Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe Closes And Will Not Restart


  • Please log in to reply
11 replies to this topic

#1 emihonimay

emihonimay

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 19 February 2008 - 10:08 PM

Someone else already had this problem which is how I found this site, but I thought I should start my own topic for my own problem.

Basically after I turn on my computer, things work okay for a while, but suddenly I'll click on something that uses explorer (a folder, control panel, whatever), and explorer and everything with it (desktop, taskbar, any open windows explorer windows) close down. Sometimes if it's only the first time explorer's shut down since I turned on my computer, it will restart itself, but there will still be the problem that the next thing I click on that uses explorer will make it shut down again, and this time, it will not restart. Even if I try to restart explorer manually (task manager-->new task), it will open fine, but will still only close again if I click on something.

I've already done the things that the rules here say to do before posting a hijackthis! log (ad-aware, spybot, bitdefender, and mcaffee stinger scans). This has resulted in my computer going longer without the problem occurring, but it still occurs. Please help!

Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:15 PM, on 2/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1201378896\EE\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\program files\common files\aol\1201378896\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
c:\program files\common files\aol\1201378896\ee\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\User\Desktop\mplayerc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\AMERIC~1.0\waol.exe
C:\PROGRA~1\AMERIC~1.0\shellmon.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\calc.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pieces.deadsunrise.net/laruku
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {23D44BCF-AA7A-41D6-8905-E808F16322EF} - C:\Windows\system32\yabyx.dll (file missing)
O2 - BHO: (no name) - {2B4BE0CD-775B-4E3C-9C78-BDCDB786386F} - C:\Windows\system32\vtuvw.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {779370E4-A983-4E72-A574-7E95B29FB66B} - (no file)
O2 - BHO: (no name) - {8052EB9B-6796-4258-A5B1-DBEF39E77717} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: (no name) - {C23CE3DA-0EC1-4F26-90BB-72ACA96C92C7} - C:\Windows\system32\vtuvw.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201378896\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\yabyx.dll,#1
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [883a8f05] rundll32.exe "C:\Windows\system32\rkqyeewv.dll",b
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 14968 bytes

Edited by emihonimay, 19 February 2008 - 10:10 PM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:23 PM

Posted 06 March 2008 - 11:07 AM

  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

#3 emihonimay

emihonimay
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 31 July 2008 - 02:10 PM

Hope someone's still willing to help even after this long delay...First the ComboFix log:

ComboFix 08-07-31.01 - User 2008-07-30 22:23:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.147 [GMT -4:00]
Running from: C:\Users\User\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

\Program FC:\Windows\system32\ftyviddh.dll
C:\Users\User\AppData\Roaming\inst.exe
C:\Users\User\AppData\Roaming\macromedia\Flash Player\#SharedObjects\TV2CCGKY\interclick.com
C:\Users\User\AppData\Roaming\macromedia\Flash Player\#SharedObjects\TV2CCGKY\interclick.com\ud.sol
C:\Users\User\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\User\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\System32\bfyfrqcw.ini
C:\Windows\System32\egsvypyh.ini
C:\Windows\system32\ggdafcmp.dll
C:\Windows\system32\hypyvsge.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\rkqyeewv.dll
C:\Windows\system32\uqycjphq.dll
C:\Windows\system32\vsrcqlbl.dll
C:\Windows\System32\vweeyqkr.ini
C:\Windows\System32\vweeyqkr.ini2
C:\Windows\System32\vweeyqkr.tmp
C:\Windows\system32\wcqrfyfb.dll
C:\Windows\System32\wvutv.ini
C:\Windows\System32\wvutv.ini2
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 02:43 --------- d-----w C:\Program Files\Norton Internet Security
2008-07-31 02:00 --------- d-----w C:\Program Files\Winamp Remote
2008-02-12 04:37 604 ---ha-w C:\Program Files\STLL Notifier
2008-01-26 22:07 174 --sha-w C:\Program Files\desktop.ini
2008-01-26 17:31 47,360 ----a-w C:\Users\User\AppData\Roaming\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-09-05 10:29 471552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-12 21:50 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-09 22:03 857648]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-06-28 23:16 707080]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 16:38 206952]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 18:00 1286144]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 19:33 457216]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 00:44 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 00:42 22696]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-04 17:10 142104]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-04 17:10 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-04 17:10 138008]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 17:47 45056]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [2007-02-02 15:24 3383296]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [2007-02-02 14:05 1261568]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 18:49 151552]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 09:47 57344]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 09:21 94208]
"HostManager"="C:\Program Files\Common Files\AOL\1201378896\ee\AOLSoftware.exe" [2006-03-10 18:22 48280]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 10:40 34904]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33 99480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 14:25 185896]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-28 04:29 4472832 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-13 00:40:34 535336]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-26 13:36:17 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{23B9A743-6D22-4B43-A0FC-0EE75414C0AB}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{298867A0-CACD-498E-96FE-E27CF0E66909}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{185C8887-9E39-4D4A-B585-A42446C37900}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{D980ABA4-BD83-4D40-96ED-E23DBF4FDF21}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{1207D56E-70BA-4C13-B025-B53C4FBE744B}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{16FBF7B4-F9D8-422B-A761-1486D18AF384}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{D0076934-FBCD-4D9E-B496-8789D7B88A63}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{A83ADD09-113C-4051-AF22-3D88D675F274}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{400D3070-9F39-4041-9BD9-15E4D1EBBB7C}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{7C72A3B4-635E-4467-B5E2-024196605D0A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{025F61EB-B030-4783-9671-7FDDB1E35456}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{33FBF243-FACF-42CD-AA62-11740FC5D4E9}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{FAC3D942-184E-485C-ABD4-A407A2DA5961}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{3F6C95EE-DC11-459B-83AC-1F6F91BB6663}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{B5DCCC17-F13D-43ED-A6D8-B44675A53332}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{1DE952AA-45B4-4929-BF01-614B9D76231D}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Application Loader
"{EF8A8ECD-0506-4689-A201-10A48CC1354E}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Application Loader
"{A8D34897-2C38-41DB-A040-F251A537C2B3}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{0776B611-532C-4F24-8132-985498C65D83}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{CF6C86C4-98A2-43C2-8033-D6221E4DE185}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{F42F396E-D1CF-48D6-A8E8-332EAB7DF8C8}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{B9BB27AE-4FCA-4AA1-BD23-6CDED21B1122}"= UDP:C:\Program Files\America Online 9.0\waol.exe:AOL
"{B37920D9-2E8C-4A71-BB60-0965701908B6}"= TCP:C:\Program Files\America Online 9.0\waol.exe:AOL
"{592CD60C-C837-4F8C-AE21-761D39232ABB}"= UDP:C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:AOLTsMon
"{43F84C9C-C42C-43FD-BDFB-4219E6AC7B2C}"= TCP:C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:AOLTsMon
"{8E08E9F7-61B5-4319-A643-B40113618381}"= UDP:C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:AOLTopSpeed
"{F83B405B-87C8-4971-BF04-497863D5EE16}"= TCP:C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:AOLTopSpeed
"{93B125F9-BE2C-4A7E-A6C9-5981F9ADB21C}"= UDP:C:\Program Files\Common Files\AOL\1201378896\EE\AOLServiceHost.exe:AOL
"{91860A2A-22A9-47EA-A27A-A2178BC4298A}"= TCP:C:\Program Files\Common Files\AOL\1201378896\EE\AOLServiceHost.exe:AOL
"{DBC77C55-593A-4716-BBC4-34DF6C55BB46}"= UDP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL
"{6648B3C4-85AB-461E-93CE-9CB4D06BAC3B}"= TCP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL
"{562B7AB0-82B8-43AD-9B44-22BCDBD9E6F4}"= UDP:C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{EE9C1C20-B891-4831-8D0C-F49AEA402E01}"= TCP:C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{C26EF062-AE9E-4EAC-B67B-D44EDBA1A07A}"= UDP:C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"{F8F65B72-4361-4B11-B2CD-7C4D8DBB147E}"= TCP:C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"{EC3660BB-E280-495A-8FD6-7DFF72F41BDE}"= UDP:C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:AOL
"{4823EA2E-4435-4CE5-BD9D-377744B1A559}"= TCP:C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:AOL
"{48065AC7-6B63-4C62-ACED-620604D5B875}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D989802C-9D85-4D8C-85AA-09E3F2AC75FA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080729.001\IDSvix86.sys [2008-02-13 12:18]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 19:51]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 10:51]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 18:00]
S3 NOWMEMDF;NOWMEMDF;C:\Windows\system32\NOWMEMDF.sys [2005-11-02 07:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-02-23 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - User.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 00:41]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2B4BE0CD-775B-4E3C-9C78-BDCDB786386F} - C:\Windows\system32\vtuvw.dll
BHO-{C23CE3DA-0EC1-4F26-90BB-72ACA96C92C7} - C:\Windows\system32\vtuvw.dll
HKLM-Run-MSServer - C:\Windows\system32\yabyx.dll
HKLM-Run-883a8f05 - C:\Windows\system32\rkqyeewv.dll
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jn2howry.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 22:47:30
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\User\AppData\Local\Temp\~DFF001.tmp 32768 bytes
C:\Users\User\AppData\Local\Temp\hpqddusr.log 311 bytes
C:\Users\User\AppData\Local\Temp\PMShared 4 bytes
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe 208896 bytes executable
C:\Users\User\AppData\Local\Temp\STS34E5.tmp 81 bytes
C:\Users\User\AppData\Local\Temp\MARA582.tmp 1342 bytes
C:\Users\User\AppData\Local\Temp\MARB970.tmp 1285 bytes

scan completed successfully
hidden files: 7

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\agrsmsvc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Windows\System32\conime.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxsrvc.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\AOL\1201378896\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\RacAgent.exe
C:\Windows\System32\lpremove.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wercon.exe
C:\Windows\System32\lpksetup.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-07-30 22:59:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 02:58:53

Pre-Run: 44,528,234,496 bytes free
Post-Run: 47,767,273,472 bytes free

245 --- E O F --- 2008-02-16 08:01:07


And here's the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:59 PM, on 7/30/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\AOL\1201378896\EE\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
C:\program files\common files\aol\1201378896\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\igfxext.exe
c:\program files\common files\aol\1201378896\ee\aolsoftware.exe
C:\Windows\system32\WerCon.exe
C:\Windows\Explorer.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pieces.deadsunrise.net/laruku
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201378896\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 13428 bytes

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:23 PM

Posted 31 July 2008 - 02:32 PM

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.]

Then,

Download this program:

Suspicious files packer

Highlight the files listed below in bold and right-click and selecting copy.


C:\Windows\system32\NOWMEMDF.sys


Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to yourmembername.cab (for example grinler.cab).

Then go here
and fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.

Then, reboot and post a brand new combofix log.

#5 emihonimay

emihonimay
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 31 July 2008 - 03:37 PM

Done and ComboFix log:

ComboFix 08-07-31.01 - User 2008-07-31 0:12:34.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.134 [GMT -4:00]
Running from: C:\Users\User\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.

