also @ TechSpot: Updated Microsoft EULA prohibits class action lawsuits

TechSpot

[Active] Hello, I think I have a problem here

Discussion in 'Virus and Malware Removal' started by Starmie, Dec 19, 2011.

Page 2 of 2

  1. Bobbye Helper on the Fringe

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    KillAll::
File::
c:\programdata\Microsoft\BingBar\BBSvc\7.0.822.0oemBingBarSetup-Partner.EXE
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe 
DirLook::
c:\windows\SysWow64\Microsoft
C:\$WINDOWS.~LS
C:\$WINDOWS.~BT
FileLook::
c:\windows\winstart.bat
Folder::
c:\programdata\AVG Secure Search
c:\program files (x86)\ARO 2011
Registry::
Clearjavacache::
Driver::
BBUpdate
vToolbarUpdater
FCopy::
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Recommend you uninstall this program. We do not recommend registry cleaners to anyone.
    c:\program files (x86)\ARO 2011 >> ARO used to stand for Advanced Registry Optimizer, but Support.com changed it to Advanced Repair and Optimization

    Suggest you reset the pages in your browser:
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bing.com/?pc=BNHP
    ===========================================
    First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.
    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ===================================
    New Holiday Notice! I will not be working on the threads Sat. Dec. 31 or Sunday Jan. 1 I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that.

