c2e93\mstime.dll + 2008-06-09 22:06:29 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18023_none_e0b307aa7c802ea9\mstime.dll + 2008-06-09 22:06:29 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22120_none_e139a39795a0826e\mstime.dll + 2008-06-09 22:12:55 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.16646_none_dafbedd9168fe683\kbd106n.dll + 2008-06-09 22:12:55 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.20782_none_db5649cc2fd190b5\kbd106n.dll + 2008-06-09 22:06:44 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\jsproxy.dll + 2008-06-09 22:06:44 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll + 2008-06-09 22:06:44 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\WininetPlugin.dll + 2008-06-09 22:06:43 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\jsproxy.dll + 2008-06-09 22:06:44 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll + 2008-06-09 22:06:44 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\WininetPlugin.dll + 2008-06-09 22:06:31 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\jsproxy.dll + 2008-06-09 22:06:31 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll + 2008-06-09 22:06:31 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\WininetPlugin.dll + 2008-06-09 22:06:31 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\jsproxy.dll + 2008-06-09 22:06:31 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll + 2008-06-09 22:06:31 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\WininetPlugin.dll + 2008-06-09 22:06:45 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dat + 2008-06-09 22:06:45 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dll + 2008-06-09 22:06:45 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dat + 2008-06-09 22:06:44 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dll + 2008-06-09 22:06:43 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtmsft.dll + 2008-06-09 22:06:43 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtrans.dll + 2008-06-09 22:06:43 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtmsft.dll + 2008-06-09 22:06:43 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtrans.dll + 2008-06-09 22:06:40 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16643_none_461a6bef465befcc\mshtmled.dll + 2008-06-09 22:06:40 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20777_none_46879a1e5f8e48c5\mshtmled.dll + 2008-06-09 22:06:40 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none_113495242520a5f4\mshtml.dll + 2008-06-09 22:06:38 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none_11a1c3533e52feed\mshtml.dll + 2008-06-09 22:06:31 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none_133073a22236ff03\mshtml.dll + 2008-06-09 22:06:29 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none_13b70f8f3b5752c8\mshtml.dll + 2008-06-09 22:06:37 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16643_none_588d01ee673531fd\icardie.dll + 2008-06-09 22:06:37 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20777_none_58fa301d80678af6\icardie.dll + 2008-06-09 22:06:34 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\ieUnatt.exe + 2008-06-09 22:06:35 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe + 2008-06-09 22:06:33 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\ieUnatt.exe + 2008-06-09 22:06:34 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe + 2008-06-09 22:06:32 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\ie4uinit.exe + 2008-06-09 22:06:32 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iernonce.dll + 2008-06-09 22:06:32 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iesetup.dll + 2008-06-09 22:06:32 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\ie4uinit.exe + 2008-06-09 22:06:32 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iernonce.dll + 2008-06-09 22:06:32 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iesetup.dll + 2008-06-09 22:06:44 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16643_none_29e74e1c682049a3\iebrshim.dll + 2008-06-09 22:06:44 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20777_none_2a547c4b8152a29c\iebrshim.dll + 2008-06-09 22:06:42 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieframe.dll + 2008-06-09 22:06:42 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieui.dll + 