2008-07-31 00:10 . 2008-07-31 00:11 <DIR> d-------- C:\327882R2FWJFW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 04:09 --------- d-----w C:\Program Files\Winamp Remote
2008-07-31 04:06 --------- d-----w C:\Program Files\Norton Internet Security
2008-07-31 02:52 --------- d-----w C:\ProgramData\Symantec
2008-02-12 04:37 604 ---ha-w C:\Program Files\STLL Notifier
2008-01-26 22:07 174 --sha-w C:\Program Files\desktop.ini
2008-01-26 17:31 47,360 ----a-w C:\Users\User\AppData\Roaming\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-30_22.57.25.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-31 02:32:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-31 04:07:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-31 02:32:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-07-31 04:07:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-07-31 02:34:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-31 04:07:49 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-31 04:07:49 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-07-31 02:34:59 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-31 04:07:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-31 04:07:49 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-31 02:39:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-31 04:12:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-31 02:39:34 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-31 04:12:49 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-31 02:39:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-31 04:12:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-12 23:32:00 23,904 ----a-w C:\Windows\System32\drivers\COH_Mon.sys
+ 2008-03-07 01:32:09 23,904 ----a-w C:\Windows\System32\drivers\COH_Mon.sys
- 2008-07-31 02:42:14 104,024 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-31 04:15:29 104,024 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-31 02:42:14 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-31 04:15:29 618,648 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-31 02:37:58 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-07-31 04:05:41 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-07-31 02:50:30 7,616 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4152722565-3386891561-3822026869-1000_UserData.bin
+ 2008-07-31 04:11:45 7,672 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4152722565-3386891561-3822026869-1000_UserData.bin
- 2008-07-31 02:50:09 74,880 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-31 04:11:41 74,912 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-31 02:46:40 44,424 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-31 04:11:28 44,456 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-09-05 10:29 471552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-12 21:50 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-09 22:03 857648]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-06-28 23:16 707080]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 16:38 206952]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 18:00 1286144]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 19:33 457216]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 00:44 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 00:42 22696]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-04 17:10 142104]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-04 17:10 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-04 17:10 138008]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 17:47 45056]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [2007-02-02 15:24 3383296]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [2007-02-02 14:05 1261568]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 18:49 151552]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 09:47 57344]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 09:21 94208]
"HostManager"="C:\Program Files\Common Files\AOL\1201378896\ee\AOLSoftware.exe" [2006-03-10 18:22 48280]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 10:40 34904]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33 99480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 14:25 185896]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-28 04:29 4472832 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-13 00:40:34 535336]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-26 13:36:17 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{23B9A743-6D22-4B43-A0FC-0EE75414C0AB}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{298867A0-CACD-498E-96FE-E27CF0E66909}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{185C8887-9E39-4D4A-B585-A42446C37900}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{D980ABA4-BD83-4D40-96ED-E23DBF4FDF21}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{1207D56E-70BA-4C13-B025-B53C4FBE744B}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{16FBF7B4-F9D8-422B-A761-1486D18AF384}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{D0076934-FBCD-4D9E-B496-8789D7B88A63}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{A83ADD09-113C-4051-AF22-3D88D675F274}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{400D3070-9F39-4041-9BD9-15E4D1EBBB7C}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{7C72A3B4-635E-4467-B5E2-024196605D0A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{025F61EB-B030-4783-9671-7FDDB1E35456}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{33FBF243-FACF-42CD-AA62-11740FC5D4E9}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{FAC3D942-184E-485C-ABD4-A407A2DA5961}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{3F6C95EE-DC11-459B-83AC-1F6F91BB6663}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{B5DCCC17-F13D-43ED-A6D8-B44675A53332}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{1DE952AA-45B4-4929-BF01-614B9D76231D}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Application Loader
"{EF8A8ECD-0506-4689-A201-10A48CC1354E}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Application Loader
"{A8D34897-2C38-41DB-A040-F251A537C2B3}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{0776B611-532C-4F24-8132-985498C65D83}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{CF6C86C4-98A2-43C2-8033-D6221E4DE185}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{F42F396E-D1CF-48D6-A8E8-332EAB7DF8C8}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{B9BB27AE-4FCA-4AA1-BD23-6CDED21B1122}"= UDP:C:\Program Files\America Online 9.0\waol.exe:AOL
"{B37920D9-2E8C-4A71-BB60-0965701908B6}"= TCP:C:\Program Files\America Online 9.0\waol.exe:AOL
"{592CD60C-C837-4F8C-AE21-761D39232ABB}"= UDP:C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:AOLTsMon
"{43F84C9C-C42C-43FD-BDFB-4219E6AC7B2C}"= TCP:C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:AOLTsMon
"{8E08E9F7-61B5-4319-A643-B40113618381}"= UDP:C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:AOLTopSpeed
"{F83B405B-87C8-4971-BF04-497863D5EE16}"= TCP:C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:AOLTopSpeed
"{93B125F9-BE2C-4A7E-A6C9-5981F9ADB21C}"= UDP:C:\Program Files\Common Files\AOL\1201378896\EE\AOLServiceHost.exe:AOL
"{91860A2A-22A9-47EA-A27A-A2178BC4298A}"= TCP:C:\Program Files\Common Files\AOL\1201378896\EE\AOLServiceHost.exe:AOL
"{DBC77C55-593A-4716-BBC4-34DF6C55BB46}"= UDP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL
"{6648B3C4-85AB-461E-93CE-9CB4D06BAC3B}"= TCP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL
"{562B7AB0-82B8-43AD-9B44-22BCDBD9E6F4}"= UDP:C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{EE9C1C20-B891-4831-8D0C-F49AEA402E01}"= TCP:C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{C26EF062-AE9E-4EAC-B67B-D44EDBA1A07A}"= UDP:C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"{F8F65B72-4361-4B11-B2CD-7C4D8DBB147E}"= TCP:C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"{EC3660BB-E280-495A-8FD6-7DFF72F41BDE}"= UDP:C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:AOL
"{4823EA2E-4435-4CE5-BD9D-377744B1A559}"= TCP:C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:AOL
"{48065AC7-6B63-4C62-ACED-620604D5B875}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D989802C-9D85-4D8C-85AA-09E3F2AC75FA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080729.001\IDSvix86.sys [2008-02-13 12:18]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 19:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-14 17:31]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 10:51]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 18:00]
S3 NOWMEMDF;NOWMEMDF;C:\Windows\system32\NOWMEMDF.sys [2005-11-02 07:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-02-23 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - User.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 00:41]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jn2howry.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 00:19:14
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-31 0:21:37
ComboFix-quarantined-files.txt 2008-07-31 04:21:27
ComboFix2.txt 2008-07-31 03:59:34
ComboFix3.txt 2008-07-31 02:59:38

Pre-Run: 46,950,010,880 bytes free
Post-Run: 46,916,481,024 bytes free

192 --- E O F --- 2008-02-16 08:01:07

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:23 PM

Posted 31 July 2008 - 10:17 PM

In your add or remove programs list do you have any programs from Nowcom? If so, uninstall them.

#7 emihonimay

emihonimay
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 01 August 2008 - 11:13 PM

Nope. There are no programs from NowCom.

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:23 PM

Posted 02 August 2008 - 08:25 AM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\Windows\system32\NOWMEMDF.sys

Driver::
NOWMEMDF


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#9 emihonimay

emihonimay
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 04 August 2008 - 01:24 AM

ComboFix:

ComboFix 08-07-31.01 - User 2008-08-03 0:13:58.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.112 [GMT -4:00]
Running from: C:\Users\User\Desktop\ComboFix.exe
Command switches used :: C:\Users\User\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\system32\NOWMEMDF.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\NOWMEMDF.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NOWMEMDF
-------\Service_NOWMEMDF