    Please do not send a PM during those days.
    Bobbye, Dec 29, 2011
    #21

  2. Starmie Newcomer, in training

    Combofix pt. 1

    ComboFix 11-12-29.05 - Bassett 12/30/2011 7:29.5.6 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.3945 [GMT -5:00]
    Running from: c:\users\Bassett\Downloads\ComboFix.exe
    Command switches used :: c:\users\Bassett\Downloads\CFScript.txt
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe"
    "c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE"
    "c:\programdata\Microsoft\BingBar\BBSvc\7.0.822.0oemBingBarSetup-Partner.EXE"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\ARO 2011
    c:\program files (x86)\ARO 2011\install_left_image.bmp
    c:\program files (x86)\ARO 2011\unins000.dat
    c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\programdata\AVG Secure Search
    c:\programdata\Microsoft\BingBar\BBSvc\7.0.822.0oemBingBarSetup-Partner.EXE
    .
    ----- File Replicators -----
    .
    c:\users\Bassett\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
    c:\windows\Installer\{097E59B5-CCAB-46B6-6A0B-EDF2CA595C84}\ARPPRODUCTICON.exe
    c:\windows\Installer\{19A492A0-888F-44A0-9B21-D91700763F62}\ARPPRODUCTICON.exe
    c:\windows\Installer\{25FAEDD1-3733-86F7-55F5-D7AEAF2D93B0}\ARPPRODUCTICON.exe
    c:\windows\Installer\{280DF415-F2C2-122F-CC52-AA7EAECF3E14}\ARPPRODUCTICON.exe
    c:\windows\Installer\{32773B3E-45CA-5CA3-0A6A-E3FF592B3AD3}\ARPPRODUCTICON.exe
    c:\windows\Installer\{36CEA188-3DFA-6391-4774-C92D4B092407}\ARPPRODUCTICON.exe
    c:\windows\Installer\{41068A8C-3F30-46B6-978A-EA692F28D1AF}\ARPPRODUCTICON.exe
    c:\windows\Installer\{46D936B9-DE22-983C-341C-968C3E122CF8}\ARPPRODUCTICON.exe
    c:\windows\Installer\{480C0D1B-C42A-FD87-F404-A54D9B1C619C}\ARPPRODUCTICON.exe
    c:\windows\Installer\{481AB4A0-BB71-F2D9-E155-89F0D773FE9E}\ARPPRODUCTICON.exe
    c:\windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe
    c:\windows\Installer\{53447D64-FD9C-B3B9-25B3-47292EE10EBF}\ARPPRODUCTICON.exe
    c:\windows\Installer\{56158912-D481-DE3A-298C-E13B24E3A87C}\ARPPRODUCTICON.exe
    c:\windows\Installer\{6262B40D-FAA5-5CCF-6DE3-9FAFB6C7DC89}\ARPPRODUCTICON.exe
    c:\windows\Installer\{62B883AB-AC37-9127-56D0-2C3FC0AFC724}\ARPPRODUCTICON.exe
    c:\windows\Installer\{64997420-9AFE-289E-1B7A-E2C59937D973}\ARPPRODUCTICON.exe
    c:\windows\Installer\{6BBC8D43-AA08-8FCD-EDA6-EED2342A4FF0}\ARPPRODUCTICON.exe
    c:\windows\Installer\{749FCBB7-D313-CCCA-E2CF-7850A019311F}\ARPPRODUCTICON.exe
    c:\windows\Installer\{74CC9A1B-4A3D-AEEC-3ED6-71F7B42A5EFE}\ARPPRODUCTICON.exe
    c:\windows\Installer\{8BBCF476-7566-9129-F7C0-619087484138}\ARPPRODUCTICON.exe
    c:\windows\Installer\{8FF50F43-7BB0-4BF4-C67F-F9BF254AC278}\ARPPRODUCTICON.exe
    c:\windows\Installer\{9DD96558-0E0C-8563-E00D-C970155C5503}\ARPPRODUCTICON.exe
    c:\windows\Installer\{A58E067E-2C66-B40A-AF7A-4A82307E671C}\ARPPRODUCTICON.exe
    c:\windows\Installer\{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}\ARPPRODUCTICON.exe
    c:\windows\Installer\{AA43D433-3DE8-F2CA-1728-4BA962D9FAE4}\ARPPRODUCTICON.exe
    c:\windows\Installer\{AD17B1DD-9342-F787-92EC-E93441042A23}\ARPPRODUCTICON.exe
    c:\windows\Installer\{AF1D271B-B122-1707-6707-9E29A96082D2}\ARPPRODUCTICON.exe
    c:\windows\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe
    c:\windows\Installer\{BEE0F537-96FA-8F84-FB5E-570EE86F636A}\ARPPRODUCTICON.exe
    c:\windows\Installer\{CDD450A5-9F2E-1D61-5FEB-DDD30E985D23}\ARPPRODUCTICON.exe
    c:\windows\Installer\{D5BAE960-8312-3EB3-A116-3F5926A1E7B7}\ARPPRODUCTICON.exe
    c:\windows\Installer\{E4382E64-1EB5-09D2-5D29-FEBB46A6F340}\ARPPRODUCTICON.exe
    c:\windows\Installer\{E9E8E4CC-8274-3831-7103-10B2AD73588C}\ARPPRODUCTICON.exe
    c:\windows\Installer\{EA100873-8DD1-4505-2D61-9666569B54B6}\ARPPRODUCTICON.exe
    c:\windows\Installer\{F26A0379-5852-CA4C-0BF6-662AC274A3D8}\ARPPRODUCTICON.exe
    c:\windows\Installer\{F8C87E78-B318-C156-F8B0-427F6D3FC443}\ARPPRODUCTICON.exe
    c:\windows\Installer\{FF527B68-2D1D-B15B-0FFC-8BF8487AD194}\ARPPRODUCTICON.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_BBUpdate
    -------\Service_vToolbarUpdater
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-30 12:34 . 2011-12-30 12:34 -------- d-----w- c:\users\Mcx1-BASSETT-PC\AppData\Local\temp
    2011-12-30 12:34 . 2011-12-30 12:34 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-30 08:15 . 2011-11-30 07:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18909BA7-D777-4D9F-B33A-2903E1464DD4}\mpengine.dll
    2011-12-27 11:46 . 2011-12-27 11:46 -------- d-s---w- c:\windows\SysWow64\Microsoft
    2011-12-26 19:48 . 2011-12-26 19:48 -------- d-----w- C:\_OTM
    2011-12-26 10:10 . 2011-12-26 10:10 -------- d-----w- c:\users\Bassett\AppData\Local\Comodo
    2011-12-25 23:15 . 2011-12-25 23:33 -------- d-----w- c:\programdata\CPA_VA
    2011-12-25 23:09 . 2011-12-28 16:42 -------- d-----w- c:\programdata\Comodo
    2011-12-25 23:09 . 2011-12-25 23:09 -------- d-----w- c:\program files\COMODO
    2011-12-25 23:09 . 2011-12-25 23:09 -------- d-----w- c:\program files (x86)\Comodo
    2011-12-25 23:09 . 2011-12-25 23:09 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
    2011-12-25 20:53 . 2011-12-25 20:53 -------- d-----w- c:\program files (x86)\ESET
    2011-12-25 20:44 . 2011-12-25 20:44 -------- d-----w- c:\users\Bassett\AppData\Roaming\Avira
    2011-12-25 20:43 . 2011-12-26 20:45 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-12-25 20:43 . 2011-09-16 04:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-12-25 20:43 . 2011-09-16 04:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2011-12-25 20:43 . 2011-12-25 20:43 -------- d-----w- c:\programdata\Avira
    2011-12-25 20:43 . 2011-12-25 20:43 -------- d-----w- c:\program files (x86)\Avira
    2011-12-25 17:06 . 2011-12-25 17:07 -------- d-----w- c:\users\Bassett\AppData\Roaming\Origin
    2011-12-25 17:06 . 2011-12-25 17:06 -------- d-----w- c:\users\Bassett\AppData\Local\Origin
    2011-12-25 17:06 . 2011-12-25 17:06 -------- d-----w- c:\program files (x86)\Origin
    2011-12-19 23:59 . 2011-12-19 23:59 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-12-19 23:59 . 2011-12-19 23:59 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-12-19 23:59 . 2011-12-19 23:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-12-19 23:59 . 2011-12-19 23:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-12-19 23:58 . 2011-12-19 23:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-12-19 23:58 . 2011-12-19 23:58 389840 ----a-w- c:\windows\system32\guard64.dll
    2011-12-19 23:58 . 2011-12-19 23:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
    2011-12-19 15:51 . 2011-12-19 15:51 -------- d-----w- c:\users\Bassett\AppData\Roaming\Malwarebytes
    2011-12-19 15:51 . 2011-12-19 15:51 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-19 15:51 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-19 15:51 . 2011-12-29 13:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-12-19 13:37 . 2011-12-19 13:37 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
    2011-12-19 13:36 . 2011-12-19 15:50 -------- d-----w- c:\programdata\Lavasoft
    2011-12-19 13:19 . 2011-12-19 13:19 2 --shatr- c:\windows\winstart.bat
    2011-12-19 13:19 . 2011-12-19 13:21 -------- d-----w- c:\program files (x86)\UnHackMe
    2011-12-19 11:57 . 2011-12-30 12:34 -------- d-----w- c:\users\Bassett\AppData\Local\Nero
    2011-12-19 11:57 . 2011-12-19 11:57 -------- d-----w- c:\users\Bassett\AppData\Roaming\Nero
    2011-12-19 11:36 . 2011-12-19 11:36 -------- d-----w- c:\program files (x86)\DW
    2011-12-19 11:36 . 2010-11-23 21:12 1579520 ----a-w- c:\windows\system32\drivers\athrx.sys
    2011-12-19 11:36 . 2010-11-23 21:12 1579520 ----a-w- c:\windows\system32\athrx.sys
    2011-12-19 11:31 . 2011-12-19 11:31 -------- d-----w- c:\program files (x86)\Common Files\Nero
    2011-12-19 11:30 . 2011-12-19 11:32 -------- d-----w- c:\program files (x86)\Nero
    2011-12-19 11:30 . 2011-12-19 11:33 -------- d-----w- c:\programdata\Nero
    2011-12-19 02:30 . 2011-12-25 23:13 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-12-19 01:45 . 2011-12-19 01:45 -------- d-----w- C:\$WINDOWS.~LS
    2011-12-19 01:44 . 2011-12-19 01:44 -------- d-----w- C:\$WINDOWS.~BT
    2011-12-18 22:10 . 2011-12-18 22:10 -------- d-----w- c:\users\Bassett\AppData\Roaming\Sammsoft
    2011-12-18 21:31 . 2011-12-25 21:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-12-16 18:06 . 2011-12-16 18:06 -------- d-----w- c:\programdata\EA Logs
    2011-12-15 04:20 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 04:20 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 04:20 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 04:20 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-12-15 04:20 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-15 04:20 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-12-14 12:59 . 2011-12-26 07:37 -------- d-----w- c:\users\Bassett\AppData\Local\Windows Live
    2011-12-13 20:18 . 2011-12-13 20:18 -------- d-----w- c:\users\Bassett\AppData\Local\ElevatedDiagnostics
    2011-12-12 14:10 . 2011-12-12 14:10 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2011-12-12 14:10 . 2011-12-12 14:10 82816 ----a-w- c:\users\Bassett\AppData\Roaming\pcouffin.sys
    2011-12-12 14:10 . 2011-12-12 14:11 -------- d-----w- c:\users\Bassett\AppData\Roaming\Vso
    2011-12-08 00:10 . 2011-12-08 13:50 -------- d-----w- c:\users\Bassett\AppData\Roaming\AVG
    2011-12-05 19:54 . 2007-08-21 18:32 98304 ----a-w- c:\windows\SysWow64\redmonnt.dll
    2011-12-05 19:54 . 2011-12-05 19:54 -------- d-----w- c:\program files (x86)\FoxTabPDFConverter
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-25 18:03 . 2011-04-14 19:18 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
    2011-11-19 11:40 . 2011-11-19 11:40 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
    2011-11-15 19:29 . 2011-09-04 22:39 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-19 02:27 . 2011-06-19 11:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-12 21:16 . 2011-10-12 21:16 66048 ----a-w- c:\windows\system32\OpenVideo64.dll
    2011-10-12 21:16 . 2011-10-12 21:16 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2011-10-12 21:16 . 2011-10-12 21:16 16787456 ----a-w- c:\windows\system32\amdocl64.dll
    2011-10-12 21:15 . 2011-10-12 21:15 13753856 ----a-w- c:\windows\SysWow64\amdocl.dll
    2011-10-12 21:14 . 2011-10-12 21:14 51200 ----a-w- c:\windows\system32\OpenCL.dll
    2011-10-12 21:14 . 2011-10-12 21:14 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-10-12 20:56 . 2011-10-12 20:56 10207232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-10-12 20:20 . 2011-10-12 20:20 24629760 ----a-w- c:\windows\system32\atio6axx.dll
    2011-10-12 20:14 . 2011-10-12 20:14 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-10-12 20:14 . 2011-04-08 03:44 736768 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-10-12 20:13 . 2011-04-08 03:44 867328 ----a-w- c:\windows\system32\aticfx64.dll
    2011-10-12 20:10 . 2011-10-12 20:10 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-10-12 20:10 . 2011-10-12 20:10 487936 ----a-w- c:\windows\system32\atieclxx.exe
    2011-10-12 20:09 . 2011-10-12 20:09 204288 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-10-12 20:08 . 2011-10-12 20:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-10-12 20:08 . 2011-10-12 20:08 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-10-12 20:08 . 2011-10-12 20:08 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-10-12 20:07 . 2011-10-12 20:07 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-10-12 20:07 . 2011-10-12 20:07 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2011-10-12 20:07 . 2011-10-12 20:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-10-12 20:07 . 2011-10-12 20:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-10-12 20:04 . 2011-04-08 03:44 4231680 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-10-12 20:04 . 2011-10-12 20:04 18630656 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-10-12 19:54 . 2011-04-08 03:44 4960768 ----a-w- c:\windows\system32\atidxx64.dll
