ComboFix 08-05-07.2 - Nele 2008-05-08 21:41:40.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1015 [GMT 2:00] Gestart vanuit: C:\Users\Nele\Desktop\ComboFix.exe * Nieuw herstelpunt werd aangemaakt * Resident AV is active . (((((((((((((((((((( Bestanden Gemaakt van 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-08 18:25 --------- d-----w C:\Program Files\McAfee 2008-05-02 18:54 --------- d-----w C:\Program Files\Mio Technology 2008-05-02 09:24 --------- d-----w C:\Program Files\Google 2008-04-28 11:32 --------- d-----w C:\Users\Nele\AppData\Roaming\LimeWirePlus 2008-04-25 19:13 --------- d-----w C:\Users\Nele\AppData\Roaming\Thunderbird 2008-04-25 19:13 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-04-23 07:49 --------- d-----w C:\Program Files\Apple Software Update 2008-04-22 14:20 --------- d-----w C:\Users\Nele\AppData\Roaming\ICAClient 2008-04-22 13:41 --------- d-----w C:\Program Files\Citrix 2008-04-21 11:21 --------- d-----w C:\Program Files\Cisco Systems 2008-04-21 11:12 --------- d-----w C:\Program Files\Common Files\Deterministic Networks 2008-04-19 11:34 --------- d-----w C:\Users\Nele\AppData\Roaming\SiteAdvisor 2008-04-15 17:09 --------- d-----w C:\Users\Nele\AppData\Roaming\Apple Computer 2008-04-15 17:09 --------- d-----w C:\ProgramData\Apple Computer 2008-04-15 17:09 --------- d-----w C:\Program Files\iTunes 2008-04-15 17:09 --------- d-----w C:\Program Files\iPod 2008-04-15 17:08 --------- d-----w C:\Program Files\Bonjour 2008-04-15 17:07 --------- d-----w C:\Program Files\QuickTime 2008-04-15 17:04 --------- d-----w C:\ProgramData\Apple 2008-04-15 17:04 --------- d-----w C:\Program Files\Common Files\Apple 2008-04-15 10:52 --------- d-----w C:\Program Files\Winamp 2008-04-15 08:14 --------- d-----w C:\Program Files\MorpheusBar 2008-04-15 08:14 --------- d-----w C:\Program Files\Morpheus 2008-04-11 10:37 --------- d-----w C:\Program Files\Windows Mail 2008-04-11 10:26 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-08 19:18 --------- d-----w C:\Users\Nele\AppData\Roaming\DivX 2008-04-08 18:42 --------- d-----w C:\Program Files\Windows Live 2008-04-08 18:38 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-08 18:36 --------- d-----w C:\ProgramData\WLInstaller 2008-04-08 18:05 --------- d-----w C:\Users\Nele\AppData\Roaming\Winamp 2008-04-08 17:24 --------- d-----w C:\Program Files\DivX 2008-04-08 17:20 --------- d-----w C:\ProgramData\OrbNetworks 2008-04-08 17:20 --------- d-----w C:\Program Files\Winamp Remote 2008-04-07 15:58 --------- d-----w C:\ProgramData\Sony Corporation 2008-04-03 11:31 --------- d-----w C:\Program Files\NetBeans 6.1 200804030004 2008-04-03 10:38 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-03 10:29 --------- d-----w C:\Program Files\Java 2008-04-02 18:22 --------- d-----w C:\Program Files\SiteAdvisor 2008-04-02 09:51 --------- d-----w C:\Program Files\Trend Micro 2008-04-02 08:30 --------- d-----w C:\ProgramData\Lavasoft 2008-04-02 08:29 --------- d-----w C:\Program Files\Lavasoft 2008-04-02 08:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-02 08:24 --------- d-----w C:\Users\Nele\AppData\Roaming\Grisoft 2008-04-02 08:24 --------- d-----w C:\ProgramData\Grisoft 2008-04-01 19:51 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-04-01 10:43 174 --sha-w C:\Program Files\desktop.ini 2008-04-01 10:38 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-01 10:38 --------- d-----w C:\Program Files\Windows Calendar 2008-04-01 09:52 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2008-04-01 09:52 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2008-04-01 09:52 542,720 ----a-w C:\Windows\System32\sysmain.dll 2008-04-01 09:52 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2008-04-01 09:52 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2008-04-01 09:52 297,984 ----a-w C:\Windows\System32\wlansec.dll 2008-04-01 09:52 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2008-04-01 09:52 28,344 ----a-w C:\Windows\system32\drivers\battc.sys 2008-04-01 09:52 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys 2008-04-01 09:52 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2008-04-01 09:52 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys 2008-04-01 09:52 2,923,520 ----a-w C:\Windows\explorer.exe 2008-04-01 09:52 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys 2008-04-01 09:49 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-04-01 09:49 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-04-01 09:47 613,888 ----a-w C:\Windows\System32\wpd_ci.dll 2008-04-01 09:47 224,824 ----a-w C:\Windows\System32\clfs.sys 2008-04-01 09:47 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll 2008-04-01 09:47 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll 2008-04-01 09:47 101,888 ----a-w C:\Windows\System32\drvinst.exe 2008-04-01 09:44 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys 2008-04-01 09:44 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-04-01 09:43 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2008-04-01 09:43 7,680 ----a-w C:\Windows\System32\spwmp.dll 2008-04-01 09:43 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2008-04-01 09:43 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll 2008-04-01 09:42 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-04-01 09:42 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-04-01 09:42 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-04-01 09:42 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys 2008-04-01 09:42 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-04-01 09:42 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-04-01 09:42 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-04-01 09:42 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-04-01 09:42 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-04-01 09:41 2,048 ----a-w C:\Windows\System32\msxml3r.dll 2008-04-01 09:41 1,191,936 ----a-w C:\Windows\System32\msxml3.dll 2008-04-01 09:40 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-04-01 09:40 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-04-01 09:40 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-04-01 09:40 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-04-01 09:40 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-04-01 09:39 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-04-01 09:39 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2008-04-01 09:39 2,048 ----a-w C:\Windows\System32\asferror.dll 2008-04-01 09:39 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-04-01 09:38 2,048 ----a-w C:\Windows\System32\msxml6r.dll 2008-04-01 09:38 1,335,296 ----a-w C:\Windows\System32\msxml6.dll 2008-04-01 09:36 84,480 ----a-w C:\Windows\System32\INETRES.dll 2008-04-01 09:36 737,792 ----a-w C:\Windows\System32\inetcomm.dll 2008-04-01 09:36 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-04-01 09:36 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-07 19:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll 2008-02-07 19:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll 2008-02-07 19:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll 2008-02-07 19:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll 2008-02-07 19:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll 2008-02-07 19:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll 2008-02-07 19:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll 2007-03-16 15:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll 2007-03-16 15:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll 2007-03-16 15:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll 2007-07-20 10:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll 2008-02-07 19:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll . ((((((((((((((((((((((((((((( snapshot@2008-04-02_11.45.42,76 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-01 09:37:01 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll - 2008-04-01 09:30:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll + 2008-02-21 04:43:35 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll - 2008-04-02 09:36:22 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-05-08 19:27:09 67,584 --s-a-w C:\Windows\bootstat.dat - 2000-08-31 06:00:00 163,328 ----a-w C:\Windows\erdnt\Hiv-backup\ERDNT.EXE + 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\Hiv-backup\ERDNT.EXE + 2000-08-31 06:00:00 73,728 ----a-w C:\Windows\fdsv.exe + 2000-08-31 06:00:00 80,412 ----a-w C:\Windows\grep.exe + 2006-11-02 12:35:47 2,048 ----a-w C:\Windows\Help\Tablet PC\PTRes.dll + 2006-11-02 12:35:43 2,048 ----a-w C:\Windows\Help\Tablet PC\TTRes.dll - 2008-04-01 10:48:29 665,600 ----a-w C:\Windows\inf\drvindex.dat + 2008-04-11 10:36:10 665,600 ----a-w C:\Windows\inf\drvindex.dat - 2008-04-01 10:48:38 51,200 ----a-w C:\Windows\inf\infpub.dat + 2008-04-21 11:24:41 51,200 ----a-w C:\Windows\inf\infpub.dat - 2008-04-01 10:48:28 86,016 ----a-w C:\Windows\inf\infstor.dat + 2008-04-21 11:14:55 86,016 ----a-w C:\Windows\inf\infstor.dat - 2008-04-01 10:48:28 86,016 ----a-w C:\Windows\inf\infstrng.dat + 2008-04-21 11:24:41 86,016 ----a-w C:\Windows\inf\infstrng.dat + 2006-10-26 21:00:12 1,841,984 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL + 2008-04-23 07:49:28 27,136 ----a-r C:\Windows\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe + 2008-04-21 11:25:43 6,144 ----a-r C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED1.exe + 2008-04-22 13:41:35 61,440 ----a-r C:\Windows\Installer\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}\ARPICON.exe + 2008-04-22 13:41:35 49,152 ----a-r C:\Windows\Installer\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe + 2008-04-22 13:41:34 61,440 ----a-r C:\Windows\Installer\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe + 2008-04-22 13:41:35 61,440 ----a-r C:\Windows\Installer\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}\pncico.exe.C76E2E86_AE54_4AF5_997C_63EBB83C7651.exe + 2008-04-15 17:08:11 86,016 ----a-r C:\Windows\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe + 2008-04-15 17:09:40 102,400 ----a-r C:\Windows\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe - 2008-04-01 19:53:28 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-04-11 10:25:47 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2008-04-01 19:53:29 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2008-04-11 10:25:47 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2008-04-01 19:53:28 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2008-04-11 10:25:47 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2008-04-01 19:53:28 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-04-11 10:25:47 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-04-01 19:53:29 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-04-11 10:25:47 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2008-04-01 19:53:29 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-04-11 10:25:47 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2008-04-01 19:53:29 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2008-04-11 10:25:48 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-04-01 19:53:28 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2008-04-11 10:25:47 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-04-01 19:53:29 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-04-11 10:25:47 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2008-04-01 19:53:29 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2008-04-11 10:25:47 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2008-04-01 19:53:29 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2008-04-11 10:25:47 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-04-01 19:53:28 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2008-04-11 10:25:47 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-04-01 19:53:48 20,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe + 2008-04-11 10:26:07 20,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe - 2008-04-01 19:53:48 184,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe + 2008-04-11 10:26:07 184,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe - 2008-04-01 19:53:48 217,864 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe + 2008-04-11 10:26:07 217,864 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe - 2008-04-01 19:53:48 18,704 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe + 2008-04-11 10:26:07 18,704 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe - 2008-04-01 19:53:48 35,088 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe + 2008-04-11 10:26:07 35,088 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe - 2008-04-01 19:53:48 922,384 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe + 2008-04-11 10:26:07 922,384 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe - 2008-04-01 19:53:48 888,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe + 2008-04-11 10:26:07 888,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe - 2008-04-01 19:53:48 1,172,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe + 2008-04-11 10:26:07 1,172,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe + 2008-04-08 18:39:31 29,926 ----a-r C:\Windows\Installer\{A0C978B8-B82B-4FAD-8C31-EBEE8E57468A}\MsblIco.Exe + 2008-04-03 10:39:14 295,606 ----a-r C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-A81200000003}\SC_Reader.exe + 2006-11-02 12:36:03 2,560 ----a-w C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll + 2006-11-02 12:36:02 2,560 ----a-w C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll + 2006-11-02 08:12:29 2,048 ----a-w C:\Windows\MSAgent\AgtUI.dll + 2007-07-11 04:02:27 2,134 ----a-w C:\Windows\OEMCert\oem_demo.vbs + 2007-08-16 12:10:33 1,672 ----a-w C:\Windows\Panther\prep.vbs + 2007-07-20 00:02:39 2,085 ----a-w C:\Windows\Panther\SetWinRE\SetWinRE.cmd + 2000-08-31 06:00:00 98,816 ----a-w C:\Windows\sed.exe + 2008-05-08 19:27:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-05-08 19:27:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-04-21 20:11:16 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-04-21 20:11:16 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-01 09:50:30 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-04-11 10:17:35 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-04-21 20:11:16 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-04-02 09:38:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-05-08 19:32:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-05-08 18:35:46 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-05-08 18:35:46 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-01 09:52:13 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-04-11 10:20:08 