((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-07-30 22:56 . 2008-04-23 00:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-07-30 22:56 . 2008-04-23 00:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-07-30 22:56 . 2008-04-23 00:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-30 22:55 . 2008-06-25 20:33 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-30 22:55 . 2008-06-25 23:22 4,874,240 --a------ C:\Windows\System32\NlsData0009.dll
2008-07-30 22:55 . 2008-06-25 20:33 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-30 22:55 . 2008-06-25 23:22 2,641,408 --a------ C:\Windows\System32\NlsData000c.dll
2008-07-30 22:55 . 2008-04-23 00:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-07-30 22:55 . 2008-06-25 23:22 797,696 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-30 22:55 . 2008-04-23 00:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-07-30 22:55 . 2008-04-23 00:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-07-30 22:55 . 2008-04-23 00:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-30 22:53 . 2008-06-25 20:33 11,722,752 --a------ C:\Windows\System32\NlsLexicons0001.dll
2008-07-30 22:48 . 2008-02-21 00:43 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-07-30 22:44 . 2008-02-29 00:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-07-30 22:44 . 2008-05-09 21:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-07-30 22:44 . 2007-12-16 07:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-07-30 22:44 . 2007-12-16 07:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-07-30 22:44 . 2008-05-09 23:30 14,848 --a------ C:\Windows\System32\wshrm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 04:40 174 --sha-w C:\Program Files\desktop.ini
2008-08-03 04:36 --------- d-----w C:\Program Files\Windows Mail
2008-07-31 04:09 --------- d-----w C:\Program Files\Winamp Remote
2008-07-31 04:06 --------- d-----w C:\Program Files\Norton Internet Security
2008-07-31 02:52 --------- d-----w C:\ProgramData\Symantec
2008-02-12 04:37 604 ---ha-w C:\Program Files\STLL Notifier
2008-01-26 17:31 47,360 ----a-w C:\Users\User\AppData\Roaming\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot_2008-07-31_ 0.20.42.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-13 18:15:57 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
+ 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
- 2008-02-13 18:15:56 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
+ 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
- 2008-02-13 18:15:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
+ 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
- 2008-02-13 18:15:56 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
+ 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
- 2008-02-13 18:15:56 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
+ 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
- 2008-02-13 18:13:20 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
+ 2008-04-25 04:23:06 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
- 2006-11-02 12:35:33 136,192 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
+ 2008-04-23 04:28:09 136,704 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
- 2008-01-10 05:51:27 864,256 ----a-w C:\Windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll
+ 2008-04-23 04:27:53 864,256 ----a-w C:\Windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll
- 2008-01-10 05:51:29 135,168 ----a-w C:\Windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe
+ 2008-04-23 04:27:55 135,168 ----a-w C:\Windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe
- 2008-01-10 05:51:30 77,824 ----a-w C:\Windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll
+ 2008-04-23 04:27:56 77,824 ----a-w C:\Windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll
- 2008-01-10 05:51:34 4,370,432 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
+ 2008-04-23 04:27:59 4,374,528 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll
- 2008-01-10 05:51:50 1,196,032 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
+ 2008-04-23 04:28:14 1,196,032 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
- 2008-01-10 05:51:51 2,342,912 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:28:14 2,342,912 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
- 2008-01-10 05:51:50 217,088 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2008-04-23 04:28:13 217,088 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2008-08-03 04:43:34 2,469,888 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehepg\3e10833eb7f83e11eec3a970f528ac8d\ehepg.ni.dll
+ 2008-08-03 04:44:10 360,448 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehepgdat\b5dcaeaa218eb42931b96193b5e4074f\ehepgdat.ni.dll
+ 2008-08-03 04:44:34 45,056 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtCOM\c8abe4268ada1cfa408dc4330e37817d\ehExtCOM.ni.dll
+ 2008-08-03 04:43:44 274,432 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\c11ea9504a5e5464b1850f98d3d381f1\ehExtHost.ni.exe
+ 2008-08-03 04:43:45 192,512 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\96751ef49f528415c45537453f9c4d28\ehiExtens.ni.dll
+ 2008-08-03 04:44:09 1,941,504 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\51b3eff44264e4f79d17c953207a7e6b\ehRecObj.ni.dll
+ 2008-08-03 04:44:06 12,963,840 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\ehshell\368930610e62dcd81dc7ab18a8336131\ehshell.ni.dll
+ 2008-08-03 04:43:47 765,952 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\f50c33f0c4356099d7969e18aeb3f9bf\mcstore.ni.dll
+ 2008-08-03 04:44:10 266,240 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\mcupdate\2b7d84415dee2bae7b5238a3a14d0add\mcupdate.ni.exe
+ 2008-08-03 04:43:43 6,115,328 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\6871abee28a9ed5eb7a878013664eb52\Microsoft.MediaCenter.UI.ni.dll
+ 2008-08-03 04:43:48 712,704 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\ceac290fb6cdaa39fcc449543998fd01\Microsoft.MediaCenter.Sports.ni.dll
+ 2008-08-03 04:43:46 282,624 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\cf87f745aab458d62d1c4f238c46689d\Microsoft.MediaCenter.Shell.ni.dll
+ 2008-08-03 04:43:44 634,880 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\fb91a2c47ac4978a5c9d28cc4cdf6fee\Microsoft.MediaCenter.ni.dll
- 2008-01-10 05:50:47 21,504 ----a-w C:\Windows\ehome\ehdebug.dll
+ 2008-04-23 04:27:00 21,504 ----a-w C:\Windows\ehome\ehdebug.dll
- 2008-01-10 05:51:27 864,256 ----a-w C:\Windows\ehome\ehepg.dll
+ 2008-04-23 04:27:53 864,256 ----a-w C:\Windows\ehome\ehepg.dll
- 2008-01-10 05:51:29 135,168 ----a-w C:\Windows\ehome\ehexthost.exe
+ 2008-04-23 04:27:55 135,168 ----a-w C:\Windows\ehome\ehexthost.exe
- 2006-11-02 12:35:32 372,224 ----a-w C:\Windows\ehome\ehglid.dll
+ 2008-04-23 04:27:00 372,224 ----a-w C:\Windows\ehome\ehglid.dll
- 2008-01-10 05:51:30 77,824 ----a-w C:\Windows\ehome\ehiExtens.dll
+ 2008-04-23 04:27:56 77,824 ----a-w C:\Windows\ehome\ehiExtens.dll
- 2008-01-10 05:50:47 103,936 ----a-w C:\Windows\ehome\ehPresenter.dll
+ 2008-04-23 04:27:00 105,472 ----a-w C:\Windows\ehome\ehPresenter.dll
- 2008-01-10 05:50:47 252,416 ----a-w C:\Windows\ehome\ehReplay.dll
+ 2008-04-23 04:27:00 252,416 ----a-w C:\Windows\ehome\ehReplay.dll
- 2008-01-10 05:46:17 10,094,080 ----a-w C:\Windows\ehome\ehres.dll
+ 2008-04-23 04:22:35 10,094,080 ----a-w C:\Windows\ehome\ehres.dll
- 2008-01-10 05:51:34 4,370,432 ----a-w C:\Windows\ehome\ehshell.dll
+ 2008-04-23 04:27:59 4,374,528 ----a-w C:\Windows\ehome\ehshell.dll
- 2008-01-10 05:50:47 18,944 ----a-w C:\Windows\ehome\ehtrace.dll
+ 2008-04-23 04:27:00 18,944 ----a-w C:\Windows\ehome\ehtrace.dll
- 2008-01-10 05:50:47 517,120 ----a-w C:\Windows\ehome\ehui.dll
+ 2008-04-23 04:27:00 517,632 ----a-w C:\Windows\ehome\ehui.dll
- 2008-01-10 05:50:47 1,497,600 ----a-w C:\Windows\ehome\ehuihlp.dll
+ 2008-04-23 04:27:00 1,497,600 ----a-w C:\Windows\ehome\ehuihlp.dll
- 2008-01-10 05:50:48 6,656 ----a-w C:\Windows\ehome\McrMgr.dll
+ 2008-04-23 04:27:01 6,656 ----a-w C:\Windows\ehome\McrMgr.dll
- 2008-01-10 05:50:25 173,056 ----a-w C:\Windows\ehome\McrMgr.exe
+ 2008-04-23 04:26:31 173,056 ----a-w C:\Windows\ehome\McrMgr.exe
- 2006-11-02 12:35:33 136,192 ----a-w C:\Windows\ehome\mcupdate.exe
+ 2008-04-23 04:28:09 136,704 ----a-w C:\Windows\ehome\mcupdate.exe
- 2008-01-10 05:51:50 217,088 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.dll
+ 2008-04-23 04:28:13 217,088 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.dll
- 2008-01-10 05:51:50 1,196,032 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.Shell.dll
+ 2008-04-23 04:28:14 1,196,032 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.Shell.dll
- 2008-01-10 05:51:51 2,342,912 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:28:14 2,342,912 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll
+ 2005-10-21 00:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-02-14 00:05:28 665,600 ----a-w C:\Windows\inf\drvindex.dat
+ 2008-08-03 04:36:34 665,600 ----a-w C:\Windows\inf\drvindex.dat
- 2008-02-14 00:25:55 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-08-03 04:36:39 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-02-14 00:25:55 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-08-03 04:36:39 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-02-14 00:25:55 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-08-03 04:36:34 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2008-07-31 04:07:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-03 04:39:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-31 04:07:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-08-03 04:39:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-02-13 18:17:25 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-08-03 04:27:28 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-07-31 04:07:49 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-03 04:40:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-03 04:40:11 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-02-13 18:19:08 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-08-03 04:29:03 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-26 22:07:32 1,016,865 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2008-08-03 04:40:46 1,016,865 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2008-07-31 04:07:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-03 04:40:05 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-03 04:40:05 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-02-13 18:13:23 124,928 ----a-w C:\Windows\System32\advpack.dll
+ 2008-04-25 04:23:05 124,928 ----a-w C:\Windows\System32\advpack.dll
- 2006-11-02 09:51:44 615,528 ----a-w C:\Windows\System32\ci.dll
+ 2008-02-19 05:10:22 620,088 ----a-w C:\Windows\System32\ci.dll
- 2008-07-31 04:12:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-03 04:44:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-31 04:12:49 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-03 04:44:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-31 04:12:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-03 04:44:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 09:46:04 162,816 ----a-w C:\Windows\System32\dnsapi.dll
+ 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\System32\dnsapi.dll
- 2006-11-02 08:51:20 148,992 ----a-w C:\Windows\System32\drivers\ks.sys
+ 2008-03-08 02:14:07 148,992 ----a-w C:\Windows\System32\drivers\ks.sys
- 2006-11-02 08:54:05 41,984 ----a-w C:\Windows\System32\drivers\monitor.sys
+ 2007-12-16 09:56:45 41,984 ----a-w C:\Windows\System32\drivers\monitor.sys
- 2008-02-13 18:16:37 1,060,920 ----a-w C:\Windows\System32\drivers\ntfs.sys
+ 2007-12-16 22:50:41 1,060,920 ----a-w C:\Windows\System32\drivers\ntfs.sys
+ 2008-04-29 01:42:12 19,456 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\bthenum.sys
+ 2008-04-29 01:42:12 220,160 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\bthport.sys
+ 2008-04-29 01:42:08 29,184 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\BTHUSB.SYS
+ 2008-04-29 03:50:12 181,760 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\fsquirt.exe
+ 2007-12-16 09:56:45 41,984 ----a-w C:\Windows\System32\DriverStore\FileRepository\monitor.inf_1a316eff\monitor.sys
- 2008-02-13 18:13:20 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
+ 2008-04-25 04:23:06 347,136 ----a-w C:\Windows\System32\dxtmsft.dll
- 2008-02-13 18:13:20 214,528 ----a-w C:\Windows\System32\dxtrans.dll
+ 2008-04-25 04:23:06 214,528 ----a-w C:\Windows\System32\dxtrans.dll
- 2008-02-13 18:20:22 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
+ 2008-02-29 06:34:50 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
- 2008-02-12 23:34:08 279,384 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-08-03 04:39:07 279,384 ----a-w C:\Windows\System32\FNTCACHE.DAT
- 2008-02-13 18:15:55 1,686,528 ----a-w C:\Windows\System32\gameux.dll
+ 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll
- 2008-02-13 18:15:55 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
+ 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
- 2008-02-13 18:13:18 63,488 ----a-w C:\Windows\System32\icardie.dll
+ 2008-04-25 04:23:06 63,488 ----a-w C:\Windows\System32\icardie.dll
- 2008-02-13 18:13:15 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
+ 2008-04-25 04:22:36 70,656 ----a-w C:\Windows\System32\ie4uinit.exe
- 2008-02-13 18:13:21 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
+ 2008-04-25 04:23:06 383,488 ----a-w C:\Windows\System32\ieapfltr.dll
- 2008-02-13 18:13:28 6,066,176 ----a-w C:\Windows\System32\ieframe.dll
+ 2008-04-25 04:23:06 6,066,176 ----a-w C:\Windows\System32\ieframe.dll
- 2008-02-13 18:13:15 44,544 ----a-w C:\Windows\System32\iernonce.dll
+ 2008-04-25 04:23:06 44,544 ----a-w C:\Windows\System32\iernonce.dll
- 2008-02-13 18:13:15 56,320 ----a-w C:\Windows\System32\iesetup.dll
+ 2008-04-25 04:23:06 56,320 ----a-w C:\Windows\System32\iesetup.dll
- 2008-02-13 18:13:28 180,736 ----a-w C:\Windows\System32\ieui.dll
+ 2008-04-25 04:23:06 180,736 ----a-w C:\Windows\System32\ieui.dll
- 2008-02-13 18:13:16 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
+ 2008-04-25 04:22:36 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
- 2008-02-13 18:13:22 27,648 ----a-w C:\Windows\System32\jsproxy.dll
+ 2008-04-25 04:23:06 27,648 ----a-w C:\Windows\System32\jsproxy.dll
- 2008-02-13 18:20:24 6,656 ----a-w C:\Windows\System32\kbd106n.dll
+ 2008-02-29 06:35:17 6,656 ----a-w C:\Windows\System32\kbd106n.dll
- 2006-11-02 08:30:44 8,704 ----a-w C:\Windows\System32\kd1394.dll
+ 2008-02-29 06:51:24 19,000 ----a-w C:\Windows\System32\kd1394.dll
- 2008-02-13 18:13:23 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
+ 2008-04-25 04:23:11 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
- 2008-02-13 18:13:25 3,592,192 ----a-w C:\Windows\System32\mshtml.dll
+ 2008-04-25 04:23:07 3,591,680 ----a-w C:\Windows\System32\mshtml.dll
- 2008-02-13 18:13:26 478,208 ----a-w C:\Windows\System32\mshtmled.dll
+ 2008-04-25 04:23:07 478,208 ----a-w C:\Windows\System32\mshtmled.dll
- 2008-02-13 18:13:19 671,232 ----a-w C:\Windows\System32\mstime.dll
+ 2008-04-25 04:23:09 671,232 ----a-w C:\Windows\System32\mstime.dll
- 2006-11-02 09:46:11 1,523,200 ----a-w C:\Windows\System32\NlsData0000.dll
+ 2008-06-26 03:22:33 1,523,200 ----a-w C:\Windows\System32\NlsData0000.dll
- 2006-11-02 09:46:11 2,597,888 ----a-w C:\Windows\System32\NlsData0001.dll
+ 2008-06-26 03:22:33 2,597,888 ----a-w C:\Windows\System32\NlsData0001.dll
- 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData0002.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0002.dll
- 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData0003.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0003.dll
- 2006-11-02 09:46:11 2,241,024 ----a-w C:\Windows\System32\NlsData0007.dll
+ 2008-06-26 03:22:33 2,241,024 ----a-w C:\Windows\System32\NlsData0007.dll
- 2006-11-02 09:46:11 9,845,248 ----a-w C:\Windows\System32\NlsData000a.dll
+ 2008-06-26 03:22:33 9,845,248 ----a-w C:\Windows\System32\NlsData000a.dll
- 2006-11-02 09:46:11 2,340,864 ----a-w C:\Windows\System32\NlsData000d.dll
+ 2008-06-26 03:22:33 2,340,864 ----a-w C:\Windows\System32\NlsData000d.dll
- 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData000f.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData000f.dll
- 2006-11-02 09:46:11 4,493,312 ----a-w C:\Windows\System32\NlsData0010.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData0010.dll
- 2006-11-02 09:46:11 2,655,232 ----a-w C:\Windows\System32\NlsData0011.dll
+ 2008-06-26 03:22:33 2,655,232 ----a-w C:\Windows\System32\NlsData0011.dll
- 2006-11-02 09:46:11 3,464,704 ----a-w C:\Windows\System32\NlsData0013.dll