    2011-10-12 19:46 . 2011-10-12 19:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-10-12 19:46 . 2011-10-12 19:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-10-12 19:46 . 2011-10-12 19:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-10-12 19:46 . 2011-10-12 19:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-10-12 19:45 . 2011-10-12 19:45 9877504 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-10-12 19:44 . 2011-10-12 19:44 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-10-12 19:44 . 2011-04-08 03:44 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-10-12 19:44 . 2011-10-12 19:44 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-10-12 19:44 . 2011-10-12 19:44 4023296 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-10-12 19:42 . 2011-10-12 19:42 8391680 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-10-12 19:39 . 2011-04-08 03:44 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-10-12 19:38 . 2011-10-12 19:38 5431808 ----a-w- c:\windows\system32\atiumd64.dll
    2011-10-12 19:33 . 2011-04-08 03:44 4174848 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-10-12 19:31 . 2011-10-12 19:31 479744 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-10-12 19:31 . 2011-10-12 19:31 335872 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-10-12 19:31 . 2011-10-12 19:31 17408 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-10-12 19:30 . 2011-10-12 19:30 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-10-12 19:30 . 2011-10-12 19:30 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-10-12 19:30 . 2011-10-12 19:30 317952 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-10-12 19:29 . 2011-04-08 03:44 40960 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-10-12 19:29 . 2011-04-08 03:44 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-10-12 19:29 . 2011-04-20 01:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-10-12 19:29 . 2011-04-08 03:44 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-10-12 19:28 . 2011-10-12 19:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2011-10-03 09:06 . 2011-04-08 01:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\windows\winstart.bat ---
    Company: ------
    File Description: ------
    File Version: ------
    Product Name: ------
    Copyright: ------
    Original Filename: ------
    File size: 2
    Created time: 2011-12-19 13:19
    Modified time: 2011-12-19 13:19
    MD5: 81051BCC2CF1BEDF378224B0A93E2877
    SHA1: BA8AB5A0280B953AA97435FF8946CBCBB2755A27
    .
    ---- Directory of C:\$WINDOWS.~BT ----
    .
    2011-12-19 01:46 . 2009-07-14 09:29 137216 ----a-r- c:\$windows.~bt\Sources\wmiutils.dll
    2011-12-19 01:46 . 2009-07-14 09:29 1682 ----a-r- c:\$windows.~bt\Sources\wmi_tracing.mof
    2011-12-19 01:46 . 2009-08-08 02:33 147968 ----a-r- c:\$windows.~bt\Sources\wdstptc.dll
    2011-12-19 01:46 . 2009-08-08 02:33 705536 ----a-r- c:\$windows.~bt\Sources\wdsimage.dll
    2011-12-19 01:46 . 2009-08-08 02:33 69120 ----a-r- c:\$windows.~bt\Sources\wdscsl.dll
    2011-12-19 01:46 . 2009-07-14 09:29 2758656 ----a-r- c:\$windows.~bt\Sources\wcp.dll
    2011-12-19 01:46 . 2009-07-14 09:29 1047 ----a-r- c:\$windows.~bt\Sources\wcmtypes.xsd
    2011-12-19 01:46 . 2009-07-14 09:29 43520 ----a-r- c:\$windows.~bt\Sources\wbemprox.dll
    2011-12-19 01:46 . 2009-07-14 09:29 1220096 ----a-r- c:\$windows.~bt\Sources\wbemcore.dll
    2011-12-19 01:46 . 2009-07-14 09:29 529920 ----a-r- c:\$windows.~bt\Sources\wbemcomn.dll
    2011-12-19 01:46 . 2009-07-14 09:29 94067 ----a-r- c:\$windows.~bt\Sources\upgwow_bulk.xml
    2011-12-19 01:46 . 2009-07-14 09:29 59673 ----a-r- c:\$windows.~bt\Sources\upgradeagent.xml
    2011-12-19 01:46 . 2009-07-14 09:29 3814912 ----a-r- c:\$windows.~bt\Sources\upgradeagent.dll
    2011-12-19 01:46 . 2009-07-14 09:29 167756 ----a-r- c:\$windows.~bt\Sources\upgrade_bulk.xml
    2011-12-19 01:46 . 2009-07-14 09:29 148480 ----a-r- c:\$windows.~bt\Sources\upgmxeagent.dll
    2011-12-19 01:46 . 2009-07-14 09:29 265728 ----a-r- c:\$windows.~bt\Sources\upghost.exe
    2011-12-19 01:46 . 2009-07-14 09:29 457216 ----a-r- c:\$windows.~bt\Sources\upgcsiagent.dll
    2011-12-19 01:46 . 2009-07-14 09:29 237568 ----a-r- c:\$windows.~bt\Sources\upgcmi2migxml.dll
    2011-12-19 01:46 . 2009-08-08 02:33 121856 ----a-r- c:\$windows.~bt\Sources\ssshim.dll
    2011-12-19 01:46 . 2009-07-14 09:29 123472 ----a-r- c:\$windows.~bt\Sources\sperr32.exe
    2011-12-19 01:46 . 2009-07-14 09:29 104448 ----a-r- c:\$windows.~bt\Sources\smipi.dll
    2011-12-19 01:46 . 2009-07-14 09:29 4386 ----a-r- c:\$windows.~bt\Sources\sfpatxp.inf
    2011-12-19 01:46 . 2009-07-14 09:29 3371 ----a-r- c:\$windows.~bt\Sources\sfpatw7.inf
    2011-12-19 01:46 . 2009-07-14 09:29 462 ----a-r- c:\$windows.~bt\Sources\sfpatpg.inf
    2011-12-19 01:46 . 2009-07-14 09:29 9665 ----a-r- c:\$windows.~bt\Sources\sfpatlh.inf
    2011-12-19 01:46 . 2009-07-14 09:29 10457 ----a-r- c:\$windows.~bt\Sources\sfpat.inf
    2011-12-19 01:46 . 2009-07-14 09:29 1445052 ----a-r- c:\$windows.~bt\Sources\sflistxp.dat
    2011-12-19 01:46 . 2009-07-14 09:29 2119152 ----a-r- c:\$windows.~bt\Sources\sflistw7.dat
    2011-12-19 01:46 . 2009-07-14 09:29 3225610 ----a-r- c:\$windows.~bt\Sources\sflistlh.dat
    2011-12-19 01:46 . 2009-07-14 09:29 1644 ----a-r- c:\$windows.~bt\Sources\sflcid.dat
    2011-12-19 01:46 . 2009-07-14 09:29 1824 ----a-r- c:\$windows.~bt\Sources\sfcn.dat
    2011-12-19 01:46 . 2009-07-14 09:29 235008 ----a-r- c:\$windows.~bt\Sources\servicingstackmisc\apss.dll
    2011-12-19 01:46 . 2009-07-14 09:29 276480 ----a-r- c:\$windows.~bt\Sources\servicingstackmisc\apircl.dll
    2011-12-19 01:46 . 2009-07-14 09:29 2172928 ----a-r- c:\$windows.~bt\Sources\servicingstackmisc\apds.dll
    2011-12-19 01:46 . 2009-07-14 09:29 199680 ----a-r- c:\$windows.~bt\Sources\servicing\0.0.0.1\xmllite.dll
    2011-12-19 01:46 . 2009-08-08 02:33 113152 ----a-r- c:\$windows.~bt\Sources\rollback.exe
    2011-12-19 01:46 . 2009-07-14 09:29 2147 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\wsrm-service-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1867 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\wmi-core-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 4136 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\wmdmigration-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 5929 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\windowssearchengine-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 78336 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\windowssearchengine\wsearchmigplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 973 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\windows-markettheme-mctadmin-component-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 860 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\wcf-nonhttp-activation-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 850 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\wcf-http-activation-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 2985 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\vsssystemprovider-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 4120 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\vssservice-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1786 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\virtualdiskservice-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 642 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\usbmigplugin-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 79872 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\usb\usbmigplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 786 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\terminalservices-sbmgr-snapin-non_msil-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1083 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\terminalservices-rapwebpart-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1136 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\terminalservices-manager-snapin-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1488 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\terminalservices-licenseserver-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1134 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\terminalservices-appserver-licensing-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 16292 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\tcpip-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1928 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\tabletpcstickynotes-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 15619 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\tabletpcplatforminput-core-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 11121 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\tabletpc-uihub-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1700 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\sysmain-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1446 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\sysdm-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 918 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\suacore-wow64-rm.man
    2011-12-19 01:46 . 2009-07-14 09:29 1416 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\stickynotes-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 2410 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\srm-ui-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2827 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\srm-service-reports-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 4084 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\srm-service-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2590 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\srm-quotadriver-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2621 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\srm-datascrndriver-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2330 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\sounds-migration-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1122 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\shmig-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 763 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\servercore-wow64-rm.man
    2011-12-19 01:46 . 2009-07-14 09:29 777 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\servercore-ea-ime-wow64-rm.man
    2011-12-19 01:46 . 2009-07-14 09:29 4460 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\rights-management-client-v1-api-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 2767 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\rasppp-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1791 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\rasmanservice-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 5625 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\rasapi-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1475 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\provsvc-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 2042 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\propsys-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 930 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\printing-servercore-wow64-rm.man
    2011-12-19 01:46 . 2009-07-14 09:29 1220 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\printing-localprinting-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 652 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\powermanagement-powerpolicy-migration-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1437 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\powermanagement-powerpolicy-definitions-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1193 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\nfs-servercore-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1199 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\nfs-clientcore-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1277 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\nfs-admincore-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 3026 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\ndis-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1376 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\mmsys-migration-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 711 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft.windows.servermanager-non_msil-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 865 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-wcfcorecomp-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 103424 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-terminalservices-licenseserver\tlsrepplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 132096 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-terminalservices-appserver-licensing\tsmigplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 103424 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-shmig\shmig.dll