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-05-08 18:35:46 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-04-02 09:38:12 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-05-08 19:32:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-05-08 19:32:04 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 + 2000-08-31 06:00:00 161,792 ----a-w C:\Windows\swreg.exe + 2000-08-31 06:00:00 136,704 ----a-w C:\Windows\swsc.exe + 2000-08-31 06:00:00 212,480 ----a-w C:\Windows\swxcacls.exe + 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\system\keyboard.drv + 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\system\mouse.drv + 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\system\sound.drv + 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\system\vga.drv + 2006-11-02 07:11:39 2,048 ----a-w C:\Windows\System32\acprgwiz.dll - 2008-04-01 09:30:43 124,928 ----a-w C:\Windows\System32\advpack.dll + 2008-02-21 04:43:34 124,928 ----a-w C:\Windows\System32\advpack.dll + 2006-11-02 06:56:11 2,560 ----a-w C:\Windows\System32\bootstr.dll + 2006-11-02 07:38:48 2,048 ----a-w C:\Windows\System32\bridgeres.dll + 2006-11-02 09:46:02 65,536 ----a-w C:\Windows\System32\ceutil.dll - 2006-11-02 09:51:44 615,528 ----a-w C:\Windows\System32\ci.dll + 2008-02-19 05:10:22 620,088 ----a-w C:\Windows\System32\ci.dll - 2008-04-02 09:38:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-05-08 18:31:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-04-02 09:38:53 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-05-08 18:31:09 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-02 09:38:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-05-08 18:31:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-04-02 09:41:32 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-05-08 19:41:29 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-05-08 19:41:29 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 + 2006-11-02 12:36:25 2,048 ----a-w C:\Windows\System32\dfsrres.dll - 2007-01-31 11:45:08 101,904 ----a-w C:\Windows\System32\dneinobj.dll + 2008-02-22 09:19:04 109,840 ----a-w C:\Windows\System32\dneinobj.dll + 2007-07-24 13:17:08 81,920 ----a-w C:\Windows\System32\dns-sd.exe - 2006-11-02 09:46:04 162,816 ----a-w C:\Windows\System32\dnsapi.dll + 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\System32\dnsapi.dll - 2006-11-02 09:45:02 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe + 2007-12-16 11:41:39 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe - 2006-11-02 09:46:04 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll + 2007-12-16 11:42:18 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll + 2007-07-24 13:17:08 61,440 ----a-w C:\Windows\System32\dnssd.dll + 2007-07-16 09:57:12 306,299 ----a-w C:\Windows\System32\drivers\CVPNDRVA.sys - 2007-01-31 11:45:06 127,376 ----a-w C:\Windows\System32\drivers\dne2000.sys + 2008-02-22 09:19:04 125,200 ----a-w C:\Windows\System32\drivers\dne2000.sys - 2006-09-19 12:44:04 15,664 ----a-w C:\Windows\System32\drivers\GEARAspiWDM.sys + 2008-01-29 10:01:28 16,168 ----a-w C:\Windows\System32\drivers\GEARAspiWDM.sys - 2007-07-24 05:40:36 79,304 ----a-w C:\Windows\System32\drivers\mfeavfk.sys + 2007-11-22 04:44:08 79,304 ----a-w C:\Windows\System32\drivers\mfeavfk.sys - 2007-07-21 07:08:24 35,240 ----a-w C:\Windows\System32\drivers\mfebopk.sys + 2007-11-22 04:44:08 35,240 ----a-w C:\Windows\System32\drivers\mfebopk.sys - 2007-07-21 07:08:24 201,288 ----a-w C:\Windows\System32\drivers\mfehidk.sys + 2007-11-22 04:44:08 201,320 ----a-w C:\Windows\System32\drivers\mfehidk.sys - 2007-07-24 10:02:36 33,800 ----a-w C:\Windows\System32\drivers\mferkdk.sys + 2007-11-22 04:44:04 33,832 ----a-w C:\Windows\System32\drivers\mferkdk.sys - 2007-07-21 07:08:24 40,488 ----a-w C:\Windows\System32\drivers\mfesmfk.sys + 2007-12-02 10:51:42 40,488 ----a-w C:\Windows\System32\drivers\mfesmfk.sys + 2006-11-02 08:55:05 31,616 ----a-w C:\Windows\System32\drivers\winusb.sys + 2008-02-22 09:19:04 125,200 ----a-w C:\Windows\System32\DriverStore\FileRepository\dne2000.inf_f92ba631\dne2000.sys + 2008-02-22 09:19:04 109,840 ----a-w C:\Windows\System32\DriverStore\FileRepository\dne2000.inf_f92ba631\dneinobj.dll + 2006-11-02 08:27:54 2,048 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnca001.inf_92fbd03f\I386\CNBPGR02.DLL + 2006-11-02 09:41:10 2,560 ----a-w C:\Windows\System32\DriverStore\FileRepository\prndc001.inf_79bb12be\I386\DICONRES.DLL + 2006-09-18 21:40:29 1,960 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE11.DAT + 2006-09-18 21:40:29 1,778 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE12.DAT + 2006-09-18 21:40:29 1,960 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE16.DAT + 2006-09-18 21:40:29 1,992 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE2J.DAT + 2006-09-18 21:40:29 1,948 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE2K.DAT + 2006-09-18 21:40:29 2,128 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE2M.DAT + 2006-09-18 21:40:29 2,398 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3N.DAT + 2006-09-18 21:40:29 1,976 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3O.DAT + 2006-09-18 21:40:29 1,764 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3P.DAT + 2006-09-18 21:40:29 2,398 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3Q.DAT + 2006-09-18 21:40:29 2,618 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3T.DAT + 2006-09-18 21:40:29 2,188 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3V.DAT + 2006-09-18 21:40:29 2,984 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE4A.DAT + 2006-09-18 21:40:29 2,632 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE4D.DAT + 2006-09-18 21:40:30 2,496 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE4S.DAT + 2008-02-18 09:16:24 30,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\usbaapl.inf_f458dbf2\usbaapl.sys - 2008-04-01 09:30:39 347,136 ----a-w C:\Windows\System32\dxtmsft.dll + 2008-02-21 04:43:35 347,136 ----a-w C:\Windows\System32\dxtmsft.dll - 2008-04-01 09:30:39 214,528 ----a-w C:\Windows\System32\dxtrans.dll + 2008-02-21 04:43:35 214,528 ----a-w C:\Windows\System32\dxtrans.dll - 2008-04-01 09:46:57 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll + 2008-02-29 06:34:50 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll - 2008-04-01 10:39:51 405,352 ----a-w C:\Windows\System32\FNTCACHE.DAT + 2008-04-11 10:40:12 405,352 ----a-w C:\Windows\System32\FNTCACHE.DAT - 2006-11-02 09:46:05 296,448 ----a-w C:\Windows\System32\gdi32.dll + 2008-02-21 04:43:35 296,448 ----a-w C:\Windows\System32\gdi32.dll - 2006-10-03 17:47:52 109,360 ----a-w C:\Windows\System32\GEARAspi.dll + 2008-01-29 10:02:30 107,368 ----a-w C:\Windows\System32\GEARAspi.dll - 2008-04-01 09:30:37 63,488 ----a-w C:\Windows\System32\icardie.dll + 2008-02-21 04:43:35 63,488 ----a-w C:\Windows\System32\icardie.dll - 2008-04-01 09:30:34 70,656 ----a-w C:\Windows\System32\ie4uinit.exe + 2008-02-21 04:43:03 70,656 ----a-w C:\Windows\System32\ie4uinit.exe - 2008-04-01 09:30:40 383,488 ----a-w C:\Windows\System32\ieapfltr.dll + 2008-02-21 04:43:35 383,488 ----a-w C:\Windows\System32\ieapfltr.dll - 2008-04-01 09:30:48 6,066,176 ----a-w C:\Windows\System32\ieframe.dll + 2008-02-21 04:43:35 6,066,176 ----a-w C:\Windows\System32\ieframe.dll - 2008-04-01 09:30:34 44,544 ----a-w C:\Windows\System32\iernonce.dll + 2008-02-21 04:43:36 44,544 ----a-w