+ 2008-06-26 03:22:33 3,464,704 ----a-w C:\Windows\System32\NlsData0013.dll
- 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData0018.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0018.dll
- 2006-11-02 09:46:11 4,495,360 ----a-w C:\Windows\System32\NlsData0019.dll
+ 2008-06-26 03:22:33 4,495,360 ----a-w C:\Windows\System32\NlsData0019.dll
- 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData001a.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData001a.dll
- 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData001b.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData001b.dll
- 2006-11-02 09:46:11 4,493,312 ----a-w C:\Windows\System32\NlsData001d.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData001d.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0020.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0020.dll
- 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData0021.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\System32\NlsData0021.dll
- 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData0022.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\System32\NlsData0022.dll
- 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData0024.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0024.dll
- 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData0026.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0026.dll
- 2006-11-02 09:46:12 1,965,056 ----a-w C:\Windows\System32\NlsData0027.dll
+ 2008-06-26 03:22:33 1,965,056 ----a-w C:\Windows\System32\NlsData0027.dll
- 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData002a.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\System32\NlsData002a.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0039.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0039.dll
- 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData003e.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\System32\NlsData003e.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0045.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0045.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0046.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0046.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0047.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0047.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0049.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0049.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004a.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData004a.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004b.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData004b.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004c.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData004c.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004e.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData004e.dll
- 2006-11-02 09:46:12 4,493,312 ----a-w C:\Windows\System32\NlsData0414.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData0414.dll
- 2006-11-02 09:46:12 4,493,312 ----a-w C:\Windows\System32\NlsData0416.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData0416.dll
- 2006-11-02 09:46:12 4,493,312 ----a-w C:\Windows\System32\NlsData0816.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData0816.dll
- 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData081a.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData081a.dll
- 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData0c1a.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0c1a.dll
- 2006-11-02 08:22:34 4,164,096 ----a-w C:\Windows\System32\NlsLexicons0002.dll
+ 2008-06-26 00:34:20 4,164,096 ----a-w C:\Windows\System32\NlsLexicons0002.dll
- 2006-11-02 08:22:13 1,452,544 ----a-w C:\Windows\System32\NlsLexicons0003.dll
+ 2008-06-26 00:33:41 1,452,544 ----a-w C:\Windows\System32\NlsLexicons0003.dll
- 2006-11-02 08:22:11 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
+ 2008-06-26 00:33:39 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
- 2006-11-02 08:22:06 6,237,696 ----a-w C:\Windows\System32\NlsLexicons000c.dll
+ 2008-06-26 00:33:34 6,237,696 ----a-w C:\Windows\System32\NlsLexicons000c.dll
- 2006-11-02 08:22:09 1,722,368 ----a-w C:\Windows\System32\NlsLexicons000d.dll
+ 2008-06-26 00:33:36 1,722,368 ----a-w C:\Windows\System32\NlsLexicons000d.dll
- 2006-11-02 08:22:17 5,654,528 ----a-w C:\Windows\System32\NlsLexicons000f.dll
+ 2008-06-26 00:33:48 5,654,528 ----a-w C:\Windows\System32\NlsLexicons000f.dll
- 2006-11-02 08:22:18 4,175,872 ----a-w C:\Windows\System32\NlsLexicons0010.dll
+ 2008-06-26 00:33:49 4,175,872 ----a-w C:\Windows\System32\NlsLexicons0010.dll
- 2006-11-02 08:22:10 2,466,816 ----a-w C:\Windows\System32\NlsLexicons0011.dll
+ 2008-06-26 00:33:37 2,466,816 ----a-w C:\Windows\System32\NlsLexicons0011.dll
- 2006-11-02 08:21:58 4,981,248 ----a-w C:\Windows\System32\NlsLexicons0013.dll
+ 2008-06-26 00:33:12 4,981,248 ----a-w C:\Windows\System32\NlsLexicons0013.dll
- 2006-11-02 08:22:25 3,331,072 ----a-w C:\Windows\System32\NlsLexicons0018.dll
+ 2008-06-26 00:34:01 3,331,072 ----a-w C:\Windows\System32\NlsLexicons0018.dll
- 2006-11-02 08:22:26 6,781,440 ----a-w C:\Windows\System32\NlsLexicons0019.dll
+ 2008-06-26 00:34:03 6,781,440 ----a-w C:\Windows\System32\NlsLexicons0019.dll
- 2006-11-02 08:22:14 6,014,976 ----a-w C:\Windows\System32\NlsLexicons001a.dll
+ 2008-06-26 00:33:43 6,014,976 ----a-w C:\Windows\System32\NlsLexicons001a.dll
- 2006-11-02 08:22:47 6,585,856 ----a-w C:\Windows\System32\NlsLexicons001b.dll
+ 2008-06-26 00:34:37 6,585,856 ----a-w C:\Windows\System32\NlsLexicons001b.dll
- 2006-11-02 08:22:31 6,346,240 ----a-w C:\Windows\System32\NlsLexicons001d.dll
+ 2008-06-26 00:34:14 6,346,240 ----a-w C:\Windows\System32\NlsLexicons001d.dll
- 2006-11-02 08:22:45 1,236,992 ----a-w C:\Windows\System32\NlsLexicons0020.dll
+ 2008-06-26 00:34:34 1,236,992 ----a-w C:\Windows\System32\NlsLexicons0020.dll
- 2006-11-02 08:22:12 2,136,064 ----a-w C:\Windows\System32\NlsLexicons0021.dll
+ 2008-06-26 00:33:40 2,136,064 ----a-w C:\Windows\System32\NlsLexicons0021.dll
- 2006-11-02 08:22:44 5,499,904 ----a-w C:\Windows\System32\NlsLexicons0022.dll
+ 2008-06-26 00:34:33 5,499,904 ----a-w C:\Windows\System32\NlsLexicons0022.dll
- 2006-11-02 08:22:49 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
+ 2008-06-26 00:34:39 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
- 2006-11-02 08:22:42 5,791,232 ----a-w C:\Windows\System32\NlsLexicons0026.dll
+ 2008-06-26 00:34:30 5,791,232 ----a-w C:\Windows\System32\NlsLexicons0026.dll
- 2006-11-02 08:22:19 6,224,896 ----a-w C:\Windows\System32\NlsLexicons0027.dll
+ 2008-06-26 00:33:50 6,224,896 ----a-w C:\Windows\System32\NlsLexicons0027.dll
- 2006-11-02 08:22:41 4,096 ----a-w C:\Windows\System32\NlsLexicons002a.dll
+ 2008-06-26 00:34:26 4,096 ----a-w C:\Windows\System32\NlsLexicons002a.dll
- 2006-11-02 08:22:16 1,782,272 ----a-w C:\Windows\System32\NlsLexicons0039.dll
+ 2008-06-26 00:33:46 1,782,272 ----a-w C:\Windows\System32\NlsLexicons0039.dll
- 2006-11-02 08:22:20 4,045,824 ----a-w C:\Windows\System32\NlsLexicons003e.dll
+ 2008-06-26 00:33:52 4,045,824 ----a-w C:\Windows\System32\NlsLexicons003e.dll
- 2006-11-02 08:22:33 1,793,536 ----a-w C:\Windows\System32\NlsLexicons0045.dll
+ 2008-06-26 00:34:18 1,793,536 ----a-w C:\Windows\System32\NlsLexicons0045.dll
- 2006-11-02 08:22:25 1,808,896 ----a-w C:\Windows\System32\NlsLexicons0046.dll
+ 2008-06-26 00:33:58 1,808,896 ----a-w C:\Windows\System32\NlsLexicons0046.dll
- 2006-11-02 08:22:15 1,411,072 ----a-w C:\Windows\System32\NlsLexicons0047.dll
+ 2008-06-26 00:33:45 1,411,072 ----a-w C:\Windows\System32\NlsLexicons0047.dll
- 2006-11-02 08:22:39 1,558,016 ----a-w C:\Windows\System32\NlsLexicons0049.dll
+ 2008-06-26 00:34:24 1,558,016 ----a-w C:\Windows\System32\NlsLexicons0049.dll
- 2006-11-02 08:22:39 3,419,136 ----a-w C:\Windows\System32\NlsLexicons004a.dll
+ 2008-06-26 00:34:25 3,419,136 ----a-w C:\Windows\System32\NlsLexicons004a.dll
- 2006-11-02 08:22:36 1,702,912 ----a-w C:\Windows\System32\NlsLexicons004b.dll
+ 2008-06-26 00:34:22 1,702,912 ----a-w C:\Windows\System32\NlsLexicons004b.dll
- 2006-11-02 08:22:46 4,093,440 ----a-w C:\Windows\System32\NlsLexicons004c.dll
+ 2008-06-26 00:34:36 4,093,440 ----a-w C:\Windows\System32\NlsLexicons004c.dll
- 2006-11-02 08:22:37 1,972,736 ----a-w C:\Windows\System32\NlsLexicons004e.dll
+ 2008-06-26 00:34:23 1,972,736 ----a-w C:\Windows\System32\NlsLexicons004e.dll
- 2006-11-02 08:22:21 4,616,192 ----a-w C:\Windows\System32\NlsLexicons0414.dll
+ 2008-06-26 00:33:54 4,616,192 ----a-w C:\Windows\System32\NlsLexicons0414.dll
- 2006-11-02 08:22:24 5,090,816 ----a-w C:\Windows\System32\NlsLexicons0416.dll
+ 2008-06-26 00:33:57 5,090,816 ----a-w C:\Windows\System32\NlsLexicons0416.dll
- 2006-11-02 08:22:22 5,031,936 ----a-w C:\Windows\System32\NlsLexicons0816.dll
+ 2008-06-26 00:33:56 5,031,936 ----a-w C:\Windows\System32\NlsLexicons0816.dll
- 2006-11-02 08:22:29 7,042,560 ----a-w C:\Windows\System32\NlsLexicons081a.dll
+ 2008-06-26 00:34:11 7,042,560 ----a-w C:\Windows\System32\NlsLexicons081a.dll
- 2006-11-02 08:22:27 6,917,120 ----a-w C:\Windows\System32\NlsLexicons0c1a.dll
+ 2008-06-26 00:34:09 6,917,120 ----a-w C:\Windows\System32\NlsLexicons0c1a.dll
- 2006-11-02 08:21:54 5,071,872 ----a-w C:\Windows\System32\NlsModels0011.dll
+ 2008-06-26 00:33:01 5,071,872 ----a-w C:\Windows\System32\NlsModels0011.dll
- 2008-07-31 04:15:29 104,024 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-03 04:47:24 104,024 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-31 04:15:29 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-03 04:47:24 618,648 ----a-w C:\Windows\System32\perfh009.dat
- 2008-02-13 18:13:23 44,544 ----a-w C:\Windows\System32\pngfilt.dll
+ 2008-04-25 04:23:10 44,544 ----a-w C:\Windows\System32\pngfilt.dll
- 2008-01-26 21:33:29 1,327,104 ----a-w C:\Windows\System32\quartz.dll
+ 2008-04-26 08:02:05 1,327,104 ----a-w C:\Windows\System32\quartz.dll
- 2006-11-02 12:36:17 313,856 ----a-w C:\Windows\System32\rstrui.exe
+ 2008-02-29 06:38:54 313,856 ----a-w C:\Windows\System32\rstrui.exe
- 2008-01-26 21:31:04 11,315,200 ----a-w C:\Windows\System32\shell32.dll
+ 2008-04-24 04:51:39 11,315,712 ----a-w C:\Windows\System32\shell32.dll
- 2008-07-31 04:05:41 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-08-03 04:40:27 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 12:36:17 40,960 ----a-w C:\Windows\System32\srclient.dll
+ 2008-02-29 06:39:13 40,960 ----a-w C:\Windows\System32\srclient.dll
- 2006-11-02 12:36:17 371,712 ----a-w C:\Windows\System32\srcore.dll
+ 2008-02-29 06:39:13 371,712 ----a-w C:\Windows\System32\srcore.dll
- 2006-11-02 12:36:17 16,384 ----a-w C:\Windows\System32\srdelayed.exe
+ 2008-02-29 06:38:59 16,384 ----a-w C:\Windows\System32\srdelayed.exe
- 2008-02-13 18:13:22 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
+ 2008-04-25 04:23:11 1,159,680 ----a-w C:\Windows\System32\urlmon.dll
- 2008-07-31 04:11:28 44,456 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-03 04:50:26 44,600 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-02-13 18:13:22 824,832 ----a-w C:\Windows\System32\wininet.dll
+ 2008-04-25 04:23:11 826,368 ----a-w C:\Windows\System32\wininet.dll
- 2008-02-13 18:20:19 943,800 ----a-w C:\Windows\System32\winload.exe
+ 2008-02-14 23:19:24 944,184 ----a-w C:\Windows\System32\winload.exe
- 2008-07-31 02:47:41 36,293,905 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-08-03 04:37:05 36,859,567 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-04-23 04:27:53 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16679_none_d97a4d2ed1f284d2\ehepg.dll
+ 2008-04-23 14:12:49 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.20821_none_da31f92beaeecb56\ehepg.dll
+ 2008-04-23 04:27:55 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16679_none_bcbfc9e4c1e1e81d\ehexthost.exe
+ 2008-04-23 14:12:50 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20821_none_bd7775e1dade2ea1\ehexthost.exe
+ 2008-04-23 04:27:56 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16679_none_fba2d0c909e74612\ehiExtens.dll
+ 2008-04-23 14:12:51 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.20821_none_fc5a7cc622e38c96\ehiExtens.dll
+ 2008-04-23 04:27:59 4,374,528 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16679_none_896d686f44a61324\ehshell.dll
+ 2008-04-23 14:12:55 4,382,720 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.20821_none_8a25146c5da259a8\ehshell.dll
+ 2008-04-23 04:44:14 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18061_none_8b5674b141cbbd6c\ehshell.dll
+ 2008-04-23 04:36:58 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22165_none_8be412a45ae5c292\ehshell.dll
+ 2008-04-23 04:28:14 1,196,032 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16679_none_4e6b0c2698ea89ba\Microsoft.MediaCenter.Shell.dll
+ 2008-04-23 14:13:09 1,269,760 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20821_none_4f22b823b1e6d03e\Microsoft.MediaCenter.Shell.dll
+ 2008-04-23 04:28:14 2,342,912 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16679_none_30f95ad65a3e86d4\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 14:13:09 2,351,104 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20821_none_31b106d3733acd58\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:45:00 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18061_none_32e267185764311c\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:37:38 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22165_none_3370050b707e3642\Microsoft.MediaCenter.UI.dll
+ 2008-04-23 04:28:13 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16679_none_2354b3c9cf56f2ea\Microsoft.MediaCenter.dll
+ 2008-04-23 14:13:08 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20821_none_240c5fc6e853396e\Microsoft.MediaCenter.dll
+ 2008-04-29 01:42:12 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\bthenum.sys
+ 2008-04-29 01:42:12 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\bthport.sys
+ 2008-04-29 01:42:08 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\BTHUSB.SYS
+ 2008-04-29 03:50:12 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\fsquirt.exe
+ 2008-04-29 01:35:24 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\bthenum.sys
+ 2008-04-29 01:35:25 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\bthport.sys
+ 2008-04-29 01:35:23 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\BTHUSB.SYS
+ 2008-04-29 01:35:24 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\fsquirt.exe
+ 2008-01-19 05:53:38 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\bthenum.sys
+ 2008-04-29 01:42:23 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\bthport.sys
+ 2008-04-29 01:42:21 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\BTHUSB.SYS
+ 2008-04-29 03:54:02 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\fsquirt.exe
+ 2008-04-29 01:43:50 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\bthenum.sys
+ 2008-04-29 01:43:50 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\bthport.sys
+ 2008-04-29 01:43:48 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\BTHUSB.SYS
+ 2008-04-29 01:43:51 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\fsquirt.exe
+ 2008-04-23 04:28:09 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.16679_none_c673e63faed8754d\mcupdate.exe
+ 2008-04-23 14:13:03 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.20821_none_c72b923cc7d4bbd1\mcupdate.exe
+ 2008-04-23 04:44:47 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.18061_none_c85cf281abfe1f95\mcupdate.exe
+ 2008-04-23 04:37:28 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.22165_none_c8ea9074c51824bb\mcupdate.exe
+ 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16651_none_0a06ea31f54d7fe8\AcRes.dll
+ 2008-03-08 00:15:10 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20788_none_0a77193f0e7d24e6\AcRes.dll
+ 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18032_none_0c03c8f9f262f24e\AcRes.dll
+ 2008-03-08 01:56:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22132_none_0c8d65c50b809218\AcRes.dll
+ 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16651_none_0a08eac5f54bb296\AcGenral.dll
+ 2008-03-08 04:15:43 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20788_none_0a7919d30e7b5794\AcGenral.dll
+ 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18032_none_0c05c98df26124fc\AcGenral.dll
+ 2008-03-08 04:09:28 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22132_none_0c8f66590b7ec4c6\AcGenral.dll
+ 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16651_none_0a09eb0ff54acbed\AcSpecfc.dll