    2011-12-19 01:46 . 2009-07-14 09:29 2075 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-securestartup-filterdriver-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 111104 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-power-policy\powermigplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 2588 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-offlinefiles-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 2560 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-offlinefiles-core\en-us\cscmig.dll.mui
    2011-12-19 01:46 . 2009-07-14 09:29 137216 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-offlinefiles-core\cscmig.dll
    2011-12-19 01:46 . 2009-07-14 09:29 45408 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-netfxcorecomp-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 911 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-netfx35cdfcomp-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 166912 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-ndis\ndismigplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 331264 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-iis-rm\iismig.dll
    2011-12-19 01:46 . 2009-07-14 09:29 33037 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-ie-internetexplorer-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 6522 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-ie-adminkitbranding-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 23552 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-gameuxmig\gameuxmig.dll
    2011-12-19 01:46 . 2009-07-14 09:29 3998 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-fax-service-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 86016 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-bth-user\bthmigplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 76288 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-windows-audio-mmecore-other\audmigplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 100352 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-international-core\nlscoremig.dll
    2011-12-19 01:46 . 2009-07-14 09:29 1938 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-hyper-v-migration-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1158 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-hyper-v-drivers-migration-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1322 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-hyper-v-client-migration-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 241664 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-hyper-v\vmswitchmigrationplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 85504 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\microsoft-activedirectory-webservices\adwsmigrate.dll
    2011-12-19 01:46 . 2009-07-14 09:29 3515 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\ipv4ipv6coexistencemigration-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 10581 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\international-core-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1003 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\iis-webdav-rm.man
    2011-12-19 01:46 . 2009-07-14 09:29 1548 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\iis-sharedlibraries-rm.man
    2011-12-19 01:46 . 2009-07-14 09:29 1037 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\iis-powershellprovider-rm.man
    2011-12-19 01:46 . 2009-07-14 09:29 1229 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\iis-ftpsvc-rm.man
    2011-12-19 01:46 . 2009-07-14 09:29 1029 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\iis-ftpextensibility-rm.man
    2011-12-19 01:46 . 2009-07-14 09:29 954 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\gameuxmig-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1390 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\fundisc-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1393 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\fonts-type1-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 929 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\failovercluster-core-wow64-rm.man
    2011-12-19 01:46 . 2009-07-14 09:29 3019 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\extensibleauthenticationprotocolhostservice-rep.man
    2011-12-19 01:46 . 2009-07-14 09:29 2057 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\eudcedit-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 3119 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\ehome-reg-inf_repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 12795 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\dhcpservermigplugin-rep.man
    2011-12-19 01:46 . 2009-07-14 09:29 4049 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\dhcpclientdll-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 10732 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\capi2_certs-repl.man
    2011-12-19 01:46 . 2009-07-14 09:29 853 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\bthmig-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 6328 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\authui-migration-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1133 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\audiommecore-other-migration-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 11951 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\application-experience-program-compatibility-assistant-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 1704 ----a-r- c:\$windows.~bt\Sources\replacementmanifests\activedirectory-webservices-replacement.man
    2011-12-19 01:46 . 2009-07-14 09:29 451584 ----a-r- c:\$windows.~bt\Sources\repdrvfs.dll
    2011-12-19 01:46 . 2009-07-14 09:29 138745 ----a-r- c:\$windows.~bt\Sources\readme.rtf
    2011-12-19 01:46 . 2009-07-14 09:29 21026 ----a-r- c:\$windows.~bt\Sources\osfilter.inf
    2011-12-19 01:46 . 2009-07-14 09:29 587704 ----a-r- c:\$windows.~bt\Sources\oscomps.xml
    2011-12-19 01:46 . 2009-07-14 09:29 36786 ----a-r- c:\$windows.~bt\Sources\offline.xml
    2011-12-19 01:46 . 2009-07-14 09:29 222208 ----a-r- c:\$windows.~bt\Sources\oemhelpins.dll
    2011-12-19 01:46 . 2009-07-14 09:29 46592 ----a-r- c:\$windows.~bt\Sources\mspatcha.dll
    2011-12-19 01:46 . 2009-07-14 09:29 799744 ----a-r- c:\$windows.~bt\Sources\msftedit.dll
    2011-12-19 01:46 . 2009-07-14 09:29 451584 ----a-r- c:\$windows.~bt\Sources\msdelta.dll
    2011-12-19 01:46 . 2009-07-14 09:29 76288 ----a-r- c:\$windows.~bt\Sources\mofinstall.dll
    2011-12-19 01:46 . 2009-07-14 09:29 278528 ----a-r- c:\$windows.~bt\Sources\mofd.dll
    2011-12-19 01:46 . 2009-08-08 02:33 107008 ----a-r- c:\$windows.~bt\Sources\logprovider.dll
    2011-12-19 01:46 . 2009-07-14 09:29 370176 ----a-r- c:\$windows.~bt\Sources\locdrv.dll
    2011-12-19 01:46 . 2009-07-14 09:29 998991 ----a-r- c:\$windows.~bt\Sources\install_Windows 7 ULTIMATE.clg
    2011-12-19 01:46 . 2009-07-14 09:29 998117 ----a-r- c:\$windows.~bt\Sources\install_Windows 7 PROFESSIONAL.clg
    2011-12-19 01:46 . 2009-07-14 09:29 995697 ----a-r- c:\$windows.~bt\Sources\install_Windows 7 HOMEPREMIUM.clg
    2011-12-19 01:46 . 2009-07-14 09:29 976554 ----a-r- c:\$windows.~bt\Sources\install_Windows 7 HOMEBASIC.clg
    2011-12-19 01:46 . 2009-08-08 02:33 120 ----a-r- c:\$windows.~bt\Sources\idwbinfo.txt
    2011-12-19 01:46 . 2009-07-14 09:29 141824 ----a-r- c:\$windows.~bt\Sources\helpcins.dll
    2011-12-19 01:46 . 2009-07-14 09:29 1973029 ----a-r- c:\$windows.~bt\Sources\globalinstallorder.xml
    2011-12-19 01:46 . 2009-08-08 02:33 53760 ----a-r- c:\$windows.~bt\Sources\folderprovider.dll
    2011-12-19 01:46 . 2009-07-14 09:29 909312 ----a-r- c:\$windows.~bt\Sources\fastprox.dll
    2011-12-19 01:46 . 2009-07-14 09:29 6656 ----a-r- c:\$windows.~bt\Sources\etwproviders\winsetupetw.dll
    2011-12-19 01:46 . 2009-07-14 09:29 3584 ----a-r- c:\$windows.~bt\Sources\etwproviders\windeployetw.dll
    2011-12-19 01:46 . 2009-07-14 09:29 4096 ----a-r- c:\$windows.~bt\Sources\etwproviders\sysprepetw.dll
    2011-12-19 01:46 . 2009-07-14 09:29 4096 ----a-r- c:\$windows.~bt\Sources\etwproviders\setupugcetw.dll
    2011-12-19 01:46 . 2009-07-14 09:29 5120 ----a-r- c:\$windows.~bt\Sources\etwproviders\setupetw.dll
    2011-12-19 01:46 . 2009-07-14 09:29 5632 ----a-r- c:\$windows.~bt\Sources\etwproviders\setupcletw.dll
    2011-12-19 01:46 . 2009-07-14 09:29 4096 ----a-r- c:\$windows.~bt\Sources\etwproviders\oobeldretw.dll
    2011-12-19 01:46 . 2009-07-14 09:29 6868 ----a-r- c:\$windows.~bt\Sources\etwproviders\etwproviderinstall.vbs
    2011-12-19 01:46 . 2009-07-14 09:29 51712 ----a-r- c:\$windows.~bt\Sources\etwproviders\en-us\winsetupetw.dll.mui
    2011-12-19 01:46 . 2009-07-14 09:29 3072 ----a-r- c:\$windows.~bt\Sources\etwproviders\en-us\windeployetw.dll.mui
    2011-12-19 01:46 . 2009-07-14 09:29 3072 ----a-r- c:\$windows.~bt\Sources\etwproviders\en-us\sysprepetw.dll.mui
    2011-12-19 01:46 . 2009-07-14 09:29 3072 ----a-r- c:\$windows.~bt\Sources\etwproviders\en-us\setupugcetw.dll.mui
    2011-12-19 01:46 . 2009-07-14 09:29 3584 ----a-r- c:\$windows.~bt\Sources\etwproviders\en-us\setupetw.dll.mui
    2011-12-19 01:46 . 2009-07-14 09:29 4608 ----a-r- c:\$windows.~bt\Sources\etwproviders\en-us\setupcletw.dll.mui
    2011-12-19 01:46 . 2009-07-14 09:29 3072 ----a-r- c:\$windows.~bt\Sources\etwproviders\en-us\oobeldretw.dll.mui
    2011-12-19 01:46 . 2009-07-14 09:29 4096 ----a-r- c:\$windows.~bt\Sources\etwproviders\en-us\cmisetupetw.dll.mui
    2011-12-19 01:46 . 2009-07-14 09:29 3072 ----a-r- c:\$windows.~bt\Sources\etwproviders\en-us\auditetw.dll.mui
    2011-12-19 01:46 . 2009-07-14 09:29 3072 ----a-r- c:\$windows.~bt\Sources\etwproviders\en-us\actionqueueetw.dll.mui
    2011-12-19 01:46 . 2009-07-14 09:29 3584 ----a-r- c:\$windows.~bt\Sources\etwproviders\cmisetupetw.dll
    2011-12-19 01:46 . 2009-07-14 09:29 4096 ----a-r- c:\$windows.~bt\Sources\etwproviders\auditetw.dll
    2011-12-19 01:46 . 2009-07-14 09:29 4096 ----a-r- c:\$windows.~bt\Sources\etwproviders\actionqueueetw.dll
    2011-12-19 01:46 . 2009-07-14 09:29 440320 ----a-r- c:\$windows.~bt\Sources\esscli.dll
    2011-12-19 01:46 . 2009-07-14 09:29 10883 ----a-r- c:\$windows.~bt\Sources\envmig.xml
    2011-12-19 01:46 . 2009-05-08 21:59 52 ----a-r- c:\$windows.~bt\Sources\ei.cfg
    2011-12-19 01:46 . 2009-07-14 09:29 203776 ----a-r- c:\$windows.~bt\Sources\drupdate.dll
    2011-12-19 01:46 . 2009-07-14 09:29 399360 ----a-r- c:\$windows.~bt\Sources\dpx.dll
    2011-12-19 01:46 . 2009-07-14 09:29 26373 ----a-r- c:\$windows.~bt\Sources\dlmanifests\wsrm-service-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1779 ----a-r- c:\$windows.~bt\Sources\dlmanifests\wsinfra-upgrade-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1811 ----a-r- c:\$windows.~bt\Sources\dlmanifests\workstationservice-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1391 ----a-r- c:\$windows.~bt\Sources\dlmanifests\wmi-snmp-provider-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2372 ----a-r- c:\$windows.~bt\Sources\dlmanifests\wmi-core-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1381 ----a-r- c:\$windows.~bt\Sources\dlmanifests\wirelessnetworking-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2346 ----a-r- c:\$windows.~bt\Sources\dlmanifests\winlogon-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2863 ----a-r- c:\$windows.~bt\Sources\dlmanifests\winhttp60-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 5748 ----a-r- c:\$windows.~bt\Sources\dlmanifests\windowssearchengine-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 12071 ----a-r- c:\$windows.~bt\Sources\dlmanifests\win32k-settings-dl.man
    Starmie, Dec 30, 2011
    #22