2008-06-09 22:06:40 6,067,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieframe.dll + 2008-06-09 22:06:41 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieui.dll + 2008-06-09 22:06:37 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16643_none_e68d5ba694998859\ieinstal.exe + 2008-06-09 22:06:36 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20777_none_e6fa89d5adcbe152\ieinstal.exe + 2008-06-09 22:06:32 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16643_none_0b3590c2d714480b\ieuser.exe + 2008-06-09 22:06:31 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20777_none_0ba2bef1f046a104\ieuser.exe + 2008-06-09 22:02:11 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16625_none_3d338c3162694f64\mcmde.dll + 2008-06-09 22:02:11 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20750_none_3d97b7c67ba3c44e\mcmde.dll + 2008-06-09 22:16:06 154,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6000.16632_none_4d03fb3a91e27bd0\nwifi.sys + 2008-06-09 22:16:06 154,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6000.20757_none_4d7cf99fab0bd22f\nwifi.sys + 2008-06-09 22:15:39 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netcfg_31bf3856ad364e35_6.0.6000.16627_none_0e39ff40545cdf67\netcfg.exe + 2008-06-09 22:15:38 24,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netcfg_31bf3856ad364e35_6.0.6000.20752_none_0e9e2ad56d975451\netcfg.exe + 2008-06-09 22:15:38 216,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16627_none_54a6905db830dfb1\netio.sys + 2008-06-09 22:15:38 217,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.20752_none_550abbf2d16b549b\netio.sys + 2008-06-09 22:12:55 23,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.16609_none_71cfead8774bc0d7\nshhttp.dll + 2008-06-09 22:12:55 23,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.20734_none_7234166d908635c1\nshhttp.dll + 2008-06-09 22:17:20 1,060,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346\ntfs.sys + 2008-06-09 22:17:20 1,061,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20740_none_a4e9483239031830\ntfs.sys + 2008-06-09 22:16:49 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16674_none_f05a2d326e88eb29\OESpamFilter.dat + 2008-06-09 22:16:49 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20815_none_f125abb58774f9cb\OESpamFilter.dat + 2008-06-09 22:16:49 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18054_none_f2560bb06b9f4438\OESpamFilter.dat + 2008-06-09 22:16:48 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22159_none_f2e4a9ed84b862b5\OESpamFilter.dat + 2008-06-09 22:16:08 558,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.16588_none_bacb6cf1fe8d4f50\oleaut32.dll + 2008-06-09 22:10:23 558,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.16607_none_bb20ededfe4d5398\oleaut32.dll + 2008-06-09 22:12:55 558,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.16609_none_bb22ee81fe4b8646\oleaut32.dll + 2008-06-09 22:16:08 559,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.20711_none_bb99b91117787749\oleaut32.dll + 2008-06-09 22:10:22 559,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.20732_none_bb8519831787c882\oleaut32.dll + 2008-06-09 22:12:55 559,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.20734_none_bb871a171785fb30\oleaut32.dll + 2008-06-09 22:16:08 3,504,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntkrnlpa.exe + 2008-06-09 22:16:07 3,470,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntoskrnl.exe + 2008-06-09 22:16:07 3,505,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntkrnlpa.exe + 2008-06-09 22:16:07 3,471,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntoskrnl.exe + 2008-06-09 22:12:54 120,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\CntrtextMig.dll + 2008-06-09 22:12:54 115,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\loadperf.dll + 2008-06-09 22:12:54 39,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\lodctr.exe + 2008-06-09 22:12:55 30,674 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\perfc.dat + 2008-06-09 22:12:55 30,674 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\perfd.dat + 2008-06-09 22:12:55 287,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\perfh.dat + 2008-06-09 22:12:55 287,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\perfi.dat + 2008-06-09 