+ 2008-03-08 04:15:44 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20788_none_0a7a1a1d0e7a70eb\AcSpecfc.dll
+ 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18032_none_0c06c9d7f2603e53\AcSpecfc.dll
+ 2008-03-08 04:09:29 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22132_none_0c9066a30b7dde1d\AcSpecfc.dll
+ 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcLayers.dll
+ 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcXtrnal.dll
+ 2008-03-08 04:15:44 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcLayers.dll
+ 2008-03-08 04:15:44 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcXtrnal.dll
+ 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcLayers.dll
+ 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcXtrnal.dll
+ 2008-03-08 04:09:28 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcLayers.dll
+ 2008-03-08 04:09:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcXtrnal.dll
+ 2008-04-25 04:23:05 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16681_none_a98fa7bdf5e9f5de\advpack.dll
+ 2008-04-25 04:06:14 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20823_none_aa5c268b0ed51dd7\advpack.dll
+ 2008-02-29 06:53:29 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\setbcdlocale.dll
+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winload.exe
+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winresume.exe
+ 2008-02-29 06:37:41 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\setbcdlocale.dll
+ 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winload.exe
+ 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winresume.exe
+ 2008-02-29 06:51:24 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.16646_none_61bfda98f6d6f5d5\kd1394.dll
+ 2008-02-29 06:54:17 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.20782_none_621a368c1018a007\kd1394.dll
+ 2008-02-29 07:14:21 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.18027_none_63bcb960f3ec683b\kd1394.dll
+ 2008-02-29 06:57:07 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.22125_none_644455980d0bd557\kd1394.dll
+ 2008-02-14 23:19:24 944,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winload.exe
+ 2008-02-14 23:13:10 944,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winload.exe
+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winload.exe
+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winresume.exe
+ 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winload.exe
+ 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winresume.exe
+ 2008-02-19 05:10:22 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.16642_none_9e68737c07b7f5c7\ci.dll
+ 2008-02-19 04:54:56 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.20775_none_9ed4a16120eb3569\ci.dll
+ 2008-02-22 05:05:52 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.18023_none_a065524404cd682d\ci.dll
+ 2008-02-22 04:57:25 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.22120_none_a0ebee311dedbbf2\ci.dll
+ 2008-04-26 08:02:05 1,327,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.16681_none_a4347a24f0ff937a\quartz.dll
+ 2008-04-26 07:41:59 1,327,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.20823_none_a500f8f209eabb73\quartz.dll
+ 2008-04-26 08:08:15 1,314,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.18063_none_a6325936ee141f37\quartz.dll
+ 2008-04-26 07:57:58 1,314,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.22167_none_a6bff72a072e245d\quartz.dll
+ 2007-12-16 11:42:18 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsapi.dll
+ 2007-12-16 11:41:39 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnscacheugc.exe
+ 2007-12-16 11:42:18 83,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e\dnsrslvr.dll
+ 2007-12-16 11:49:22 162,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsapi.dll
+ 2007-12-16 09:41:27 24,576 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnscacheugc.exe
+ 2007-12-16 11:49:22 84,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.20740_none_e05a9b529e70e208\dnsrslvr.dll
+ 2008-04-23 04:27:00 252,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16679_none_128e8c93a2bce482\ehReplay.dll
+ 2008-04-23 05:11:36 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20821_none_13463890bbb92b06\ehReplay.dll
+ 2008-04-23 04:42:33 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18061_none_147798d59fe28eca\ehReplay.dll
+ 2008-04-23 04:30:25 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22165_none_150536c8b8fc93f0\ehReplay.dll
+ 2008-04-23 04:27:01 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\McrMgr.dll
+ 2008-04-23 04:26:31 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\McrMgr.exe
+ 2008-04-23 05:11:51 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\McrMgr.dll
+ 2008-04-23 03:56:48 172,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\McrMgr.exe
+ 2008-04-23 04:27:00 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16679_none_2db4cba1854c2050\ehdebug.dll
+ 2008-04-23 05:11:35 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20821_none_2e6c779e9e4866d4\ehdebug.dll
+ 2008-04-23 04:27:00 372,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16679_none_2d12eef96d2c252b\ehglid.dll
+ 2008-04-23 05:11:35 372,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20821_none_2dca9af686286baf\ehglid.dll
+ 2008-04-23 04:42:33 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18061_none_2efbfb3b6a51cf73\ehglid.dll
+ 2008-04-23 04:30:24 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22165_none_2f89992e836bd499\ehglid.dll
+ 2008-04-23 04:27:00 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16679_none_249fac1865043b1f\ehPresenter.dll
+ 2008-04-23 05:11:36 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20821_none_255758157e0081a3\ehPresenter.dll
+ 2008-04-23 04:42:33 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18061_none_2688b85a6229e567\ehPresenter.dll
+ 2008-04-23 04:30:25 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22165_none_2716564d7b43ea8d\ehPresenter.dll
+ 2008-04-23 04:22:35 10,094,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16679_none_4fe31875538242d1\ehres.dll
+ 2008-04-23 05:11:36 10,103,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20821_none_509ac4726c7e8955\ehres.dll
+ 2008-04-23 04:27:00 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16679_none_3693dda116ea05e6\ehtrace.dll
+ 2008-04-23 05:11:36 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20821_none_374b899e2fe64c6a\ehtrace.dll
+ 2008-04-23 04:27:00 517,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16679_none_cc9b30cbcc71d8eb\ehui.dll
+ 2008-04-23 05:11:36 521,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20821_none_cd52dcc8e56e1f6f\ehui.dll
+ 2008-04-23 04:42:33 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18061_none_ce843d0dc9978333\ehui.dll
+ 2008-04-23 04:30:33 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22165_none_cf11db00e2b18859\ehui.dll
+ 2008-04-23 04:27:00 1,497,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16679_none_39e223022e478d8d\ehuihlp.dll
+ 2008-04-23 05:11:36 1,498,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20821_none_3a99ceff4743d411\ehuihlp.dll
+ 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\gameux.dll
+ 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\GameUXLegacyGDFs.dll
+ 2008-03-08 04:16:23 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\gameux.dll
+ 2008-03-08 00:29:38 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\GameUXLegacyGDFs.dll
+ 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\gameux.dll
+ 2008-03-08 02:08:55 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\GameUXLegacyGDFs.dll
+ 2008-03-08 04:10:46 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\gameux.dll
+ 2008-03-08 02:09:25 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\GameUXLegacyGDFs.dll
+ 2008-02-21 04:43:35 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16643_none_57702c844c48b643\gdi32.dll
+ 2008-02-22 04:49:18 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20777_none_57dd5ab3657b0f3c\gdi32.dll
+ 2008-02-22 04:57:23 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\gdi32.dll
+ 2008-02-22 04:48:18 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22120_none_59f2a6ef627f6317\gdi32.dll
+ 2008-04-25 04:23:10 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16681_none_eb8ab16d1682dbdd\pngfilt.dll
+ 2008-04-25 04:09:24 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20823_none_ec57303a2f6e03d6\pngfilt.dll
+ 2008-04-25 04:23:11 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16681_none_b2a75a1fd9e35341\urlmon.dll
+ 2008-04-25 04:09:51 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20823_none_b373d8ecf2ce7b3a\urlmon.dll
+ 2008-04-25 04:35:19 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18063_none_b4a53931d6f7defe\urlmon.dll
+ 2008-04-25 04:21:54 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22167_none_b532d724f011e424\urlmon.dll
+ 2008-02-29 06:34:50 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.16646_none_ebb5eec692f230bc\f3ahvoas.dll
+ 2008-02-29 06:30:51 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.20782_none_ec104ab9ac33daee\f3ahvoas.dll
+ 2008-04-25 04:23:09 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16681_none_de89e8e87f8c12b0\mstime.dll
+ 2008-04-25 04:08:10 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20823_none_df5667b598773aa9\mstime.dll
+ 2008-04-25 04:35:16 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18063_none_e087c7fa7ca09e6d\mstime.dll
+ 2008-04-25 04:20:09 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22167_none_e11565ed95baa393\mstime.dll
+ 2008-02-29 06:35:17 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.16646_none_dafbedd9168fe683\kbd106n.dll
+ 2008-02-29 06:31:23 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.20782_none_db5649cc2fd190b5\kbd106n.dll
+ 2008-04-25 04:23:06 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\jsproxy.dll
+ 2008-04-25 04:23:11 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\wininet.dll
+ 2008-04-25 04:23:11 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\WininetPlugin.dll
+ 2008-04-25 04:07:19 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\jsproxy.dll
+ 2008-04-25 04:09:57 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\wininet.dll
+ 2008-04-25 04:09:57 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\WininetPlugin.dll
+ 2008-04-25 04:35:13 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\jsproxy.dll
+ 2008-04-25 04:35:23 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\wininet.dll
+ 2008-04-25 04:35:24 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\WininetPlugin.dll
+ 2008-04-25 04:19:00 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\jsproxy.dll
+ 2008-04-25 04:22:01 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\wininet.dll
+ 2008-04-25 04:22:01 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\WininetPlugin.dll
+ 2008-04-25 04:23:06 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16681_none_f956589b6ed7f427\ieapfltr.dll
+ 2008-04-25 04:07:00 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20823_none_fa22d76887c31c20\ieapfltr.dll
+ 2008-04-25 04:23:06 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16681_none_958a915384bd7a55\dxtmsft.dll
+ 2008-04-25 04:23:06 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16681_none_958a915384bd7a55\dxtrans.dll
+ 2008-04-25 04:06:44 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20823_none_965710209da8a24e\dxtmsft.dll
+ 2008-04-25 04:06:44 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20823_none_965710209da8a24e\dxtrans.dll
+ 2008-04-25 04:23:07 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16681_none_45ed2bab467e2ce2\mshtmled.dll
+ 2008-04-25 04:07:54 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20823_none_46b9aa785f6954db\mshtmled.dll
+ 2008-04-25 04:23:07 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16681_none_110754e02542e30a\mshtml.dll
+ 2008-04-25 04:07:54 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20823_none_11d3d3ad3e2e0b03\mshtml.dll
+ 2008-04-25 04:35:14 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18063_none_130533f222576ec7\mshtml.dll
+ 2008-04-25 04:19:50 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22167_none_1392d1e53b7173ed\mshtml.dll
+ 2008-04-25 04:23:06 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16681_none_585fc1aa67576f13\icardie.dll
+ 2008-04-25 04:06:59 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20823_none_592c40778042970c\icardie.dll
+ 2008-04-25 04:22:36 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\ieUnatt.exe
+ 2008-04-25 04:22:36 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
+ 2008-04-25 02:03:49 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\ieUnatt.exe
+ 2008-04-25 02:04:08 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
+ 2008-04-25 04:22:36 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\ie4uinit.exe
+ 2008-04-25 04:23:06 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\iernonce.dll
+ 2008-04-25 04:23:06 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\iesetup.dll
+ 2008-04-25 02:03:38 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\ie4uinit.exe
+ 2008-04-25 04:07:06 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\iernonce.dll
+ 2008-04-25 04:07:06 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\iesetup.dll
+ 2008-04-25 04:23:06 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16681_none_29ba0dd8684286b9\iebrshim.dll
+ 2008-04-25 04:07:00 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20823_none_2a868ca5812daeb2\iebrshim.dll
+ 2008-04-25 04:23:06 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16681_none_6266aee3b1387137\ieframe.dll
+ 2008-04-25 04:23:06 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16681_none_6266aee3b1387137\ieui.dll
+ 2008-04-25 04:07:06 6,068,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20823_none_63332db0ca239930\ieframe.dll
+ 2008-04-25 04:07:06 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20823_none_63332db0ca239930\ieui.dll
+ 2008-04-25 04:22:36 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16681_none_e6601b6294bbc56f\ieinstal.exe
+ 2008-04-25 02:04:02 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20823_none_e72c9a2fada6ed68\ieinstal.exe
+ 2008-04-25 04:22:36 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16681_none_0b08507ed7368521\ieuser.exe
+ 2008-04-25 02:04:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20823_none_0bd4cf4bf021ad1a\ieuser.exe
+ 2008-03-08 02:14:07 148,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.0.6000.16651_none_5565745f98e52f68\ks.sys
+ 2008-03-08 02:07:50 148,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.0.6000.20788_none_55d5a36cb214d466\ks.sys
+ 2008-04-23 04:27:01 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16679_none_3d017dbd628e4075\mcmde.dll
+ 2008-04-23 05:11:51 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20821_none_3db929ba7b8a86f9\mcmde.dll
+ 2008-06-26 03:22:33 797,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NaturalLanguage6.dll
+ 2008-06-26 03:22:33 1,523,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0000.dll
+ 2008-06-26 03:22:33 2,597,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0001.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0002.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0003.dll
+ 2008-06-26 03:22:33 2,241,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0007.dll
+ 2008-06-26 03:22:33 4,874,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0009.dll
+ 2008-06-26 03:22:33 9,845,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000a.dll
+ 2008-06-26 03:22:33 2,641,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000c.dll
+ 2008-06-26 03:22:33 2,340,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000d.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000f.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0010.dll
+ 2008-06-26 03:22:33 2,655,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0011.dll
+ 2008-06-26 03:22:33 3,464,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0013.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0018.dll
+ 2008-06-26 03:22:33 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0019.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData001a.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData001b.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData001d.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0020.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0021.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0022.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0024.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0026.dll