  3. Starmie Newcomer, in training

    Combofix Pt. 2

    c:\$windows.~bt\Sources\dlmanifests\webenroll-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 3770 ----a-r- c:\$windows.~bt\Sources\dlmanifests\webdavredir-mrxdav-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2553 ----a-r- c:\$windows.~bt\Sources\dlmanifests\webdavredir-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1914 ----a-r- c:\$windows.~bt\Sources\dlmanifests\web-services-for-management-core-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 20163 ----a-r- c:\$windows.~bt\Sources\dlmanifests\wds-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1403 ----a-r- c:\$windows.~bt\Sources\dlmanifests\wcf-nonhttp-activation-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1452 ----a-r- c:\$windows.~bt\Sources\dlmanifests\wcf-http-activation-postapply-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2018 ----a-r- c:\$windows.~bt\Sources\dlmanifests\wcf-http-activation-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1050 ----a-r- c:\$windows.~bt\Sources\dlmanifests\vsssystemprovider-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1577 ----a-r- c:\$windows.~bt\Sources\dlmanifests\vss-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1694 ----a-r- c:\$windows.~bt\Sources\dlmanifests\virtualdiskservice-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2015 ----a-r- c:\$windows.~bt\Sources\dlmanifests\video-tvvideocontrol-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2148 ----a-r- c:\$windows.~bt\Sources\dlmanifests\upnpssdp-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2304 ----a-r- c:\$windows.~bt\Sources\dlmanifests\upnpdevicehost-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1655 ----a-r- c:\$windows.~bt\Sources\dlmanifests\upnpcontrolpoint-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1460 ----a-r- c:\$windows.~bt\Sources\dlmanifests\unimodem-config-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 4441 ----a-r- c:\$windows.~bt\Sources\dlmanifests\time-service-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1207 ----a-r- c:\$windows.~bt\Sources\dlmanifests\themeui-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2285 ----a-r- c:\$windows.~bt\Sources\dlmanifests\textservicesframework-migration-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1919 ----a-r- c:\$windows.~bt\Sources\dlmanifests\terminalservices-terminalservicesclient-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2453 ----a-r- c:\$windows.~bt\Sources\dlmanifests\terminalservices-sessiondirectory-server-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2240 ----a-r- c:\$windows.~bt\Sources\dlmanifests\terminalservices-sessiondirectory-client-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1438 ----a-r- c:\$windows.~bt\Sources\dlmanifests\terminalservices-remoteconnectionmanager-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 20863 ----a-r- c:\$windows.~bt\Sources\dlmanifests\terminalservices-rdp-winstationextensions-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1438 ----a-r- c:\$windows.~bt\Sources\dlmanifests\terminalservices-localsessionmanager-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2117 ----a-r- c:\$windows.~bt\Sources\dlmanifests\terminalservices-licenseserver-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1277 ----a-r- c:\$windows.~bt\Sources\dlmanifests\terminalservices-drivers-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1305 ----a-r- c:\$windows.~bt\Sources\dlmanifests\terminalservices-appserver-licensing-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1573 ----a-r- c:\$windows.~bt\Sources\dlmanifests\terminalservices-appserver-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 5229 ----a-r- c:\$windows.~bt\Sources\dlmanifests\telnet-server-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2196 ----a-r- c:\$windows.~bt\Sources\dlmanifests\telnet-client-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 12003 ----a-r- c:\$windows.~bt\Sources\dlmanifests\tcpip-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 9080 ----a-r- c:\$windows.~bt\Sources\dlmanifests\tabletpcplatforminput-core-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 8752 ----a-r- c:\$windows.~bt\Sources\dlmanifests\tabletpcjournal-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1778 ----a-r- c:\$windows.~bt\Sources\dlmanifests\tabletpcinputpanel-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1737 ----a-r- c:\$windows.~bt\Sources\dlmanifests\tabletpc-tabbtn-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 5040 ----a-r- c:\$windows.~bt\Sources\dlmanifests\sua-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 4817 ----a-r- c:\$windows.~bt\Sources\dlmanifests\srm-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2506 ----a-r- c:\$windows.~bt\Sources\dlmanifests\speechcommon-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2407 ----a-r- c:\$windows.~bt\Sources\dlmanifests\snmp-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2764 ----a-r- c:\$windows.~bt\Sources\dlmanifests\snis-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1180 ----a-r- c:\$windows.~bt\Sources\dlmanifests\smtpsvc-service-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1164 ----a-r- c:\$windows.~bt\Sources\dlmanifests\smtpsvc-admin-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2064 ----a-r- c:\$windows.~bt\Sources\dlmanifests\smss-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 14133 ----a-r- c:\$windows.~bt\Sources\dlmanifests\smbserver-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 3727 ----a-r- c:\$windows.~bt\Sources\dlmanifests\smartcardsubsystem-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 965 ----a-r- c:\$windows.~bt\Sources\dlmanifests\simpletcp-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1288 ----a-r- c:\$windows.~bt\Sources\dlmanifests\shutdown-event-tracker-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1686 ----a-r- c:\$windows.~bt\Sources\dlmanifests\shmig-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 6122 ----a-r- c:\$windows.~bt\Sources\dlmanifests\shell32-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1079 ----a-r- c:\$windows.~bt\Sources\dlmanifests\security-ntlm-lmc.man
    2011-12-19 01:46 . 2009-07-14 09:29 1458 ----a-r- c:\$windows.~bt\Sources\dlmanifests\security-ntlm-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 803 ----a-r- c:\$windows.~bt\Sources\dlmanifests\security-kerberos-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 803 ----a-r- c:\$windows.~bt\Sources\dlmanifests\security-digest-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1923 ----a-r- c:\$windows.~bt\Sources\dlmanifests\schedsvc-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1461 ----a-r- c:\$windows.~bt\Sources\dlmanifests\schannel-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1762 ----a-r- c:\$windows.~bt\Sources\dlmanifests\sanmmc-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1973 ----a-r- c:\$windows.~bt\Sources\dlmanifests\rpc-remote-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1859 ----a-r- c:\$windows.~bt\Sources\dlmanifests\rpc-local-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1399 ----a-r- c:\$windows.~bt\Sources\dlmanifests\rpc-http_proxy-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1652 ----a-r- c:\$windows.~bt\Sources\dlmanifests\rpc-http-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 3265 ----a-r- c:\$windows.~bt\Sources\dlmanifests\rights-management-services-server-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 3288 ----a-r- c:\$windows.~bt\Sources\dlmanifests\rights-management-client-v1-api-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2013 ----a-r- c:\$windows.~bt\Sources\dlmanifests\remoteassistance-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1314 ----a-r- c:\$windows.~bt\Sources\dlmanifests\rasserveroc-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 15374 ----a-r- c:\$windows.~bt\Sources\dlmanifests\rasservermigplugin-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 938 ----a-r- c:\$windows.~bt\Sources\dlmanifests\rasmanservice-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2354 ----a-r- c:\$windows.~bt\Sources\dlmanifests\rasconnectionmanager-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1476 ----a-r- c:\$windows.~bt\Sources\dlmanifests\rascmak-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1754 ----a-r- c:\$windows.~bt\Sources\dlmanifests\rasapi-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 3007 ----a-r- c:\$windows.~bt\Sources\dlmanifests\psync-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1544 ----a-r- c:\$windows.~bt\Sources\dlmanifests\pstore_data-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1986 ----a-r- c:\$windows.~bt\Sources\dlmanifests\propsys-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2260 ----a-r- c:\$windows.~bt\Sources\dlmanifests\printing-spooler-networkclient-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2568 ----a-r- c:\$windows.~bt\Sources\dlmanifests\printing-spooler-core-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1709 ----a-r- c:\$windows.~bt\Sources\dlmanifests\performancecounterinfrastructureconsumer-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1436 ----a-r- c:\$windows.~bt\Sources\dlmanifests\performancecounterinfrastructure-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1727 ----a-r- c:\$windows.~bt\Sources\dlmanifests\peertopeerpnrp-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1190 ----a-r- c:\$windows.~bt\Sources\dlmanifests\peertopeeridmanager-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1522 ----a-r- c:\$windows.~bt\Sources\dlmanifests\peertopeergrouping-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1385 ----a-r- c:\$windows.~bt\Sources\dlmanifests\peertopeergraphing-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1391 ----a-r- c:\$windows.~bt\Sources\dlmanifests\peertopeerbase-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1186 ----a-r- c:\$windows.~bt\Sources\dlmanifests\peertopeeradmin-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1045 ----a-r- c:\$windows.~bt\Sources\dlmanifests\partmgr-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2001 ----a-r- c:\$windows.~bt\Sources\dlmanifests\openrpc-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1871 ----a-r- c:\$windows.~bt\Sources\dlmanifests\openportmapper-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2947 ----a-r- c:\$windows.~bt\Sources\dlmanifests\odbc32dll-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 4092 ----a-r- c:\$windows.~bt\Sources\dlmanifests\ntoskrnl-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2637 ----a-r- c:\$windows.~bt\Sources\dlmanifests\ntfs-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2803 ----a-r- c:\$windows.~bt\Sources\dlmanifests\nfs-servercore-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2759 ----a-r- c:\$windows.~bt\Sources\dlmanifests\nfs-clientcore-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2792 ----a-r- c:\$windows.~bt\Sources\dlmanifests\nfs-admincore-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2830 ----a-r- c:\$windows.~bt\Sources\dlmanifests\networkloadbalancingfullserver-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 3926 ----a-r- c:\$windows.~bt\Sources\dlmanifests\networking-mpssvc-svc-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 108544 ----a-r- c:\$windows.~bt\Sources\dlmanifests\networking-mpssvc-svc\icfupgd.dll
    2011-12-19 01:46 . 2009-07-14 09:29 2284 ----a-r- c:\$windows.~bt\Sources\dlmanifests\networkaccessprotection-agent-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2053 ----a-r- c:\$windows.~bt\Sources\dlmanifests\netlogon-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1423 ----a-r- c:\$windows.~bt\Sources\dlmanifests\netfx3-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2514 ----a-r- c:\$windows.~bt\Sources\dlmanifests\ndis-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1533 ----a-r- c:\$windows.~bt\Sources\dlmanifests\mup-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1934 ----a-r- c:\$windows.~bt\Sources\dlmanifests\muisettings-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1749 ----a-r- c:\$windows.~bt\Sources\dlmanifests\msmq-triggers-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1451 ----a-r- c:\$windows.~bt\Sources\dlmanifests\msmq-routing-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1544 ----a-r- c:\$windows.~bt\Sources\dlmanifests\msmq-multicast-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 6789 ----a-r- c:\$windows.~bt\Sources\dlmanifests\msmq-messagingcoreservice-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2282 ----a-r- c:\$windows.~bt\Sources\dlmanifests\msmq-http-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1546 ----a-r- c:\$windows.~bt\Sources\dlmanifests\msmq-domain-ic-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1697 ----a-r- c:\$windows.~bt\Sources\dlmanifests\msmq-dcom-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1230 ----a-r- c:\$windows.~bt\Sources\dlmanifests\mpr-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 8198 ----a-r- c:\$windows.~bt\Sources\dlmanifests\migrationdisplaygroups-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1892 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoftwindowssystemrestore-main-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 4147 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft.windows.com.dtc.setup-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2365 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft.windows.com.complus.setup.dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1686 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft.windows.com.base-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 445440 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-wmi-core\wmimigrationplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 1605 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-wlansvc-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 199168 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-winsock-core-infrastructure-upgrade\wsupgrade.dll
    2011-12-19 01:46 . 2009-07-14 09:29 5421 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-wcfcorecomp-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1644 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-was-processmodel-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1660 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-was-netfxenvironment-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 1660 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-was-configurationapi-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2591 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-wab-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 155136 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-unimodem-config\modemmigplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 40960 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-textservicesframework-migration-dl\tabletextservicemig.dll
    2011-12-19 01:46 . 2009-07-14 09:29 199168 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-textservicesframework-migration-dl\msctfmig.dll
    2011-12-19 01:46 . 2009-07-14 09:29 24064 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-textservicesframework-migration-dl\imtcmig.dll
    2011-12-19 01:46 . 2009-07-14 09:29 36864 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-textservicesframework-migration-dl\imscmig.dll
    2011-12-19 01:46 . 2009-07-14 09:29 47104 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-textservicesframework-migration-dl\imkrmig.dll
    2011-12-19 01:46 . 2009-07-14 09:29 40448 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-textservicesframework-migration-dl\imjpmig.dll
    2011-12-19 01:46 . 2009-07-14 09:29 103424 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-terminalservices-licenseserver\tlsmigplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 1320 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-terminalservices-clientactivexcore-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 2587 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-tapisetup-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 103936 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-tapisetup\tapimigplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 1210 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-sxs-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 120832 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-sxs\sxsmigplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 9567 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-storagemigration-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 231424 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-storagemigration\stormigplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 2048 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-storagemigration\en-us\stormigplugin.dll.mui