C:\Windows\System32\iernonce.dll - 2008-04-01 09:30:33 56,320 ----a-w C:\Windows\System32\iesetup.dll + 2008-02-21 04:43:36 56,320 ----a-w C:\Windows\System32\iesetup.dll - 2008-04-01 09:30:49 180,736 ----a-w C:\Windows\System32\ieui.dll + 2008-02-21 04:43:36 180,736 ----a-w C:\Windows\System32\ieui.dll - 2008-04-01 09:30:35 26,624 ----a-w C:\Windows\System32\ieUnatt.exe + 2008-02-21 04:43:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe + 2006-11-02 09:39:39 2,048 ----a-w C:\Windows\System32\iologmsg.dll - 2008-04-01 09:30:42 27,648 ----a-w C:\Windows\System32\jsproxy.dll + 2008-02-21 04:43:36 27,648 ----a-w C:\Windows\System32\jsproxy.dll - 2008-04-01 09:46:59 6,656 ----a-w C:\Windows\System32\kbd106n.dll + 2008-02-29 06:35:17 6,656 ----a-w C:\Windows\System32\kbd106n.dll - 2006-11-02 08:30:44 8,704 ----a-w C:\Windows\System32\kd1394.dll + 2008-02-29 06:51:24 19,000 ----a-w C:\Windows\System32\kd1394.dll + 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\System32\keyboard.drv - 2007-07-12 20:02:38 1,044,480 ----a-w C:\Windows\System32\libdivx.dll + 2008-03-21 20:30:00 1,044,480 ----a-w C:\Windows\System32\libdivx.dll + 2006-11-02 07:38:59 2,048 ----a-w C:\Windows\System32\lltdres.dll + 2008-03-25 03:21:18 2,889,088 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32.dll + 2008-03-25 03:21:20 218,496 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-04-15 10:15:13 70,264 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_plugin.exe + 2006-11-02 12:35:51 2,048 ----a-w C:\Windows\System32\mferror.dll - 2008-04-01 09:30:42 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll + 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll + 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\System32\mouse.drv - 2008-03-05 06:30:56 19,148,408 ----a-w C:\Windows\System32\mrt.exe + 2008-04-06 05:56:20 19,836,024 ----a-w C:\Windows\System32\mrt.exe - 2008-04-01 09:30:45 3,592,192 ----a-w C:\Windows\System32\mshtml.dll + 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\System32\mshtml.dll - 2008-04-01 09:30:46 478,208 ----a-w C:\Windows\System32\mshtmled.dll + 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\System32\mshtmled.dll + 2006-11-02 07:15:56 2,560 ----a-w C:\Windows\System32\msimsg.dll + 2006-11-02 07:18:28 2,048 ----a-w C:\Windows\System32\msprivs.dll - 2008-04-01 09:30:38 671,232 ----a-w C:\Windows\System32\mstime.dll + 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\System32\mstime.dll + 2006-11-02 09:41:16 2,048 ----a-w C:\Windows\System32\neth.dll + 2006-11-02 09:41:17 2,048 ----a-w C:\Windows\System32\netmsg.dll + 2008-03-31 11:07:41 2,456 ----a-w C:\Windows\System32\networklist\icons\{73FFCAE2-5DC0-4ABE-815D-B3A68928C3DD}_24.bin + 2008-04-06 18:34:23 2,456 ----a-w C:\Windows\System32\networklist\icons\{AE1CF7E2-F588-4F10-B051-DB3909160F3C}_24.bin + 2008-04-06 18:34:23 4,280 ----a-w C:\Windows\System32\networklist\icons\{AE1CF7E2-F588-4F10-B051-DB3909160F3C}_32.bin + 2008-04-06 18:34:23 9,560 ----a-w C:\Windows\System32\networklist\icons\{AE1CF7E2-F588-4F10-B051-DB3909160F3C}_48.bin + 2008-04-28 17:10:14 2,456 ----a-w C:\Windows\System32\networklist\icons\{E845501B-DAEA-4DA3-8C7D-A042DDD526E5}_24.bin + 2008-04-28 17:10:14 4,280 ----a-w C:\Windows\System32\networklist\icons\{E845501B-DAEA-4DA3-8C7D-A042DDD526E5}_32.bin + 2008-04-28 17:10:14 9,560 ----a-w C:\Windows\System32\networklist\icons\{E845501B-DAEA-4DA3-8C7D-A042DDD526E5}_48.bin + 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\bench_24.bin + 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\house_24.bin + 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\office_24.bin + 2006-11-02 08:33:06 2,560 ----a-w C:\Windows\System32\normaliz.dll + 2006-11-02 07:08:53 2,048 ----a-w C:\Windows\System32\oleaccrc.dll - 2008-04-02 09:44:39 103,924 ----a-w C:\Windows\System32\perfc009.dat + 2008-05-08 19:34:07 104,768 ----a-w C:\Windows\System32\perfc009.dat - 2008-04-02 09:44:40 122,796 ----a-w C:\Windows\System32\perfc013.dat + 2008-05-08 19:34:07 123,842 ----a-w C:\Windows\System32\perfc013.dat - 2008-04-02 09:44:40 610,142 ----a-w C:\Windows\System32\perfh009.dat + 2008-05-08 19:34:07 613,046 ----a-w C:\Windows\System32\perfh009.dat - 2008-04-02 09:44:40 689,618 ----a-w C:\Windows\System32\perfh013.dat + 2008-05-08 19:34:07 692,574 ----a-w C:\Windows\System32\perfh013.dat - 2008-04-01 09:30:43 44,544 ----a-w C:\Windows\System32\pngfilt.dll + 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\System32\pngfilt.dll - 2007-01-09 11:00:00 72,440 ------w C:\Windows\System32\pxhpinst.exe + 2007-03-07 23:51:00 72,440 ------w C:\Windows\System32\pxhpinst.exe - 2007-01-09 11:00:00 64,760 ------w C:\Windows\System32\pxinsa64.exe + 2007-03-07 23:51:00 64,760 ------w C:\Windows\System32\pxinsa64.exe + 2006-11-02 09:46:12 91,136 ----a-w C:\Windows\System32\rapi.dll + 2006-11-02 09:46:12 14,848 ----a-w C:\Windows\System32\rapiproxystub.dll + 2006-11-02 09:46:12 203,776 ----a-w C:\Windows\System32\rapistub.dll + 2006-11-02 07:10:00 2,842 ----a-w C:\Windows\System32\redir.exe + 2006-11-02 09:43:00 2,560 ----a-w C:\Windows\System32\rnr20.dll - 2006-11-02 12:36:17 313,856 ----a-w C:\Windows\System32\rstrui.exe + 2008-02-29 06:38:54 313,856 ----a-w C:\Windows\System32\rstrui.exe + 2006-11-02 12:34:48 2,048 ----a-w C:\Windows\System32\SampleRes.dll + 2007-10-18 09:31:46 51,224 ----a-w C:\Windows\System32\sirenacm.dll - 2008-04-02 08:32:14 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2008-04-11 10:48:33 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\System32\sound.drv + 2006-11-02 09:46:11 527,872 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPF900AL.DLL + 2006-11-02 09:46:05 1,861,120 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPFIMG50.DLL + 2006-11-02 09:46:05 96,768 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPFUD50.DLL + 2006-11-02 09:46:11 139,264 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\HPFUI50.DLL - 2006-11-02 12:36:17 40,960 ----a-w C:\Windows\System32\srclient.dll + 2008-02-29 06:39:13 40,960 ----a-w C:\Windows\System32\srclient.dll - 2006-11-02 12:36:17 371,712 ----a-w C:\Windows\System32\srcore.dll + 2008-02-29 06:39:13 371,712 ----a-w C:\Windows\System32\srcore.dll - 2006-11-02 12:36:17 16,384 ----a-w C:\Windows\System32\srdelayed.exe + 2008-02-29 06:38:59 16,384 ----a-w C:\Windows\System32\srdelayed.exe - 2007-07-12 20:02:38 200,704 ----a-w C:\Windows\System32\ssldivx.dll + 2008-03-21 20:30:00 200,704 ----a-w C:\Windows\System32\ssldivx.dll + 2007-07-03 02:42:32 2,017 ----a-w C:\Windows\System32\sysprep\snyDtScUtil.vbs + 2007-07-03 02:42:32 1,883 ----a-w C:\Windows\System32\sysprep\Snytools\[u]0[/u]1_DRD\DRD.vbs + 2007-07-03 02:42:32 1,754 ----a-w C:\Windows\System32\sysprep\Snytools\[u]0[/u]4_OF7\WIME2007.vbs + 2008-04-01 09:31:53 2,048 ----a-w C:\Windows\System32\tzres.dll + 2005-03-01 09:27:04 245,408 ----a-w C:\Windows\System32\unicows.dll - 2008-04-01 09:30:42 1,159,680 ----a-w C:\Windows\System32\urlmon.dll + 2008-02-21 04:43:41 1,159,680 ----a-w C:\Windows\System32\urlmon.dll + 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\System32\vga.drv + 2007-07-16 09:58:10 197,408 ----a-w C:\Windows\System32\vpnapi.dll + 2006-11-02 07:15:27 2,048 ----a-w C:\Windows\System32\wbem\WmiApRes.dll + 2006-11-02 09:46:13 14,848 ----a-w C:\Windows\System32\wcescommproxy.dll + 2008-05-08 19:33:05 6,868 