+ 2008-06-26 03:22:33 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0027.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData002a.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0039.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData003e.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0045.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0046.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0047.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0049.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004a.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004b.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004c.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004e.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0414.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0416.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0816.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData081a.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0c1a.dll
+ 2008-06-26 00:33:04 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0001.dll
+ 2008-06-26 00:34:20 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0002.dll
+ 2008-06-26 00:33:41 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0003.dll
+ 2008-06-26 00:33:35 12,240,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0007.dll
+ 2008-06-26 00:33:33 2,644,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0009.dll
+ 2008-06-26 00:33:39 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000a.dll
+ 2008-06-26 00:33:34 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000c.dll
+ 2008-06-26 00:33:36 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000d.dll
+ 2008-06-26 00:33:48 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000f.dll
+ 2008-06-26 00:33:49 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0010.dll
+ 2008-06-26 00:33:37 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0011.dll
+ 2008-06-26 00:33:12 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0013.dll
+ 2008-06-26 00:34:01 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0018.dll
+ 2008-06-26 00:34:03 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0019.dll
+ 2008-06-26 00:33:43 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons001a.dll
+ 2008-06-26 00:34:37 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons001b.dll
+ 2008-06-26 00:34:14 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons001d.dll
+ 2008-06-26 00:34:34 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0020.dll
+ 2008-06-26 00:33:40 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0021.dll
+ 2008-06-26 00:34:33 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0022.dll
+ 2008-06-26 00:34:39 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0024.dll
+ 2008-06-26 00:34:30 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0026.dll
+ 2008-06-26 00:33:50 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0027.dll
+ 2008-06-26 00:34:26 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons002a.dll
+ 2008-06-26 00:33:46 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0039.dll
+ 2008-06-26 00:33:52 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons003e.dll
+ 2008-06-26 00:34:18 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0045.dll
+ 2008-06-26 00:33:58 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0046.dll
+ 2008-06-26 00:33:45 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0047.dll
+ 2008-06-26 00:34:24 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0049.dll
+ 2008-06-26 00:34:25 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004a.dll
+ 2008-06-26 00:34:22 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004b.dll
+ 2008-06-26 00:34:36 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004c.dll
+ 2008-06-26 00:34:23 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004e.dll
+ 2008-06-26 00:33:54 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0414.dll
+ 2008-06-26 00:33:57 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0416.dll
+ 2008-06-26 00:33:56 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0816.dll
+ 2008-06-26 00:34:11 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons081a.dll
+ 2008-06-26 00:34:09 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0c1a.dll
+ 2008-06-26 00:33:01 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsModels0011.dll
+ 2008-06-26 03:18:12 797,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NaturalLanguage6.dll
+ 2008-06-26 03:18:18 1,523,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0000.dll
+ 2008-06-26 03:18:19 2,597,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0001.dll
+ 2008-06-26 03:18:20 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0002.dll
+ 2008-06-26 03:18:21 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0003.dll
+ 2008-06-26 03:18:21 2,241,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0007.dll
+ 2008-06-26 03:18:22 4,874,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0009.dll
+ 2008-06-26 03:18:24 9,845,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000a.dll
+ 2008-06-26 03:18:24 2,641,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000c.dll
+ 2008-06-26 03:18:26 2,340,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000d.dll
+ 2008-06-26 03:18:26 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000f.dll
+ 2008-06-26 03:18:30 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0010.dll
+ 2008-06-26 03:18:32 2,655,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0011.dll
+ 2008-06-26 03:18:33 3,464,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0013.dll
+ 2008-06-26 03:18:34 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0018.dll
+ 2008-06-26 03:18:38 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0019.dll
+ 2008-06-26 03:18:38 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData001a.dll
+ 2008-06-26 03:18:40 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData001b.dll
+ 2008-06-26 03:18:42 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData001d.dll
+ 2008-06-26 03:18:43 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0020.dll
+ 2008-06-26 03:18:44 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0021.dll
+ 2008-06-26 03:18:44 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0022.dll
+ 2008-06-26 03:18:44 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0024.dll
+ 2008-06-26 03:18:45 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0026.dll
+ 2008-06-26 03:18:45 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0027.dll
+ 2008-06-26 03:18:46 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData002a.dll
+ 2008-06-26 03:18:46 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0039.dll
+ 2008-06-26 03:18:47 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData003e.dll
+ 2008-06-26 03:18:49 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0045.dll
+ 2008-06-26 03:18:51 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0046.dll
+ 2008-06-26 03:18:52 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0047.dll
+ 2008-06-26 03:18:53 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0049.dll
+ 2008-06-26 03:18:54 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004a.dll
+ 2008-06-26 03:18:54 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004b.dll
+ 2008-06-26 03:18:57 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004c.dll
+ 2008-06-26 03:18:58 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004e.dll
+ 2008-06-26 03:19:00 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0414.dll
+ 2008-06-26 03:19:01 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0416.dll
+ 2008-06-26 03:19:04 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0816.dll
+ 2008-06-26 03:19:04 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData081a.dll
+ 2008-06-26 03:19:05 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0c1a.dll
+ 2008-06-26 00:30:04 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0001.dll
+ 2008-06-26 00:31:26 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0002.dll
+ 2008-06-26 00:30:49 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0003.dll
+ 2008-06-26 00:30:39 12,240,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0007.dll
+ 2008-06-26 00:30:36 2,644,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0009.dll
+ 2008-06-26 00:30:47 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000a.dll
+ 2008-06-26 00:30:37 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000c.dll
+ 2008-06-26 00:30:43 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000d.dll
+ 2008-06-26 00:30:54 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000f.dll
+ 2008-06-26 00:30:55 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0010.dll
+ 2008-06-26 00:30:45 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0011.dll
+ 2008-06-26 00:30:11 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0013.dll
+ 2008-06-26 00:31:06 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0018.dll
+ 2008-06-26 00:31:09 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0019.dll
+ 2008-06-26 00:30:50 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons001a.dll
+ 2008-06-26 00:31:46 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons001b.dll
+ 2008-06-26 00:31:23 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons001d.dll
+ 2008-06-26 00:31:44 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0020.dll
+ 2008-06-26 00:30:48 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0021.dll
+ 2008-06-26 00:31:40 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0022.dll
+ 2008-06-26 00:31:48 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0024.dll
+ 2008-06-26 00:31:35 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0026.dll
+ 2008-06-26 00:30:57 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0027.dll
+ 2008-06-26 00:31:34 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons002a.dll
+ 2008-06-26 00:30:53 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0039.dll
+ 2008-06-26 00:30:59 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons003e.dll
+ 2008-06-26 00:31:25 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0045.dll
+ 2008-06-26 00:31:04 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0046.dll
+ 2008-06-26 00:30:52 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0047.dll
+ 2008-06-26 00:31:32 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0049.dll
+ 2008-06-26 00:31:33 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004a.dll
+ 2008-06-26 00:31:29 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004b.dll
+ 2008-06-26 00:31:45 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004c.dll
+ 2008-06-26 00:31:30 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004e.dll
+ 2008-06-26 00:31:00 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0414.dll
+ 2008-06-26 00:31:03 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0416.dll
+ 2008-06-26 00:31:02 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0816.dll
+ 2008-06-26 00:31:22 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons081a.dll
+ 2008-06-26 00:31:16 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0c1a.dll
+ 2008-06-26 00:30:01 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsModels0011.dll
+ 2008-06-26 03:29:06 801,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NaturalLanguage6.dll
+ 2008-01-19 07:35:38 1,523,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0000.dll
+ 2008-01-19 07:35:39 2,599,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0001.dll
+ 2008-01-19 07:35:39 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0002.dll
+ 2008-01-19 07:35:40 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0003.dll
+ 2008-01-19 07:35:40 2,243,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0007.dll
+ 2008-01-19 07:35:42 4,875,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0009.dll
+ 2008-01-19 07:35:44 9,847,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000a.dll
+ 2008-01-19 07:35:45 2,643,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000c.dll
+ 2008-01-19 07:35:46 2,342,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000d.dll
+ 2008-01-19 07:35:46 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000f.dll
+ 2008-01-19 07:35:46 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0010.dll
+ 2008-01-19 07:35:46 2,657,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0011.dll
+ 2008-01-19 07:35:47 3,466,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0013.dll
+ 2008-01-19 07:35:47 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0018.dll
+ 2008-01-19 07:35:47 4,497,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0019.dll
+ 2008-01-19 07:35:48 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData001a.dll
+ 2008-01-19 07:35:48 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData001b.dll
+ 2008-01-19 07:35:49 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData001d.dll
+ 2008-01-19 07:35:49 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0020.dll
+ 2008-01-19 07:35:49 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0021.dll
+ 2008-01-19 07:35:49 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0022.dll
+ 2008-01-19 07:35:50 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0024.dll
+ 2008-01-19 07:35:50 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0026.dll
+ 2008-01-19 07:35:50 1,966,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0027.dll
+ 2008-01-19 07:35:50 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData002a.dll
+ 2008-01-19 07:35:51 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0039.dll
+ 2008-01-19 07:35:51 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData003e.dll
+ 2008-01-19 07:35:51 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0045.dll
+ 2008-01-19 07:35:52 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0046.dll
+ 2008-01-19 07:35:52 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0047.dll
+ 2008-01-19 07:35:53 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0049.dll
+ 2008-01-19 07:35:53 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData004a.dll
+ 2008-01-19 07:35:54 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData004b.dll
+ 2008-01-19 07:35:54 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData004c.dll
+ 2008-01-19 07:35:54 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData004e.dll
+ 2008-01-19 07:35:55 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0414.dll
+ 2008-01-19 07:35:56 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0416.dll
+ 2008-01-19 07:35:57 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0816.dll
+ 2008-01-19 07:35:57 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData081a.dll
+ 2008-01-19 07:35:57 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0c1a.dll
+ 2008-06-26 01:45:43 12,240,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0007.dll
+ 2008-06-26 01:45:55 2,644,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0009.dll
+ 2008-06-26 03:19:03 801,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NaturalLanguage6.dll
+ 2008-06-26 03:19:12 1,523,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0000.dll
+ 2008-06-26 03:19:16 2,599,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0001.dll
+ 2008-06-26 03:19:20 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0002.dll
+ 2008-06-26 03:19:22 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0003.dll
+ 2008-06-26 03:19:23 2,243,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0007.dll
+ 2008-06-26 03:19:24 4,875,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0009.dll
+ 2008-06-26 03:19:27 9,847,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData000a.dll
+ 2008-06-26 03:19:27 2,643,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData000c.dll
+ 2008-06-26 03:19:31 2,342,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData000d.dll
+ 2008-06-26 03:19:32 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData000f.dll
+ 2008-06-26 03:19:32 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0010.dll
+ 2008-06-26 03:19:32 2,657,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0011.dll
+ 2008-06-26 03:19:34 3,466,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0013.dll
+ 2008-06-26 03:19:35 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0018.dll
+ 2008-06-26 03:19:36 4,497,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0019.dll
+ 2008-06-26 03:19:37 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData001a.dll
+ 2008-06-26 03:19:38 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData001b.dll