    2011-12-19 01:46 . 2009-07-14 09:29 1293 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-smbhashgeneration-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 103424 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-shmig-dl\shmig.dll
    2011-12-19 01:46 . 2009-07-14 09:29 2028 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-sharedaccess-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 155136 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-rasserver-migplugin\rasmigplugin.dll
    2011-12-19 01:46 . 2009-07-14 09:29 64000 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-rasconnectionmanager\cmmigr.dll
    2011-12-19 01:46 . 2009-07-14 09:29 105472 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-performancecounterinfrastructureconsumer-dl\plamig.dll
    2011-12-19 01:46 . 2009-07-14 09:29 135168 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-performancecounterinfrastructure-dl\cntrtextmig.dll
    2011-12-19 01:46 . 2009-07-14 09:29 5073 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-offlinefiles-dl.man
    2011-12-19 01:46 . 2009-07-14 09:29 117760 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-offlinefiles-dl\cscmigdl.dll
    2011-12-19 01:45 . 2009-07-14 09:29 166400 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-networkloadbalancing-core\nlbmigplugin.dll
    2011-12-19 01:45 . 2009-07-14 09:29 1797 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-networkbridge-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 82432 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-networkbridge\bridgemigplugin.dll
    2011-12-19 01:45 . 2009-07-14 09:29 45526 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-netfxcorecomp-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1273 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-netfx35cdfcomp-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 9028 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-netfx35-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 166912 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-ndis\ndismigplugin.dll
    2011-12-19 01:45 . 2009-07-14 09:29 137728 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-msmq-messagingcoreservice\mqmigplugin.dll
    2011-12-19 01:45 . 2009-07-14 09:29 4444 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-mediaplayer-migration-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 495104 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-mediaplayer-drm-dl\drmmgrtn.dll
    2011-12-19 01:45 . 2009-07-14 09:29 2039 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-mail-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 74752 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-internet-naming-service-runtime\winsplgn.dll
    2011-12-19 01:45 . 2009-07-14 09:29 100352 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-international-core-dl\nlscoremig.dll
    2011-12-19 01:45 . 2009-07-14 09:29 1652 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-wmicompatibility-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1672 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-windowsauthentication-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1648 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-urlauthorization-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1640 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-staticcontent-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1662 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-serversideincludes-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1644 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-requestmonitor-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1652 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-requestfiltering-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1632 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-odbclogging-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1585 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-netfxextensibility-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2720 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-metabase-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1656 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-managementservice-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1686 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-managementscriptingtools-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1562 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-managementconsole-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1652 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-logginglibraries-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1544 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-legacysnapin-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1640 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-legacyscripts-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1632 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-isapifilter-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1648 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-isapiextensions-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1628 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-ipsecurity-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1732 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-iiscertificatemappingauthentication-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1632 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-httptracing-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1636 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-httpredirect-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1632 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-httplogging-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1628 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-httperrors-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1674 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-httpcompressionstatic-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1678 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-httpcompressiondynamic-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1624 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-ftpserver-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 331264 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-dl\iismig.dll
    2011-12-19 01:45 . 2009-07-14 09:29 1656 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-directorybrowsing-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1668 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-digestauthentication-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1648 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-defaultdocument-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1640 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-customlogging-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1461 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-corewebengine-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1744 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-clientcertificatemappingauthentication-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1598 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-cgi-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1664 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-basicauthentication-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1561 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-aspnet-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1598 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iis-asp-deployment-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 12749 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-ie-internetexplorer-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2339 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-ie-feeds-platform-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1927 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-ie-esc-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 20014 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-ie-clientnetworkprotocolimplementation-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 95232 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-ie-clientnetworkprotocolimplementation\wininetplugin.dll
    2011-12-19 01:45 . 2009-07-14 09:29 2261 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-icm-profiles-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 491520 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iasserver-migplugin\iasmigreader.exe
    2011-12-19 01:45 . 2009-07-14 09:29 629760 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-iasserver-migplugin\iasmigplugin.dll
    2011-12-19 01:45 . 2009-07-14 09:29 1789 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-htmlhelp-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 7636 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-fax-service-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1855 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-fax-server-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 4829 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-fax-common-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1831 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-fax-client-proenterprise-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 3768 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-fax-client-applications-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2226 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-dot3svc-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 128000 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-directoryservices-adam-dl\adammigrate.dll
    2011-12-19 01:45 . 2009-07-14 09:29 135680 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-dhcpservermigplugin-dl\dhcpsrvmigplugin.dll
    2011-12-19 01:45 . 2009-07-14 09:29 2672 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-dfsr-core-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 67072 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-com-dtc-setup-dl\msdtcstp.dll
    2011-12-19 01:45 . 2009-07-14 09:29 59392 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-com-complus-setup-dl\commig.dll
    2011-12-19 01:45 . 2009-07-14 09:29 1721 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-certificateservices-mscep-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1439 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-certificateservices-camanagement-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1865 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-certificateservices-ca-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 86016 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-bluetooth-config\bthmigplugin.dll
    2011-12-19 01:45 . 2009-07-14 09:29 1614 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-bits-client-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 90112 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-windows-adfs-dl\adfsmig.dll
    2011-12-19 01:45 . 2009-07-14 09:29 85504 ----a-r- c:\$windows.~bt\Sources\dlmanifests\microsoft-activedirectory-webservices-dl\adwsmigrate.dll
    2011-12-19 01:45 . 2009-07-14 09:29 1015 ----a-r- c:\$windows.~bt\Sources\dlmanifests\mediaserver-multicast-migration-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2446 ----a-r- c:\$windows.~bt\Sources\dlmanifests\mediaserver-migration-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1037 ----a-r- c:\$windows.~bt\Sources\dlmanifests\mediaserver-aspadmin-migration-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1390 ----a-r- c:\$windows.~bt\Sources\dlmanifests\ldap-client-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2062 ----a-r- c:\$windows.~bt\Sources\dlmanifests\kerberos-key-distribution-center-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1745 ----a-r- c:\$windows.~bt\Sources\dlmanifests\isns_service-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2367 ----a-r- c:\$windows.~bt\Sources\dlmanifests\ipsec-svc-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 5546 ----a-r- c:\$windows.~bt\Sources\dlmanifests\internet-naming-service-runtime-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 17347 ----a-r- c:\$windows.~bt\Sources\dlmanifests\international-timezones-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 3468 ----a-r- c:\$windows.~bt\Sources\dlmanifests\international-core-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1534 ----a-r- c:\$windows.~bt\Sources\dlmanifests\ime-traditional-chinese-migration-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1424 ----a-r- c:\$windows.~bt\Sources\dlmanifests\ime-simplified-chinese-migration-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1085 ----a-r- c:\$windows.~bt\Sources\dlmanifests\ieframe-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 4109 ----a-r- c:\$windows.~bt\Sources\dlmanifests\iasmigplugin-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1263 ----a-r- c:\$windows.~bt\Sources\dlmanifests\http-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1591 ----a-r- c:\$windows.~bt\Sources\dlmanifests\grouppolicy-serveradmintools-gpmc-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1923 ----a-r- c:\$windows.~bt\Sources\dlmanifests\grouppolicy-cse-softwareinstallation-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1454 ----a-r- c:\$windows.~bt\Sources\dlmanifests\grouppolicy-admin-gpedit-snapin-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1444 ----a-r- c:\$windows.~bt\Sources\dlmanifests\grouppolicy-admin-gpedit-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1509 ----a-r- c:\$windows.~bt\Sources\dlmanifests\gpmgmt-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1383 ----a-r- c:\$windows.~bt\Sources\dlmanifests\gpmc-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 7121 ----a-r- c:\$windows.~bt\Sources\dlmanifests\gpbase-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 4453 ----a-r- c:\$windows.~bt\Sources\dlmanifests\frs-core-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 788 ----a-r- c:\$windows.~bt\Sources\dlmanifests\fonts-type1-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1613 ----a-r- c:\$windows.~bt\Sources\dlmanifests\feclient-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1617 ----a-r- c:\$windows.~bt\Sources\dlmanifests\extensibleauthenticationprotocolhostservice-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2571 ----a-r- c:\$windows.~bt\Sources\dlmanifests\explorer-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1969 ----a-r- c:\$windows.~bt\Sources\dlmanifests\evntagnt-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1729 ----a-r- c:\$windows.~bt\Sources\dlmanifests\eventlog-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1632 ----a-r- c:\$windows.~bt\Sources\dlmanifests\eventcollector-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1573 ----a-r- c:\$windows.~bt\Sources\dlmanifests\eudcedit-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1380 ----a-r- c:\$windows.~bt\Sources\dlmanifests\etw-core-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1166 ----a-r- c:\$windows.~bt\Sources\dlmanifests\errorreportingfaults-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1938 ----a-r- c:\$windows.~bt\Sources\dlmanifests\errorreportingcore-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1727 ----a-r- c:\$windows.~bt\Sources\dlmanifests\drm-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 4533 ----a-r- c:\$windows.~bt\Sources\dlmanifests\dpapi_keys-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2305 ----a-r- c:\$windows.~bt\Sources\dlmanifests\dns-server-service-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 3754 ----a-r- c:\$windows.~bt\Sources\dlmanifests\dns-client-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2204 ----a-r- c:\$windows.~bt\Sources\dlmanifests\directoryservices-ism-smtp-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2397 ----a-r- c:\$windows.~bt\Sources\dlmanifests\directoryservices-domain-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2570 ----a-r- c:\$windows.~bt\Sources\dlmanifests\directoryservices-adam-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 4183 ----a-r- c:\$windows.~bt\Sources\dlmanifests\dhcpservermigplugin-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1514 ----a-r- c:\$windows.~bt\Sources\dlmanifests\dhcpclient-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 4330 ----a-r- c:\$windows.~bt\Sources\dlmanifests\dfsn-serverservice-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2062 ----a-r- c:\$windows.~bt\Sources\dlmanifests\dfsmgmt-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1685 ----a-r- c:\$windows.~bt\Sources\dlmanifests\dfsclient-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1468 ----a-r- c:\$windows.~bt\Sources\dlmanifests\cryptoconfig-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2947 ----a-r- c:\$windows.~bt\Sources\dlmanifests\crypto_keys-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2224 ----a-r- c:\$windows.~bt\Sources\dlmanifests\credential-manager-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2091 ----a-r- c:\$windows.~bt\Sources\dlmanifests\coreos-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2879 ----a-r- c:\$windows.~bt\Sources\dlmanifests\commandprompt-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 3501 ----a-r- c:\$windows.~bt\Sources\dlmanifests\capi2_certs-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 3170 ----a-r- c:\$windows.~bt\Sources\dlmanifests\browserservice-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1423 ----a-r- c:\$windows.~bt\Sources\dlmanifests\bluetooth-config-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2272 ----a-r- c:\$windows.~bt\Sources\dlmanifests\bitsextensions-server-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2385 ----a-r- c:\$windows.~bt\Sources\dlmanifests\bitsextensions-server-console-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 80384 ----a-r- c:\$windows.~bt\Sources\dlmanifests\bitsextensions-server\bitsmig.dll