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1848425718-1715541338-861444739-1000_UserData.bin - 2008-04-02 09:38:35 62,568 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-05-08 19:33:03 70,102 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-04-19 21:36:52 2,982 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat - 2008-04-02 09:38:31 30,618 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-05-08 19:33:00 41,724 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-04-01 16:41:39 68,462 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-04-29 21:35:39 214,486 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-04-21 10:28:11 217,040 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin - 2008-04-01 09:52:42 2,027,008 ----a-w C:\Windows\System32\win32k.sys + 2008-02-29 04:16:38 2,027,008 ----a-w C:\Windows\System32\win32k.sys - 2008-04-01 09:30:42 824,832 ----a-w C:\Windows\System32\wininet.dll + 2008-02-21 04:43:42 826,368 ----a-w C:\Windows\System32\wininet.dll - 2008-04-01 09:46:54 943,800 ----a-w C:\Windows\System32\winload.exe + 2008-02-14 23:19:24 944,184 ----a-w C:\Windows\System32\winload.exe + 2006-11-02 07:10:22 2,864 ----a-w C:\Windows\System32\WINSOCK.DLL + 2006-11-02 07:10:18 2,112 ----a-w C:\Windows\System32\WINSPOOL.EXE + 2006-11-02 09:46:14 20,480 ----a-w C:\Windows\System32\wmcoinst.dll + 2006-11-02 12:35:54 2,048 ----a-w C:\Windows\System32\wmerror.dll + 2006-11-02 07:10:27 2,864 ----a-w C:\Windows\System32\WOWDEB.EXE + 2000-08-31 06:00:00 49,152 ----a-w C:\Windows\VFind.exe + 2006-11-02 09:46:02 22,016 ----a-w C:\Windows\WindowsMobile\BthASPlugin.dll + 2006-11-02 09:46:04 10,752 ----a-w C:\Windows\WindowsMobile\dtptdns.dll + 2006-11-02 09:46:12 167,424 ----a-w C:\Windows\WindowsMobile\rapimgr.dll + 2006-11-02 09:46:13 16,384 ----a-w C:\Windows\WindowsMobile\tcp2udp.dll + 2006-11-02 09:46:13 365,568 ----a-w C:\Windows\WindowsMobile\wcescomm.dll + 2006-11-02 09:45:59 215,552 ----a-w C:\Windows\WindowsMobile\wmdSync.exe + 2008-04-11 10:37:36 23,328,374 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9\AcRes.dll + 2007-08-02 15:15:11 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16444_none_0a14b72ff542b5ae\AcRes.dll + 2007-08-02 15:18:23 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16485_none_09ea77c9f5623ec9\AcRes.dll + 2008-04-01 09:37:01 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16633_none_0a1e8a9df53b7ab4\AcRes.dll + 2007-08-02 15:15:12 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20543_none_0a9d53b10e613c21\AcRes.dll + 2007-08-02 15:18:23 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20597_none_0a6b453d0e862d32\AcRes.dll + 2008-04-01 09:37:00 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20762_none_0a86b75b0e7254fa\AcRes.dll + 2006-11-02 07:11:39 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6000.16386_none_92936507ab8702dd\acprgwiz.dll + 2008-02-21 04:43:34 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16643_none_a9bce801f5c7b8c8\advpack.dll + 2008-02-22 04:48:31 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20777_none_aa2a16310efa11c1\advpack.dll + 2006-11-02 08:12:29 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-agent0409_31bf3856ad364e35_6.0.6000.16386_none_cba6dc9d9ccc4898\AgtUI.dll + 2006-11-02 06:56:11 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-strings_31bf3856ad364e35_6.0.6000.16386_none_f64b4db1100349a8\bootstr.dll + 2008-02-29 06:53:29 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\setbcdlocale.dll + 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winload.exe + 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winresume.exe + 2008-02-29 06:37:41 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\setbcdlocale.dll + 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winload.exe + 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winresume.exe + 2008-02-29 06:51:24 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.16646_none_61bfda98f6d6f5d5\kd1394.dll + 2008-02-29 06:54:17 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.20782_none_621a368c1018a007\kd1394.dll + 2008-02-29 07:14:21 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.18027_none_63bcb960f3ec683b\kd1394.dll + 2008-02-29 06:57:07 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.22125_none_644455980d0bd557\kd1394.dll + 2008-02-14 23:19:24 944,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winload.exe + 2008-04-01 09:46:54 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winresume.exe + 2008-02-14 23:13:10 944,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winload.exe + 2008-04-01 09:46:53 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winresume.exe + 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winload.exe + 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winresume.exe + 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winload.exe + 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winresume.exe + 2006-11-02 09:41:17 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6000.16386_none_1525f574c2807ea3\netmsg.dll + 2008-02-19 05:10:22 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.16642_none_9e68737c07b7f5c7\ci.dll + 2008-02-19 04:54:56 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.20775_none_9ed4a16120eb3569\ci.dll + 2008-02-22 05:05:52 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.18023_none_a065524404cd682d\ci.dll + 2008-02-22 04:57:25 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.22120_none_a0ebee311dedbbf2\ci.dll + 2006-11-02 12:36:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6000.16386_none_b442caae9d1904a7\dfsrres.dll + 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsapi.dll + 2007-12-16 11:41:39 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe + 2007-12-16 11:42:18 83,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll + 2007-12-16 11:49:22 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsapi.dll + 2007-12-16 09:41:27 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnscacheugc.exe + 2007-12-16 11:49:22 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll + 2008-02-21 04:43:35 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16643_none_57702c844c48b643\gdi32.dll + 2008-02-22 04:49:18 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20777_none_57dd5ab3657b0f3c\gdi32.dll + 2008-02-22 04:57:23 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\gdi32.dll + 2008-02-22 04:48:18 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22120_none_59f2a6ef627f6317\gdi32.dll + 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16643_none_ebb7f1b116609ec7\pngfilt.dll + 2008-02-22 04:51:42 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20777_none_ec251fe02f92f7c0\pngfilt.dll + 2008-02-21 04:43:41 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16643_none_b2d49a63d9c1162b\urlmon.dll + 2008-02-22 04:52:08 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20777_none_b341c892f2f36f24\urlmon.dll + 2008-02-22 05:01:33 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18023_none_b4d078e1d6d76f3a\urlmon.dll + 2008-02-22 04:52:15 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22120_none_b55714ceeff7c2ff\urlmon.dll + 2008-02-29 06:34:50 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.16646_none_ebb5eec692f230bc\f3ahvoas.dll + 2008-02-29 06:30:51 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.20782_none_ec104ab9ac33daee\f3ahvoas.dll + 