22:12:54 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\prflbmsg.dll + 2008-06-09 22:12:54 32,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16609_none_6fa8c14c01b81c8f\unlodctr.exe + 2008-06-09 22:12:53 120,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\CntrtextMig.dll + 2008-06-09 22:12:53 115,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\loadperf.dll + 2008-06-09 22:12:53 39,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\lodctr.exe + 2008-06-09 22:12:54 30,674 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\perfc.dat + 2008-06-09 22:12:54 30,674 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\perfd.dat + 2008-06-09 22:12:54 287,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\perfh.dat + 2008-06-09 22:12:54 287,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\perfi.dat + 2008-06-09 22:12:53 17,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\prflbmsg.dll + 2008-06-09 22:12:53 32,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.20734_none_700cece11af29179\unlodctr.exe + 2008-06-09 22:12:53 18,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack-msg_31bf3856ad364e35_6.0.6000.16609_none_3cc22de72dd8baa4\CbsMsg.dll + 2008-06-09 22:12:53 18,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack-msg_31bf3856ad364e35_6.0.6000.20734_none_3d26597c47132f8e\CbsMsg.dll + 2008-06-09 22:05:00 432,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16649_none_0756e58cca3c3d46\CbsCore.dll + 2008-06-09 22:05:00 95,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16649_none_0756e58cca3c3d46\DrUpdate.dll + 2008-06-09 22:05:00 99,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16649_none_0756e58cca3c3d46\poqexec.exe + 2008-06-09 22:05:00 116,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16649_none_0756e58cca3c3d46\smipi.dll + 2008-06-09 22:05:01 1,646,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16649_none_0756e58cca3c3d46\wcp.dll + 2008-06-09 22:05:01 50,688 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16649_none_0756e58cca3c3d46\wrpint.dll + 2008-06-09 22:13:29 1,585,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6000.16609_none_33181da4c90f2d73\setupapi.dll + 2008-06-09 22:13:29 1,585,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6000.20734_none_337c4939e249a25d\setupapi.dll + 2008-06-09 22:12:59 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\rstrui.exe + 2008-06-09 22:12:59 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srclient.dll + 2008-06-09 22:12:59 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srcore.dll + 2008-06-09 22:12:59 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srdelayed.exe + 2008-06-09 22:12:58 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\rstrui.exe + 2008-06-09 22:12:59 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srclient.dll + 2008-06-09 22:12:58 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srcore.dll + 2008-06-09 22:12:58 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srdelayed.exe + 2008-06-09 22:12:48 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\rstrui.exe + 2008-06-09 22:12:49 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srclient.dll + 2008-06-09 22:12:48 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srcore.dll + 2008-06-09 22:12:48 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srdelayed.exe + 2008-06-09 22:12:48 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\rstrui.exe + 2008-06-09 22:12:48 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srclient.dll + 2008-06-09 22:12:48 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srcore.dll + 2008-06-09 22:12:48 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srdelayed.exe + 2008-06-09 22:12:52 595,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6\schedsvc.dll + 2008-06-09 22:12:52 595,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0\schedsvc.dll + 2008-06-09 22:15:38 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\netiomig.dll + 2008-06-09 22:15:38 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\netiougc.exe + 2008-06-09 22:15:38 803,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys + 2008-06-09 22:15:38 167,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpipcfg.dll + 2008-06-09 22:15:37 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\netiomig.dll + 2008-06-09 22:15:37 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\netiougc.exe + 2008-06-09 22:15:37 806,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys + 2008-06-09 22:15:37 167,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpipcfg.dll + 2008-06-09 22:12:51 27,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.0.6000.16609_none_8f2ff7784ff80919\TrustedInstaller.exe + 2008-06-09 22:12:51 27,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.0.6000.20734_none_8f94230d69327e03\TrustedInstaller.exe + 2008-06-09 22:12:51 495,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.0.6000.16609_none_7475dc2e20bd6c08\Wdf01000.sys + 2008-06-09 22:12:51 35,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.0.6000.16609_none_7475dc2e20bd6c08\WdfLdr.sys + 2008-06-09 22:12:50 495,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.0.6000.20734_none_74da07c339f7e0f2\Wdf01000.sys + 2008-06-09 22:12:51 35,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.0.6000.20734_none_74da07c339f7e0f2\WdfLdr.sys + 2008-06-09 22:17:45 48,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_6.0.6000.20751_none_923bb8126e5dee69\davclnt.dll + 2008-06-09 22:17:45 110,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.0.6000.16626_none_12b50875c89fe395\mrxdav.sys + 2008-06-09 22:17:45 110,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.0.6000.20751_none_1319340ae1da587f\mrxdav.sys + 2008-06-09 22:17:45 194,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-webdavredir-webclient_31bf3856ad364e35_6.0.6000.16626_none_532fecfab695e27c\WebClnt.dll + 2008-06-09 22:17:45 196,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-webdavredir-webclient_31bf3856ad364e35_6.0.6000.20751_none_5394188fcfd05766\WebClnt.dll + 2008-06-09 22:11:20 2,027,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys + 2008-06-09 22:11:19 2,028,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys + 2008-06-09 22:11:19 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys + 2008-06-09 22:11:19 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys + 2008-06-09 22:12:50 12,800 ----a-w C:\Windows\winsxs\x86_microsoft.windows.h..battery-driverclass_31bf3856ad364e35_6.0.6000.16609_none_18009dbc49aa7293\batt.dll + 2008-06-09 22:12:50 12,800 ----a-w C:\Windows\winsxs\x86_microsoft.windows.h..battery-driverclass_31bf3856ad364e35_6.0.6000.20734_none_1864c95162e4e77d\batt.dll + 2008-06-09 22:12:50 35,328 ----a-w C:\Windows\winsxs\x86_microsoft.windows.h..display-driverclass_31bf3856ad364e35_6.0.6000.16609_none_41b37abe932781d6\dispci.dll + 2008-06-09 22:12:50 35,328 ----a-w C:\Windows\winsxs\x86_microsoft.windows.h..display-driverclass_31bf3856ad364e35_6.0.6000.20734_none_4217a653ac61f6c0\dispci.dll + 2008-06-09 22:12:58 613,888 ----a-w C:\Windows\winsxs\x86_microsoft.windows.h..ler.wpd-driverclass_31bf3856ad364e35_6.0.6000.16609_none_66d0f2386adae39f\wpd_ci.dll + 2008-06-09 22:12:58 613,888 ----a-w C:\Windows\winsxs\x86_microsoft.windows.h..ler.wpd-driverclass_31bf3856ad364e35_6.0.6000.20734_none_67351dcd84155889\wpd_ci.dll + 2008-06-09 22:17:20 41,984 ----a-w C:\Windows\winsxs\x86_monitor.inf_31bf3856ad364e35_6.0.6000.16615_none_4117345983213804\monitor.sys + 2008-06-09 22:17:20 41,984 ----a-w C:\Windows\winsxs\x86_monitor.inf_31bf3856ad364e35_6.0.6000.20740_none_417b5fee9c5bacee\monitor.sys + 2008-06-09 22:16:07 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\aliide.sys + 2008-06-09 22:16:07 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\amdide.sys + 2008-06-09 22:16:07 21,560 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys + 2008-06-09 22:16:07 109,624 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\ataport.sys + 2008-06-09 22:16:06 19,000 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\cmdide.sys + 2008-06-09 22:16:06 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\intelide.sys + 2008-06-09 22:16:06 25,656 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\msahci.sys + 2008-06-09 22:16:07 15,928 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\pciide.sys + 2008-06-09 22:16:07 45,112 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\pciidex.sys + 2008-06-09 22:16:07 20,024 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\viaide.sys + 2008-06-09 22:16:06 17,464 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\aliide.sys + 2008-06-09 22:16:06 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\amdide.sys + 2008-06-09 22:16:06 21,560 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys + 2008-06-09 22:16:06 110,136 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\ataport.sys + 2008-06-09 22:16:06 19,000 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\cmdide.sys + 2008-06-09 22:16:06 17,976 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\intelide.sys + 2008-06-09 22:16:06 28,216 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\msahci.sys + 2008-06-09 22:16:06 15,928 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\pciide.sys + 2008-06-09 22:16:06 45,112 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\pciidex.sys + 2008-06-09 22:16:06 20,024 ----a-w C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\viaide.sys + 2008-06-09 22:12:50 54,784 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys + 2008-06-09 22:12:50 34,360 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\mouclass.sys + 2008-06-09 22:12:50 15,872 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\mouhid.sys + 2008-06-09 22:12:50 19,968 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\sermouse.sys + 2008-06-09 22:12:50 54,784 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys + 2008-06-09 22:12:50 34,360 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\mouclass.sys + 2008-06-09 22:12:50 15,872 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\mouhid.sys + 2008-06-09 22:12:50 19,968 ----a-w C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\sermouse.sys . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM 2097488] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 02:36 PM 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/13/2007 05:36 AM 827392] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [02/13/2007 11:38 AM 159744] "NvSvc"="C:\Windows\system32\nvsvc.dll" [07/09/2007 04:57 AM 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [07/09/2007 04:57 AM 8433664] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [07/09/2007 04:57 AM 81920] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 01:18 PM 472776] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 04:12 PM 317128] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM 144784] "Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [12/17/2007 03:37 PM 273520] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [3/29/2007 2:11:50 PM 719664] Mobilt Kontor.lnk - C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe [5/10/2007 10:38:58 AM 565248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] --a------ 03/17/2008 05:59 PM 2289664 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 02/01/2008 12:13 AM 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1365638748-907170335-1329176293-1000] "EnableNotificationsRef"=dword:00000004 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3CD23DDE-A894-4EA4-969A-FE008B2CED70}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{4505338E-6EBA-4C4A-95D0-B37FCCCDEA0A}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play "{4E6E0A71-F0B3-4349-B29D-A2EC602296B0}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "TCP Query User{997CA9E2-8E8F-4085-B50D-8BB6190E3738}C:\\program files\\sunpoker.com\\ua.exe"= UDP:C:\program files\sunpoker.com\ua.exe:UA Application "UDP Query User{3EEC328F-FCA5-4968-BBC4-7E20FCA4D9B9}C:\\program files\\sunpoker.com\\ua.exe"= TCP:C:\program files\sunpoker.com\ua.exe:UA Application "{5432B8F8-ED61-434F-92F0-746A94AB2B7F}"= UDP:C:\Program Files\mIRC\mirc.exe:mIRC "{411F99A5-91C4-4E69-B8DD-A11A64EE26BE}"= TCP:C:\Program Files\mIRC\mirc.exe:mIRC "{7AEA9259-2403-4075-98A9-ECA321BDD46E}"= UDP:C:\Program Files\SunPoker.com\launcher.exe:SunPoker.com "{13D0FF2B-EFD0-4D98-9724-096AD06906B6}"= TCP:C:\Program Files\SunPoker.com\launcher.exe:SunPoker.com "{344DD3F6-975B-47A9-B35A-8F3CE66EFBF9}"= UDP:C:\Program Files\Poker Tracker V2\ptrack2.exe:Poker Tracker V2 "{A7CF85E6-A097-427E-A504-7D5DA49E32D9}"= TCP:C:\Program Files\Poker Tracker V2\ptrack2.exe:Poker Tracker V2 "{4685516A-4CDB-47D3-A02B-1CD32E1C6428}"= UDP:C:\Program Files\GameTimePlus\GameTimePlus.exe:GameTimePlus "{9914B8A7-810F-4C97-A311-19AEE55A654C}"= TCP:C:\Program Files\GameTimePlus\GameTimePlus.exe:GameTimePlus "TCP Query User{7D031AE6-D334-411F-8483-8EF4797D297C}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{42B00F10-D191-4587-AD14-65837B48E74F}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{76322E93-2B9E-4825-8BE4-EC9D47BD9EAB}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{7CF49E67-C437-4A0E-87AE-8DFB8E48D279}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC "{FA97E4BF-3D88-43EF-9A6B-FFD43030400D}"= UDP:C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007 "{909A6D6E-248A-4299-9424-F951F3DF11D2}"= TCP:C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007 "{118B6D52-1771-4CFA-B8C0-501C6BCC173B}"= UDP:C:\Bridge Base Online\NetBridgeVu.exe:Bridge Base Online "{90F9660E-A6F3-485C-A925-0B0437981A1E}"= TCP:C:\Bridge Base Online\NetBridgeVu.exe:Bridge Base Online "{4024D04A-1F09-4CE7-889B-B5CD12977EB0}"= UDP:C:\Program Files\Online Services\Skype\SkypeSetup.exe:Skype "{E5E096FD-5A67-4EDC-82D2-CD106FFFF518}"= TCP:C:\Program Files\Online Services\Skype\SkypeSetup.exe:Skype "{963D9D6B-55F1-425C-ADEE-5575C16E8780}"= UDP:C:\Program Files\SunPoker.com\launcher.exe:SunPoker.com "{AE4F78FC-F7CE-4BE8-81D5-EA2412191C77}"= TCP:C:\Program Files\SunPoker.com\launcher.exe:SunPoker.com "{944B133B-0EE3-4C03-AA3B-21C459F9904D}"= UDP:C:\Program Files\Poker Tracker V2\ptrack2.exe:Poker Tracker V2 "{527362C4-B2D9-40BF-AF5F-A86185EA105E}"= TCP:C:\Program Files\Poker Tracker V2\ptrack2.exe:Poker Tracker V2 "TCP Query User{D93C24AC-46C6-4394-BE6B-21B4E09E85A0}C:\\program files\\sunpoker.com\\ua.exe"= UDP:C:\program files\sunpoker.com\ua.exe:UA Application "UDP Query User{FBF16A9B-A699-4E2E-B56B-2DB80C50002C}C:\\program files\\sunpoker.com\\ua.exe"= TCP:C:\program files\sunpoker.com\ua.exe:UA Application "{8F7F4842-A2D4-4477-80E5-A1CD4D3547A9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{AB2F3BA7-D2B0-4517-A189-AE506A86BB0C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{1178F714-8908-48E3-A255-C2C129C0BD18}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{21FCA5D4-5BF2-4E45-810F-5FC229CF3686}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{99AFA1D6-DFFB-4080-AD2E-A1450CC1534D}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{71FDC492-29F2-48EF-A3CA-2D4CC8D82B1D}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "TCP Query User{E0A105D7-2F45-4CDA-854F-B3ED8C72B0EE}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{70446B62-0074-4D5F-B13F-26806E32845C}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 ALE_NF;Norman Firewall ALE driver;C:\Windows\system32\drivers\ale_nf.sys [01/23/2008 04:01 PM] R2 GtFlashSwitch;GtFlashSwitch;"C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe" [02/09/2007 03:48 PM] R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [01/02/2007 10:55 AM] R2 NPFSvc32;Norman Personal Firewall Service;"C:\Program Files\Norman\npf\bin\npfsvc32.exe" [01/28/2008 11:21 AM] R2 NVOY;Norman's Very Own supplY of resources;"C:\Program Files\Norman\npm\bin\nvoy.exe" [01/22/2008 04:04 PM] R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [04/18/2007 10:51 AM] R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [04/18/2007 10:51 AM] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [04/18/2007 10:51 AM] R3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [02/11/2008 03:56 PM] R3 nvcoas;Norman Virus Control on-access component;"C:\Program Files\Norman\Nvc\bin\nvcoas.exe" [12/10/2007 03:36 PM] R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE" [09/18/2007 12:41 PM] S2 PlugPlayRPC;Plug and Play (RPC);C:\Windows\portsv.exe service [] S3 GTFFBUS;GT FF BUS;C:\Windows\system32\DRIVERS\gtffbus.sys [01/15/2007 05:48 PM] S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\Windows\system32\DRIVERS\Gtm51Irp.sys [01/15/2007 05:48 PM] S3 GTPTSER;GT PT SER;C:\Windows\system32\DRIVERS\gtptser.sys [01/15/2007 05:48 PM] S3 GTUQBUS;GT UQ BUS;C:\Windows\system32\DRIVERS\gtuqbus.sys [01/15/2007 05:48 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-18 03:16:14 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Windows\TEMP\TMP000000227D9532D64366CA39 524288 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 06/18/2008 3:17:46 ComboFix-quarantined-files.txt 2008-06-18 01:17:40 ComboFix2.txt 2008-04-18 01:52:53 Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. 900 --- E O F --- 2008-06-09 22:18:01