    2011-12-19 01:45 . 2009-07-14 09:29 2180 ----a-r- c:\$windows.~bt\Sources\dlmanifests\authui-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2288 ----a-r- c:\$windows.~bt\Sources\dlmanifests\application_experience-infrastructure-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1655 ----a-r- c:\$windows.~bt\Sources\dlmanifests\adsi-winnt-provider-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1962 ----a-r- c:\$windows.~bt\Sources\dlmanifests\adsi-router-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1676 ----a-r- c:\$windows.~bt\Sources\dlmanifests\adsi-ldap-provider-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 3725 ----a-r- c:\$windows.~bt\Sources\dlmanifests\adsi-ldap-extensions-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2642 ----a-r- c:\$windows.~bt\Sources\dlmanifests\adminui-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2400 ----a-r- c:\$windows.~bt\Sources\dlmanifests\adfs-webagenttoken-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2002 ----a-r- c:\$windows.~bt\Sources\dlmanifests\adfs-webagentclaims-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2370 ----a-r- c:\$windows.~bt\Sources\dlmanifests\adfs-federationserviceproxy-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 2353 ----a-r- c:\$windows.~bt\Sources\dlmanifests\adfs-federationservice-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 1602 ----a-r- c:\$windows.~bt\Sources\dlmanifests\activedirectory-wmireplicationprovider-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 667 ----a-r- c:\$windows.~bt\Sources\dlmanifests\activedirectory-webservices-dl.man
    2011-12-19 01:45 . 2009-07-14 09:29 4439 ----a-r- c:\$windows.~bt\Sources\dlmanifests\accessibilitycpl-dl.man
    2011-12-19 01:45 . 2009-08-08 02:33 186368 ----a-r- c:\$windows.~bt\Sources\dismprov.dll
    2011-12-19 01:45 . 2009-08-08 02:33 96768 ----a-r- c:\$windows.~bt\Sources\dismhost.exe
    2011-12-19 01:45 . 2009-08-08 02:33 109568 ----a-r- c:\$windows.~bt\Sources\dismcoreps.dll
    2011-12-19 01:45 . 2009-08-08 02:33 288768 ----a-r- c:\$windows.~bt\Sources\dismcore.dll
    2011-12-19 01:45 . 2009-08-08 02:33 274944 ----a-r- c:\$windows.~bt\Sources\dism.exe
    2011-12-19 01:45 . 2009-08-08 02:33 19456 ----a-r- c:\$windows.~bt\Sources\cryptosetup.dll
    2011-12-19 01:45 . 2009-08-08 02:33 183296 ----a-r- c:\$windows.~bt\Sources\compatprovider.dll
    2011-12-19 01:45 . 2009-07-14 09:29 170496 ----a-r- c:\$windows.~bt\Sources\cntrtextinstaller.dll
    2011-12-19 01:45 . 2009-07-14 09:29 477696 ----a-r- c:\$windows.~bt\Sources\cmitrust.dll
    2011-12-19 01:45 . 2009-07-14 09:29 125440 ----a-r- c:\$windows.~bt\Sources\cmiadapter.dll
    2011-12-19 01:45 . 2009-07-14 09:29 571 ----a-r- c:\$windows.~bt\Sources\cdplibuninstall.mof
    2011-12-19 01:45 . 2009-07-14 09:29 1976 ----a-r- c:\$windows.~bt\Sources\cdplib.mof
    2011-12-19 01:45 . 2009-07-14 09:29 28672 ----a-r- c:\$windows.~bt\Sources\cbsmsg.dll
    2011-12-19 01:45 . 2009-07-14 09:29 969216 ----a-r- c:\$windows.~bt\Sources\cbscore.dll
    2011-12-19 01:45 . 2009-07-14 09:29 2359352 ----a-r- c:\$windows.~bt\Sources\background_cli.bmp
    2011-12-19 01:45 . 2009-08-08 02:33 156160 ----a-r- c:\$windows.~bt\Sources\autorun.dll
    2011-12-19 01:45 . 2009-08-08 02:33 4096 ----a-r- c:\$windows.~bt\Sources\arunres.dll
    2011-12-19 01:45 . 2009-07-14 09:29 982016 ----a-r- c:\$windows.~bt\Sources\arunimg.dll
    2011-12-19 01:45 . 2009-07-14 09:29 243200 ----a-r- c:\$windows.~bt\Sources\apss.dll
    2011-12-19 01:45 . 2009-07-14 09:29 273920 ----a-r- c:\$windows.~bt\Sources\apircl.dll
    2011-12-19 01:45 . 2009-07-14 09:29 2134528 ----a-r- c:\$windows.~bt\Sources\apds.dll
    2011-12-19 01:45 . 2009-04-17 18:42 360866 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\web\wallpaper\Dell\Win7 Yellow 1920x1200.jpg
    2011-12-19 01:45 . 2009-04-17 18:38 265044 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\web\wallpaper\Dell\Win7 Red 1920x1200.jpg
    2011-12-19 01:45 . 2009-04-17 18:42 286489 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\web\wallpaper\Dell\Win7 Purple 1920x1200.jpg
    2011-12-19 01:45 . 2009-04-17 18:41 301217 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\web\wallpaper\Dell\Win7 Pink 1920x1200.jpg
    2011-12-19 01:45 . 2009-04-17 18:41 365166 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\web\wallpaper\Dell\Win7 Orange 1920x1200.jpg
    2011-12-19 01:45 . 2009-04-17 18:38 349815 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\web\wallpaper\Dell\Win7 LtBlue 1920x1200.jpg
    2011-12-19 01:45 . 2009-04-17 18:39 374028 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\web\wallpaper\Dell\Win7 Green 1920x1200.jpg
    2011-12-19 01:45 . 2009-04-20 17:38 598722 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\web\wallpaper\Dell\Win7 Chrome 1920x1200.jpg
    2011-12-19 01:45 . 2009-04-17 18:43 350490 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\web\wallpaper\Dell\Win7 Brown 1920x1200.jpg
    2011-12-19 01:45 . 2009-04-17 18:40 221791 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\web\wallpaper\Dell\Win7 Blue 1920x1200.jpg
    2011-12-19 01:45 . 2009-04-22 15:47 113825 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oobe\info\backgrounds\Win7-Yellow-1920x1200.jpg
    2011-12-19 01:45 . 2009-04-22 15:49 87171 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oobe\info\backgrounds\Win7-Red-1920x1200.jpg
    2011-12-19 01:45 . 2009-04-22 15:49 95657 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oobe\info\backgrounds\Win7-Purple-1920x1200.jpg
    2011-12-19 01:45 . 2009-04-22 15:49 91146 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oobe\info\backgrounds\Win7-Pink-1920x1200.jpg
    2011-12-19 01:45 . 2009-04-22 15:50 115794 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oobe\info\backgrounds\Win7-Orange-1920x1200.jpg
    2011-12-19 01:45 . 2009-04-22 15:50 111150 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oobe\info\backgrounds\Win7-LtBlue-1920x1200.jpg
    2011-12-19 01:45 . 2009-04-22 15:51 123504 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oobe\info\backgrounds\Win7-Green-1920x1200.jpg
    2011-12-19 01:45 . 2009-04-22 15:46 187157 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oobe\info\backgrounds\Win7-Chrome-1920x1200.jpg
    2011-12-19 01:45 . 2009-04-22 15:46 109376 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oobe\info\backgrounds\Win7-Brown-1920x1200.jpg
    2011-12-19 01:45 . 2009-04-22 15:47 56190 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oobe\info\backgrounds\Win7-Blue-1920x1200.jpg
    2011-12-19 01:45 . 2009-05-12 13:32 3333 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oem\ThemeLogo.png
    2011-12-19 01:45 . 2009-04-15 15:30 57656 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oem\SystemLogo.bmp
    2011-12-19 01:45 . 2009-07-06 16:04 19656 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oem\PerfLogo.bmp
    2011-12-19 01:45 . 2009-05-12 16:55 9026 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oem\OobeLogo.png
    2011-12-19 01:45 . 2009-04-15 15:30 65592 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oem\OemUser.bmp
    2011-12-19 01:45 . 2008-02-05 21:13 2731 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oem\OEM.xrm-ms
    2011-12-19 01:45 . 2006-10-19 11:47 1350 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\system32\oem\MceLogo.png
    2011-12-19 01:45 . 2009-07-25 21:01 149 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\setup\scripts\slp.cmd
    2011-12-19 01:45 . 2009-07-20 22:08 974 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\setup\scripts\oem.reg
    2011-12-19 01:45 . 2009-07-20 22:08 455 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\setup\scripts\OOBE.CMD
    2011-12-19 01:45 . 2009-08-15 10:26 13 ----a-r- c:\$windows.~bt\Sources\$oem$\$$\csup.txt
    2011-12-19 01:44 . 2011-12-19 01:53 278784 ----a-w- c:\$windows.~bt\Sources\Panther\setupinfo
    2011-12-19 01:44 . 2011-12-19 01:53 584785 ----a-w- c:\$windows.~bt\Sources\Panther\setupact.log
    2011-12-19 01:44 . 2011-12-19 01:53 12481 ----a-w- c:\$windows.~bt\Sources\Panther\diagerr.xml
    2011-12-19 01:44 . 2011-12-19 01:53 23871 ----a-w- c:\$windows.~bt\Sources\Panther\diagwrn.xml
    2011-12-19 01:44 . 2011-12-19 01:52 3340 ----a-w- c:\$windows.~bt\Sources\Panther\setuperr.log
    2011-12-19 01:44 . 2009-08-08 02:33 199680 ----a-r- c:\$windows.~bt\Sources\xmllite.dll
    2011-12-19 01:44 . 2009-07-14 09:29 521728 ----a-r- c:\$windows.~bt\Sources\wmicmiplugin.dll
    2011-12-19 01:44 . 2009-08-08 02:33 2198528 ----a-r- c:\$windows.~bt\Sources\winsetup.dll
    2011-12-19 01:44 . 2009-08-08 02:33 577536 ----a-r- c:\$windows.~bt\Sources\win32ui.dll
    2011-12-19 01:44 . 2009-08-08 02:33 58368 ----a-r- c:\$windows.~bt\Sources\wdsutil.dll
    2011-12-19 01:44 . 2009-07-14 09:29 10752 ----a-r- c:\$windows.~bt\Sources\wdsupgcompl.dll
    2011-12-19 01:44 . 2009-08-08 02:33 271360 ----a-r- c:\$windows.~bt\Sources\wdscore.dll
    2011-12-19 01:44 . 2009-08-08 02:33 146944 ----a-r- c:\$windows.~bt\Sources\wdsclientapi.dll
    2011-12-19 01:44 . 2009-08-08 02:33 624128 ----a-r- c:\$windows.~bt\Sources\wdsclient.dll
    2011-12-19 01:44 . 2009-07-14 09:29 597 ----a-r- c:\$windows.~bt\Sources\warning.gif
    2011-12-19 01:44 . 2009-08-08 02:33 260608 ----a-r- c:\$windows.~bt\Sources\w32uires.dll
    2011-12-19 01:44 . 2009-08-08 02:33 3051008 ----a-r- c:\$windows.~bt\Sources\w32uiimg.dll
    2011-12-19 01:44 . 2009-07-14 09:29 61556 ----a-r- c:\$windows.~bt\Sources\vofflps.rtf
    2011-12-19 01:44 . 2009-08-08 02:33 2560 ----a-r- c:\$windows.~bt\Sources\uxlibres.dll
    2011-12-19 01:44 . 2009-08-08 02:33 154112 ----a-r- c:\$windows.~bt\Sources\uxlib.dll
    2011-12-19 01:44 . 2009-07-14 09:29 36864 ----a-r- c:\$windows.~bt\Sources\upgres.dll
    2011-12-19 01:44 . 2009-08-08 02:33 562176 ----a-r- c:\$windows.~bt\Sources\upgreport.dll
    2011-12-19 01:44 . 2009-08-08 02:33 263680 ----a-r- c:\$windows.~bt\Sources\upgloader.dll
    2011-12-19 01:44 . 2009-07-14 09:29 906240 ----a-r- c:\$windows.~bt\Sources\upgdriver.dll
    2011-12-19 01:44 . 2009-07-14 09:29 8160256 ----a-r- c:\$windows.~bt\Sources\upgcore.dll
    2011-12-19 01:44 . 2009-07-14 09:29 19025 ----a-r- c:\$windows.~bt\Sources\upgcompat.inf
    2011-12-19 01:44 . 2009-08-08 02:33 1002496 ----a-r- c:\$windows.~bt\Sources\unbcl.dll
    2011-12-19 01:44 . 2009-08-08 02:33 248832 ----a-r- c:\$windows.~bt\Sources\unattend.dll
    2011-12-19 01:44 . 2009-07-14 09:29 40960 ----a-r- c:\$windows.~bt\Sources\uddicomp.dll
    2011-12-19 01:44 . 2010-09-09 20:59 3920124 ----a-w- c:\$windows.~bt\Sources\sysmain32.sdb
    2011-12-19 01:44 . 2010-09-09 20:58 121830 ----a-w- c:\$windows.~bt\Sources\sysmain.sdb
    2011-12-19 01:44 . 2009-08-08 02:33 235008 ----a-r- c:\$windows.~bt\Sources\sqmapi.dll
    2011-12-19 01:44 . 2009-08-08 02:33 7168 ----a-r- c:\$windows.~bt\Sources\spwizres.dll
    2011-12-19 01:44 . 2009-07-14 09:29 8338432 ----a-r- c:\$windows.~bt\Sources\spwizimg.dll
    2011-12-19 01:44 . 2009-08-08 02:33 445952 ----a-r- c:\$windows.~bt\Sources\spwizeng.dll
    2011-12-19 01:44 . 2009-08-08 02:33 57344 ----a-r- c:\$windows.~bt\Sources\spprgrss.dll
    2011-12-19 01:44 . 2009-08-08 02:33 25088 ----a-r- c:\$windows.~bt\Sources\spflvrnt.dll
    2011-12-19 01:44 . 2009-08-08 02:33 933376 ----a-r- c:\$windows.~bt\Sources\smiengine.dll
    2011-12-19 01:44 . 2009-08-08 02:33 266240 ----a-r- c:\$windows.~bt\Sources\setup.exe
    2011-12-19 01:44 . 2009-07-14 09:29 517384 ----a-r- c:\$windows.~bt\Sources\segoeui.ttf
    2011-12-19 01:44 . 2009-08-08 02:33 118272 ----a-r- c:\$windows.~bt\Sources\sdbapiu.dll
    2011-12-19 01:44 . 2009-08-08 02:33 90112 ----a-r- c:\$windows.~bt\Sources\schema.dat
    2011-12-19 01:44 . 2009-07-14 09:29 58368 ----a-r- c:\$windows.~bt\Sources\rmsupg.dll
    2011-12-19 01:44 . 2009-07-14 09:29 3892 ----a-r- c:\$windows.~bt\Sources\product.ini
    2011-12-19 01:44 . 2009-08-08 02:33 81920 ----a-r- c:\$windows.~bt\Sources\pnpibs.dll
    2011-12-19 01:44 . 2009-08-08 02:33 1023580 ----a-r- c:\$windows.~bt\Sources\pkeyconfig.xrm-ms
    2011-12-19 01:44 . 2009-08-08 02:33 1438720 ----a-r- c:\$windows.~bt\Sources\pidgenx.dll
    2011-12-19 01:44 . 2009-07-14 09:29 43520 ----a-r- c:\$windows.~bt\Sources\ntfrsupg.dll
    2011-12-19 01:44 . 2009-08-08 02:33 24064 ----a-r- c:\$windows.~bt\Sources\ntdsupg.dll
    2011-12-19 01:44 . 2009-08-08 02:33 68608 ----a-r- c:\$windows.~bt\Sources\nlsbres.dll
    2011-12-19 01:44 . 2009-08-08 02:33 105472 ----a-r- c:\$windows.~bt\Sources\ndiscompl.dll
    2011-12-19 01:44 . 2009-08-08 02:33 2048 ----a-r- c:\$windows.~bt\Sources\msxml6r.dll
    2011-12-19 01:44 . 2009-08-08 02:33 1793536 ----a-r- c:\$windows.~bt\Sources\msxml6.dll
    2011-12-19 01:44 . 2009-07-14 09:29 40448 ----a-r- c:\$windows.~bt\Sources\migtestplugin.dll
    2011-12-19 01:44 . 2009-07-14 09:29 123904 ----a-r- c:\$windows.~bt\Sources\migisol.dll
    2011-12-19 01:44 . 2009-07-14 09:29 419952 ----a-r- c:\$windows.~bt\Sources\locale.nls
    2011-12-19 01:44 . 2009-07-14 09:29 34674 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\ultimaten\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 38630 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\ultimatee\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 40251 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\ultimate\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 33312 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\startern\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 34266 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\startere\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 35789 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\starter\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 35257 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\professionaln\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 39213 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\professionale\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 40833 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\professional\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 33839 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\homepremiumn\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 37729 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\homepremiume\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 39252 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\homepremium\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\homebasicn\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28968 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\homebasice\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 36168 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\homebasic\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 622 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\enterprisen\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 622 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\enterprisee\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 619 ----a-r- c:\$windows.~bt\Sources\license\en-us\oem\enterprise\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28970 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\ultimaten\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\ultimatee\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\ultimate\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28970 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\startern\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\startere\license.rtf
    Starmie, Dec 30, 2011
    #23