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16643_none_deb7292c7f69d59a\mstime.dll + 2008-02-22 04:50:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20777_none_df24575b989c2e93\mstime.dll + 2008-02-22 04:59:51 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18023_none_e0b307aa7c802ea9\mstime.dll + 2008-02-22 04:50:26 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22120_none_e139a39795a0826e\mstime.dll + 2008-02-29 06:35:17 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.16646_none_dafbedd9168fe683\kbd106n.dll + 2008-02-29 06:31:23 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.20782_none_db5649cc2fd190b5\kbd106n.dll + 2006-11-02 06:58:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16386_none_1310947a0ca7000f\tzres.dll + 2007-08-02 15:14:16 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16483_none_130d95820ca9b131\tzres.dll + 2008-04-01 09:31:53 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16589_none_131399240ca44662\tzres.dll + 2007-08-02 15:14:16 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20594_none_138d62ab25ce8643\tzres.dll + 2008-04-01 09:31:53 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20712_none_13e1e543258f6e5b\tzres.dll + 2008-02-21 04:43:36 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\jsproxy.dll + 2008-02-21 04:43:42 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll + 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\WininetPlugin.dll + 2008-02-22 04:49:41 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\jsproxy.dll + 2008-02-22 04:52:15 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll + 2008-02-22 04:52:15 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\WininetPlugin.dll + 2008-02-22 04:58:23 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\jsproxy.dll + 2008-02-22 05:01:41 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll + 2008-02-22 05:01:41 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\WininetPlugin.dll + 2008-02-22 04:49:22 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\jsproxy.dll + 2008-02-22 04:52:21 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll + 2008-02-22 04:52:21 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\WininetPlugin.dll + 2007-08-02 15:26:51 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dat + 2008-02-21 04:43:35 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dll + 2007-08-02 15:26:51 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dat + 2008-02-22 04:49:22 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dll + 2008-02-21 04:43:35 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtmsft.dll + 2008-02-21 04:43:35 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtrans.dll + 2008-02-22 04:49:00 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtmsft.dll + 2008-02-22 04:49:00 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtrans.dll + 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16643_none_461a6bef465befcc\mshtmled.dll + 2008-02-22 04:50:17 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20777_none_46879a1e5f8e48c5\mshtmled.dll + 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none_113495242520a5f4\mshtml.dll + 2008-02-22 04:50:17 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none_11a1c3533e52feed\mshtml.dll + 2008-02-22 04:59:30 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none_133073a22236ff03\mshtml.dll + 2008-02-22 04:50:05 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none_13b70f8f3b5752c8\mshtml.dll + 2008-02-21 04:43:35 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16643_none_588d01ee673531fd\icardie.dll + 2008-02-22 04:49:21 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20777_none_58fa301d80678af6\icardie.dll + 2008-02-21 04:43:03 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\ieUnatt.exe + 2008-02-21 04:43:03 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe + 2008-02-22 02:43:50 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\ieUnatt.exe + 2008-02-22 02:44:11 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe + 2008-02-21 04:43:03 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\ie4uinit.exe + 2008-02-21 04:43:36 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iernonce.dll + 2008-02-21 04:43:36 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iesetup.dll + 2008-02-22 02:43:42 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\ie4uinit.exe + 2008-02-22 04:49:24 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iernonce.dll + 2008-02-22 04:49:24 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iesetup.dll + 2008-02-21 04:43:35 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16643_none_29e74e1c682049a3\iebrshim.dll + 2008-02-22 04:49:22 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20777_none_2a547c4b8152a29c\iebrshim.dll + 2008-02-21 04:43:35 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieframe.dll + 2008-02-21 04:43:36 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieui.dll + 2008-02-22 04:49:24 6,067,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieframe.dll + 2008-02-22 04:49:24 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieui.dll + 2008-02-21 04:43:03 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16643_none_e68d5ba694998859\ieinstal.exe + 2008-02-22 02:44:02 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20777_none_e6fa89d5adcbe152\ieinstal.exe + 2008-02-21 04:43:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16643_none_0b3590c2d714480b\ieuser.exe + 2008-02-22 02:44:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20777_none_0ba2bef1f046a104\ieuser.exe + 2006-11-02 12:36:24 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6000.16386_none_7eea120bb51aecf6\iismui.dll + 2006-11-02 07:15:56 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6000.16386_none_0143bc2fb699ae2d\msimsg.dll + 2006-11-02 08:33:06 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6000.16386_none_e773a28cdcd5ef62\normaliz.dll + 2006-11-02 09:39:39 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iologgingdll_31bf3856ad364e35_6.0.6000.16386_none_b4a74430ff7bd85d\iologmsg.dll + 2006-11-02 07:18:28 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs_31bf3856ad364e35_6.0.6000.16386_none_09e22f167e7ac9b3\msprivs.dll + 2006-11-02 12:35:51 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16386_none_9a286d400fd699af\mferror.dll + 2006-11-02 12:35:57 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.16386_none_a57f2ea4437cfc78\asferror.dll + 2008-04-01 09:39:23 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.16585_none_a57e3226437ddd6f\asferror.dll + 2008-04-01 09:39:22 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.20708_none_a66151155c57e6dd\asferror.dll + 2006-11-02 12:35:54 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmerror_31bf3856ad364e35_6.0.6000.16386_none_351e30f1ba0b5cbe\wmerror.dll + 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16386_none_86377e9e99eb1168\msxml3r.dll + 2008-04-01 09:41:29 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16500_none_8688000e99af9424\msxml3r.dll + 2008-04-01 09:41:30 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20613_none_8709cdcbb2d29be4\msxml3r.dll + 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16386_none_86373a4699eb5e4b\msxml6r.dll + 2008-04-01 09:38:57 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16472_none_863e0af099e6da25\msxml6r.dll + 2008-04-01 09:38:56 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20582_none_86bcd7cfb30c95e0\msxml6r.dll + 2006-11-02 09:41:16 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6000.16386_none_4ffb8f84758bff07\neth.dll + 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\bench_24.bin + 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\house_24.bin + 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\office_24.bin + 2006-11-02 07:38:48 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6000.16386_none_05b32edf092a8853\bridgeres.dll + 2006-11-02 07:38:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networktopology_31bf3856ad364e35_6.0.6000.16386_none_cf1f3538fd925a7b\lltdres.dll + 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\keyboard.drv + 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\mouse.drv + 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\sound.drv + 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\vga.drv + 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\keyboard.drv + 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\mouse.drv + 2006-11-02 07:10:00 2,842 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\redir.exe + 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\sound.drv + 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\vga.drv + 2006-11-02 07:10:22 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSOCK.DLL + 2006-11-02 07:10:18 2,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSPOOL.EXE + 2006-11-02 07:10:27 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WOWDEB.EXE + 2008-03-17 22:43:16 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16660_none_f060fbf66e8469dc\OESpamFilter.dat + 2008-03-17 22:16:50 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20801_none_f12c7a798770787e\OESpamFilter.dat + 2008-03-17 22:18:52 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18040_none_f25cda746b9ac2eb\OESpamFilter.dat + 2008-03-17 22:17:41 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22144_none_f2ea786784b4c811\OESpamFilter.dat + 2006-11-02 07:08:53 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oleaccrc_31bf3856ad364e35_6.0.6000.16386_none_76f32d528a780cf2\oleaccrc.dll + 2006-11-02 12:34:48 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photosamples_31bf3856ad364e35_6.0.6000.16386_none_95425ac284e42b43\SampleRes.dll + 2008-04-06 06:17:40 1,744,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\apds.dll + 2008-04-06 06:17:43 222,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\apircl.dll + 2008-04-06 06:17:40 199,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\apss.dll + 2008-04-06 06:17:43 534,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\CbsCore.dll + 2008-04-06 06:17:42 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\CbsMsg.dll + 2008-04-06 06:17:41 119,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\cmiadapter.dll + 2008-04-06 06:17:43 271,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\cmitrust.dll + 2008-04-06 06:17:45 2,032,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\cmiv2.dll + 2008-04-06 06:17:43 238,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\CntrtextInstaller.dll + 2008-04-06 06:17:39 258,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\dpx.dll + 2008-04-06 06:17:45 99,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\DrUpdate.dll + 2008-04-06 06:17:44 246,784 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\drvstore.dll + 2008-04-06 06:17:41 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\esscli.dll + 2008-04-06 06:17:41 614,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\fastprox.dll + 2008-04-06 06:17:42 100,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\helpcins.dll + 2008-04-06 06:17:45 222,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\locdrv.dll + 2008-04-06 06:17:47 191,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\mofd.dll + 2008-04-06 06:17:43 102,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\mofinstall.dll + 2008-04-06 06:17:42 305,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\msdelta.dll + 2008-04-06 06:17:41 35,328 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\mspatcha.dll + 2008-04-06 06:17:44 146,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\OEMHelpIns.dll + 2008-04-06 06:17:44 130,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\PkgMgr.exe + 2008-04-06 06:17:40 118,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe + 2008-04-06 06:17:47 264,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\repdrvfs.dll + 2008-04-06 06:17:40 126,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\rescinst.dll + 2008-04-06 06:17:44 704,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\smiengine.dll + 2008-04-06 06:17:41 139,264 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\SmiInstaller.dll + 2008-04-06 06:17:44 116,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\smipi.dll + 2008-04-06 06:17:47 357,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\wbemcomn.dll + 2008-04-06 06:17:46 742,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\wbemcore.dll + 2008-04-06 06:17:45 30,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\wbemprox.dll + 2008-04-06 06:17:45 1,832,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\wcp.dll + 2008-04-06 06:17:44 218,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\wdscore.dll + 2008-04-06 06:17:42 83,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\wmiutils.dll + 2008-04-06 06:17:46 51,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\wrpint.dll + 2008-04-06 06:17:46 183,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\xmllite.dll + 2008-02-29 06:38:54 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\rstrui.exe + 2008-02-29 06:39:13 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srclient.dll + 2008-02-29 06:39:13 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srcore.dll + 2008-02-29 06:38:59 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srdelayed.exe + 2008-02-29 04:05:40 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\rstrui.exe + 2008-02-29 06:33:44 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srclient.dll + 2008-02-29 06:33:44 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srcore.dll + 2008-02-29 04:05:32 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srdelayed.exe + 2008-02-29 04:12:59 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\rstrui.exe + 2008-02-29 06:53:38 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srclient.dll + 2008-02-29 06:53:39 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srcore.dll + 2008-02-29 04:12:53 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srdelayed.exe + 2008-02-29 04:06:52 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\rstrui.exe + 2008-02-29 06:37:51 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srclient.dll + 2008-02-29 06:37:51 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srcore.dll + 2008-02-29 04:06:46 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srdelayed.exe + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penchs.dll + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\pencht.dll + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penjpn.dll + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penkor.dll + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penusa.dll + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\pipres.dll + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\skchobj.dll + 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\skchui.dll + 2006-11-02 12:35:47 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.0.6000.16386_none_3d7550f9c9692474\IPSEventLogMsg.dll + 2006-11-02 12:35:47 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tabletpc-pentraining_31bf3856ad364e35_6.0.6000.16386_none_dfb8647a7b1e856b\PTRes.dll + 2006-11-02 12:35:43 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tabletpc-touchtraining_31bf3856ad364e35_6.0.6000.16386_none_c41ca1245ce8094b\TTRes.dll + 2008-02-29 04:16:38 2,027,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys + 2008-02-29 04:14:24 2,028,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys + 2008-02-29 04:21:49 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys + 2008-02-29 04:15:56 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys + 2006-11-02 09:43:00 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.0.6000.16386_none_e12e74ad149badfc\rnr20.dll + 2006-11-02 07:15:27 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6000.16386_none_b71d411922ad8f1f\WmiApRes.dll + 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smierrsm.dll + 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smierrsy.dll + 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smimsgif.dll + 2006-11-02 12:36:03 2,560 ----a-w C:\Windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6000.16386_none_76336ee89b768fbf\ServiceModelEvents.dll + 2006-11-02 12:36:02 2,560 ----a-w C:\Windows\winsxs\x86_wcf-m_sm_ins_rc_dll_31bf3856ad364e35_6.0.6000.16386_none_c6c5835b4cd99252\ServiceModelInstallRC.dll + 2000-08-31 06:00:00 68,096 ----a-w C:\Windows\zip.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe" [2007-06-29 13:38 258048] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-03-25 04:59 507904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-02 17:12 1006264] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-30 03:07 137752] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-30 03:06 154136] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-30 03:07 133656] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 02:39 4489216 C:\Windows\RtHDVCpl.exe] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-10 02:12 118784] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 18:27 317560] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-03 10:48 1831424] "Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2007-02-13 18:57 2020968] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ VPN Client.lnk - C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-04-21 13:25:43 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2007-07-24 19:26 98304 C:\Windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{452A9629-56B7-49A8-BDE9-936581926F6D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B9F6F2CF-DFE3-48E1-981D-F15BCBB83B75}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{33A31F9B-154D-41A1-9EFE-DAB138EC8BF6}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk "{67B07C30-F4BC-4EFD-8FA4-E4BA63312530}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk "{06557C3A-815D-464D-AF69-46839A1CD8D9}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{6E2DCE64-8C1F-4ADC-8564-D2B98C860FB6}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{69441DAF-0DF5-4747-A387-AF6AA024DF22}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{20A57DB8-9233-43FF-8228-F817C2D1A4B7}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{C7C5C9D0-D946-4F80-A77A-B55FFD4EB514}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{CF114DB6-6196-4C55-ADC3-5E9D957325A1}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{3D80D341-9514-4222-AF46-455178F91BD7}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{C47F6AA4-BA89-4473-A335-72190540B0D7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C2B6AF3C-6353-473F-BF4C-C2FB24E466C9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D90E822F-B11E-4AC0-886A-41C8E958D538}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{7D6A4E83-935E-4E9C-A700-49A795C3C7FB}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{285A1BE5-B122-497E-A3B4-D5E84B9516DB}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{92986BC6-CA66-414A-B8C5-60D5A34DF220}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{DC022519-7312-42B4-93F2-CD173AD9C454}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{17C48B6E-9718-433D-A307-57E901AB3495}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{EF112342-D3CC-470E-A38D-99A243B4AC35}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{EA585CD7-351F-4B03-B963-D38ECDF7D600}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{66C736E3-79D0-46C3-A840-B9322750CBCD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{4B688039-2A66-48FC-B306-0D5C9CF71B05}"= UDP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus "{D77EC9B1-1C70-417C-B657-503D8E5EA76C}"= TCP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus "{922DF4C6-4ECF-4C48-8E8C-139E572BCFB6}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{788BDEA8-993B-4B36-AEB9-1252E784781B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{06E39CEE-25D1-4BD2-A1D0-C04594FE32E3}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{FBE6541C-AD11-4446-BF15-3D22B793B19F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 NSUService;NSUService;"C:\Program Files\Sony\Network Utility\NSUService.exe" [2007-06-29 13:38] R2 RapiMgr;Op Windows Mobile gebaseerde apparaatverbinding;C:\Windows\system32\svchost.exe [2006-11-02 11:45] R2 WcesComm;Op Windows Mobile 2003 gebaseerde apparaatverbinding;C:\Windows\system32\svchost.exe [2006-11-02 11:45] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-08 02:01] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-30 03:06] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 02:00] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-25 02:23] S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-15 02:28] S3 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2007-02-13 18:57] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 16:51] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 15:34] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-05 19:12] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-05 17:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr *Newly Created Service* - CATCHME . Inhoud van de 'Gedeelde Taken' map "2008-04-01 08:33:44 C:\Windows\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2008-05-08 18:24:39 C:\Windows\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-08 21:45:35 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... C:\Users\Nele\AppData\Local\Microsoft\Messenger\n_callebaut@hotmail.com\SharingMetadata\Working\database_D8BE_EBB8_BEEB_8D76\$db_clean$ 0 bytes C:\Users\Nele\AppData\Local\Microsoft\Messenger\n_callebaut@hotmail.com\SharingMetadata\Working\database_D8BE_EBB8_BEEB_8D76\fsr003F5.log 131072 bytes Scan succesvol afgerond verborgen bestanden: 4 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\SiteAdvisor\6253\saHook.dll . Voltooingstijd: 2008-05-08 21:47:03 ComboFix-quarantined-files.txt 2008-05-08 19:46:57 ComboFix2.txt 2008-04-02 09:46:01 Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. 800 --- E O F --- 2008-05-03 08:21:03