+ 2008-06-26 03:19:40 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData001d.dll
+ 2008-06-26 03:19:41 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0020.dll
+ 2008-06-26 03:19:42 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0021.dll
+ 2008-06-26 03:19:43 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0022.dll
+ 2008-06-26 03:19:44 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0024.dll
+ 2008-06-26 03:19:44 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0026.dll
+ 2008-06-26 03:19:45 1,966,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0027.dll
+ 2008-06-26 03:19:46 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData002a.dll
+ 2008-06-26 03:19:48 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0039.dll
+ 2008-06-26 03:19:48 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData003e.dll
+ 2008-06-26 03:19:50 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0045.dll
+ 2008-06-26 03:19:51 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0046.dll
+ 2008-06-26 03:19:52 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0047.dll
+ 2008-06-26 03:19:54 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0049.dll
+ 2008-06-26 03:19:56 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData004a.dll
+ 2008-06-26 03:19:57 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData004b.dll
+ 2008-06-26 03:19:58 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData004c.dll
+ 2008-06-26 03:20:00 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData004e.dll
+ 2008-06-26 03:20:04 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0414.dll
+ 2008-06-26 03:20:05 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0416.dll
+ 2008-06-26 03:20:07 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0816.dll
+ 2008-06-26 03:20:08 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData081a.dll
+ 2008-06-26 03:20:09 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0c1a.dll
+ 2008-06-26 01:42:33 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0001.dll
+ 2008-06-26 01:42:55 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0002.dll
+ 2008-06-26 01:42:31 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0003.dll
+ 2008-06-26 01:42:38 12,240,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0007.dll
+ 2008-06-26 01:42:38 2,644,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0009.dll
+ 2008-06-26 01:42:38 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons000a.dll
+ 2008-06-26 01:42:31 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons000c.dll
+ 2008-06-26 01:42:27 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons000d.dll
+ 2008-06-26 01:42:40 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons000f.dll
+ 2008-06-26 01:42:38 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0010.dll
+ 2008-06-26 01:42:29 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0011.dll
+ 2008-06-26 01:42:27 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0013.dll
+ 2008-06-26 01:42:48 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0018.dll
+ 2008-06-26 01:42:54 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0019.dll
+ 2008-06-26 01:42:36 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons001a.dll
+ 2008-06-26 01:43:07 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons001b.dll
+ 2008-06-26 01:42:55 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons001d.dll
+ 2008-06-26 01:43:07 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0020.dll
+ 2008-06-26 01:42:31 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0021.dll
+ 2008-06-26 01:43:07 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0022.dll
+ 2008-06-26 01:43:14 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0024.dll
+ 2008-06-26 01:43:07 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0026.dll
+ 2008-06-26 01:42:41 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0027.dll
+ 2008-06-26 01:42:55 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons002a.dll
+ 2008-06-26 01:42:35 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0039.dll
+ 2008-06-26 01:42:41 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons003e.dll
+ 2008-06-26 01:42:51 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0045.dll
+ 2008-06-26 01:42:43 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0046.dll
+ 2008-06-26 01:42:33 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0047.dll
+ 2008-06-26 01:42:56 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0049.dll
+ 2008-06-26 01:42:58 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons004a.dll
+ 2008-06-26 01:42:53 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons004b.dll
+ 2008-06-26 01:43:07 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons004c.dll
+ 2008-06-26 01:42:56 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons004e.dll
+ 2008-06-26 01:42:43 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0414.dll
+ 2008-06-26 01:42:47 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0416.dll
+ 2008-06-26 01:42:44 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0816.dll
+ 2008-06-26 01:42:57 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons081a.dll
+ 2008-06-26 01:42:57 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0c1a.dll
+ 2008-06-26 01:42:23 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsModels0011.dll
+ 2007-12-16 22:50:41 1,060,920 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346\ntfs.sys
+ 2007-12-16 22:52:59 1,061,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20740_none_a4e9483239031830\ntfs.sys
+ 2008-06-09 22:40:17 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16699_none_f0498ecc6e94a1be\OESpamFilter.dat
+ 2008-06-09 22:37:40 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20855_none_f0fa6c058795698f\OESpamFilter.dat
+ 2008-06-11 00:28:21 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18088_none_f2399d146bb3fd67\OESpamFilter.dat
+ 2008-06-09 22:36:23 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22200_none_f311b8d58497f018\OESpamFilter.dat
+ 2008-05-10 01:21:06 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\rmcast.sys
+ 2008-05-10 03:30:50 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\wshrm.dll
+ 2008-05-10 01:15:20 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\rmcast.sys
+ 2008-05-10 03:14:30 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\wshrm.dll
+ 2008-05-10 01:33:10 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\rmcast.sys
+ 2008-05-10 01:20:02 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\rmcast.sys
+ 2008-05-10 03:22:18 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\wshrm.dll
+ 2008-04-24 04:51:39 11,315,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll
+ 2008-04-24 04:40:28 11,319,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20822_none_6ab8eba52e01644f\shell32.dll
+ 2008-04-24 04:58:20 11,580,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\shell32.dll
+ 2008-04-24 04:45:45 11,581,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22166_none_6c77e9dd2b44cd39\shell32.dll
+ 2008-02-29 06:38:54 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\rstrui.exe
+ 2008-02-29 06:39:13 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srclient.dll
+ 2008-02-29 06:39:13 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srcore.dll
+ 2008-02-29 06:38:59 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srdelayed.exe
+ 2008-02-29 04:05:40 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\rstrui.exe
+ 2008-02-29 06:33:44 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srclient.dll
+ 2008-02-29 06:33:44 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srcore.dll
+ 2008-02-29 04:05:32 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srdelayed.exe
+ 2008-02-29 04:12:59 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\rstrui.exe
+ 2008-02-29 06:53:38 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srclient.dll
+ 2008-02-29 06:53:39 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srcore.dll
+ 2008-02-29 04:12:53 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srdelayed.exe
+ 2008-02-29 04:06:52 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\rstrui.exe
+ 2008-02-29 06:37:51 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srclient.dll
+ 2008-02-29 06:37:51 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srcore.dll
+ 2008-02-29 04:06:46 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srdelayed.exe
+ 2008-04-23 04:27:00 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16679_none_de4f2af09170b787\EncDec.dll
+ 2008-04-23 05:11:36 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20821_none_df06d6edaa6cfe0b\EncDec.dll
+ 2008-04-23 04:42:37 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18061_none_e03837328e9661cf\EncDec.dll
+ 2008-04-23 04:34:41 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22165_none_e0c5d525a7b066f5\EncDec.dll
+ 2008-04-23 04:27:04 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16679_none_d9d44caa5a19bb32\psisdecd.dll
+ 2008-04-23 05:12:30 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20821_none_da8bf8a7731601b6\psisdecd.dll
+ 2008-04-23 04:42:37 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a\psisdecd.dll
+ 2008-04-23 04:34:47 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22165_none_dc4af6df70596aa0\psisdecd.dll
+ 2008-02-29 04:16:38 2,027,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys
+ 2008-02-29 04:14:24 2,028,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys
+ 2008-02-29 04:21:49 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys
+ 2008-02-29 04:15:56 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys
+ 2007-12-16 09:56:45 41,984 ----a-w C:\Windows\winsxs\x86_monitor.inf_31bf3856ad364e35_6.0.6000.16615_none_4117345983213804\monitor.sys
+ 2007-12-16 09:50:45 41,984 ----a-w C:\Windows\winsxs\x86_monitor.inf_31bf3856ad364e35_6.0.6000.20740_none_417b5fee9c5bacee\monitor.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-09-05 10:29 471552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-12 21:50 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-09 22:03 857648]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-06-28 23:16 707080]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 16:38 206952]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 18:00 1286144]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 19:33 457216]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 00:44 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 00:42 22696]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-04 17:10 142104]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-04 17:10 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-04 17:10 138008]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 17:47 45056]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [2007-02-02 15:24 3383296]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [2007-02-02 14:05 1261568]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 18:49 151552]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 09:47 57344]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 09:21 94208]
"HostManager"="C:\Program Files\Common Files\AOL\1201378896\ee\AOLSoftware.exe" [2006-03-10 18:22 48280]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 10:40 34904]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33 99480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 14:25 185896]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-28 04:29 4472832 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-13 00:40:34 535336]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-26 13:36:17 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{23B9A743-6D22-4B43-A0FC-0EE75414C0AB}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{298867A0-CACD-498E-96FE-E27CF0E66909}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{185C8887-9E39-4D4A-B585-A42446C37900}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{D980ABA4-BD83-4D40-96ED-E23DBF4FDF21}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{1207D56E-70BA-4C13-B025-B53C4FBE744B}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{16FBF7B4-F9D8-422B-A761-1486D18AF384}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{D0076934-FBCD-4D9E-B496-8789D7B88A63}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{A83ADD09-113C-4051-AF22-3D88D675F274}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{400D3070-9F39-4041-9BD9-15E4D1EBBB7C}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{7C72A3B4-635E-4467-B5E2-024196605D0A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{025F61EB-B030-4783-9671-7FDDB1E35456}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{33FBF243-FACF-42CD-AA62-11740FC5D4E9}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{FAC3D942-184E-485C-ABD4-A407A2DA5961}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{3F6C95EE-DC11-459B-83AC-1F6F91BB6663}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{B5DCCC17-F13D-43ED-A6D8-B44675A53332}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{1DE952AA-45B4-4929-BF01-614B9D76231D}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Application Loader
"{EF8A8ECD-0506-4689-A201-10A48CC1354E}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Application Loader
"{A8D34897-2C38-41DB-A040-F251A537C2B3}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{0776B611-532C-4F24-8132-985498C65D83}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{CF6C86C4-98A2-43C2-8033-D6221E4DE185}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{F42F396E-D1CF-48D6-A8E8-332EAB7DF8C8}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{B9BB27AE-4FCA-4AA1-BD23-6CDED21B1122}"= UDP:C:\Program Files\America Online 9.0\waol.exe:AOL
"{B37920D9-2E8C-4A71-BB60-0965701908B6}"= TCP:C:\Program Files\America Online 9.0\waol.exe:AOL
"{592CD60C-C837-4F8C-AE21-761D39232ABB}"= UDP:C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:AOLTsMon
"{43F84C9C-C42C-43FD-BDFB-4219E6AC7B2C}"= TCP:C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:AOLTsMon
"{8E08E9F7-61B5-4319-A643-B40113618381}"= UDP:C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:AOLTopSpeed
"{F83B405B-87C8-4971-BF04-497863D5EE16}"= TCP:C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:AOLTopSpeed
"{93B125F9-BE2C-4A7E-A6C9-5981F9ADB21C}"= UDP:C:\Program Files\Common Files\AOL\1201378896\EE\AOLServiceHost.exe:AOL
"{91860A2A-22A9-47EA-A27A-A2178BC4298A}"= TCP:C:\Program Files\Common Files\AOL\1201378896\EE\AOLServiceHost.exe:AOL
"{DBC77C55-593A-4716-BBC4-34DF6C55BB46}"= UDP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL
"{6648B3C4-85AB-461E-93CE-9CB4D06BAC3B}"= TCP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL
"{562B7AB0-82B8-43AD-9B44-22BCDBD9E6F4}"= UDP:C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{EE9C1C20-B891-4831-8D0C-F49AEA402E01}"= TCP:C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{C26EF062-AE9E-4EAC-B67B-D44EDBA1A07A}"= UDP:C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"{F8F65B72-4361-4B11-B2CD-7C4D8DBB147E}"= TCP:C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"{EC3660BB-E280-495A-8FD6-7DFF72F41BDE}"= UDP:C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:AOL
"{4823EA2E-4435-4CE5-BD9D-377744B1A559}"= TCP:C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:AOL
"{48065AC7-6B63-4C62-ACED-620604D5B875}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D989802C-9D85-4D8C-85AA-09E3F2AC75FA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080729.001\IDSvix86.sys [2008-02-13 12:18]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 19:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-14 17:31]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 10:51]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 18:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - ATWPKT2
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-03 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - User.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 00:41]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 00:49:21
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Windows\System32\conime.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\AOL\1201378896\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\HP Software Update\HPWUCli.exe
C:\Windows\System32\RacAgent.exe
C:\Windows\System32\lpremove.exe
C:\Windows\System32\lpksetup.exe
C:\Windows\System32\mcbuilder.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-08-03 0:54:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-03 04:54:42
ComboFix2.txt 2008-07-31 04:21:38
ComboFix3.txt 2008-07-31 03:59:34
ComboFix4.txt 2008-07-31 02:59:38

Pre-Run: 46,563,241,984 bytes free
Post-Run: 46,398,251,008 bytes free

1111 --- E O F --- 2008-08-03 04:35:22


and hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:56 AM, on 8/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\AOL\1201378896\EE\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe
C:\program files\common files\aol\1201378896\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\common files\aol\1201378896\ee\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\HP Software Update\HPWUCli.exe
C:\Windows\Explorer.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pieces.deadsunrise.net/laruku
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201378896\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 13323 bytes

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:23 PM

Posted 04 August 2008 - 06:42 AM

Not seeing anything else...any improvements?

#11 emihonimay

emihonimay
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 04 August 2008 - 11:37 AM

Yes, it seems like it. Actually, it seemed like it had started improving at least as early as when I could open the Control Panel long enough to search for any programs. I'll keep using it and see if anything else comes up. And, just out of curiosity, what exactly was (or were) the thing(s) that was messing up my comp?

Anyways. Thanks sooooo much for the help. m(_ _)m

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:23 PM

Posted 04 August 2008 - 11:46 AM

Looks like you had vundo remnants, but could also have been that last driver, which is known to cause strange behaviour.

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here for your particular Windows Version:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

or

Windows Vista System Restore Guide


Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


I am closing this topic. Please message a moderator if you need it reopened.

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users