  4. Starmie Newcomer, in training

    Combofix pt 3

    c:\$windows.~bt\Sources\license\en-us\eval\starter\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28970 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\professionaln\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\professionale\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\professional\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\homepremiumn\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28968 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\homepremiume\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28968 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\homepremium\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\homebasicn\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28968 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\homebasice\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28968 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\homebasic\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 27933 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\enterprisen\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 31878 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\enterprisee\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 33539 ----a-r- c:\$windows.~bt\Sources\license\en-us\eval\enterprise\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 36578 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\ultimaten\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 40467 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\ultimatee\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 42045 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\ultimate\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 33312 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\startern\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 34266 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\startere\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 35789 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\starter\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 36582 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\professionaln\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 40479 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\professionale\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 42049 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\professional\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 895 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\lpeula.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 7685 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\lipeula.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 36471 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\homepremiumn\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 40348 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\homepremiume\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 41962 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\homepremium\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28965 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\homebasicn\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28964 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\homebasice\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 39790 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\homebasic\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 622 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\enterprisen\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 622 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\enterprisee\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 619 ----a-r- c:\$windows.~bt\Sources\license\en-us\_default\enterprise\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 34674 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\ultimaten\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 38630 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\ultimatee\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 40251 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\ultimate\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 33312 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\startern\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 34266 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\startere\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 35789 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\starter\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 35257 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\professionaln\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 39213 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\professionale\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 40833 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\professional\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 33839 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\homepremiumn\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 37729 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\homepremiume\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 39252 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\homepremium\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\homebasicn\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28968 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\homebasice\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 36168 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\homebasic\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 622 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\enterprisen\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 622 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\enterprisee\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 619 ----a-r- c:\$windows.~bt\Sources\license\_default\oem\enterprise\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28970 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\ultimaten\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\ultimatee\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\ultimate\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28970 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\startern\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\startere\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\starter\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28970 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\professionaln\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\professionale\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\professional\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\homepremiumn\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28968 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\homepremiume\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28968 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\homepremium\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28969 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\homebasicn\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28968 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\homebasice\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28968 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\homebasic\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 27933 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\enterprisen\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 31878 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\enterprisee\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 33539 ----a-r- c:\$windows.~bt\Sources\license\_default\eval\enterprise\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 36578 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\ultimaten\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 40467 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\ultimatee\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 42045 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\ultimate\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 33312 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\startern\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 34266 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\startere\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 35789 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\starter\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 36582 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\professionaln\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 40479 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\professionale\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 42049 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\professional\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 895 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\lpeula.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 7685 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\lipeula.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 36471 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\homepremiumn\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 40348 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\homepremiume\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 41962 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\homepremium\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28965 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\homebasicn\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 28964 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\homebasice\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 39790 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\homebasic\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 622 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\enterprisen\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 622 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\enterprisee\license.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 619 ----a-r- c:\$windows.~bt\Sources\license\_default\_default\enterprise\license.rtf
    2011-12-19 01:44 . 2009-08-08 04:22 358 ----a-r- c:\$windows.~bt\Sources\lang.ini
    2011-12-19 01:44 . 2009-08-08 02:33 246784 ----a-r- c:\$windows.~bt\Sources\input.dll
    2011-12-19 01:44 . 2009-07-14 09:29 1310 ----a-r- c:\$windows.~bt\Sources\inf\setup.cfg
    2011-12-19 01:44 . 2009-07-14 09:29 18944 ----a-r- c:\$windows.~bt\Sources\iiscomp.dll
    2011-12-19 01:44 . 2009-07-14 09:29 34816 ----a-r- c:\$windows.~bt\Sources\hypervcomplcheck.dll
    2011-12-19 01:44 . 2009-07-14 09:29 1620 ----a-r- c:\$windows.~bt\Sources\hwexclude.txt
    2011-12-19 01:44 . 2009-07-14 09:29 524294 ----a-r- c:\$windows.~bt\Sources\hwcompat.txt
    2011-12-19 01:44 . 2009-08-08 02:33 197632 ----a-r- c:\$windows.~bt\Sources\hwcompat.dll
    2011-12-19 01:44 . 2009-07-14 09:29 45056 ----a-r- c:\$windows.~bt\Sources\fveupg.dll
    2011-12-19 01:44 . 2009-07-14 09:29 17408 ----a-r- c:\$windows.~bt\Sources\en-us\wmiutils.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 51712 ----a-r- c:\$windows.~bt\Sources\en-us\winsetup.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 5632 ----a-r- c:\$windows.~bt\Sources\en-us\wdsimage.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 7168 ----a-r- c:\$windows.~bt\Sources\en-us\wdsclient.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 3072 ----a-r- c:\$windows.~bt\Sources\en-us\wbemcore.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 260608 ----a-r- c:\$windows.~bt\Sources\en-us\w32uires.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 61556 ----a-r- c:\$windows.~bt\Sources\en-us\vofflps.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 2560 ----a-r- c:\$windows.~bt\Sources\en-us\uxlibres.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 9216 ----a-r- c:\$windows.~bt\Sources\en-us\upgres.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 2560 ----a-r- c:\$windows.~bt\Sources\en-us\upgreport.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 22528 ----a-r- c:\$windows.~bt\Sources\en-us\upgloader.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 6656 ----a-r- c:\$windows.~bt\Sources\en-us\upgdriver.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 7168 ----a-r- c:\$windows.~bt\Sources\en-us\spwizres.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 3072 ----a-r- c:\$windows.~bt\Sources\en-us\sperr32.exe.mui
    2011-12-19 01:44 . 2009-07-14 09:29 11776 ----a-r- c:\$windows.~bt\Sources\en-us\smiengine.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 47304 ----a-r- c:\$windows.~bt\Sources\en-us\setup_help_upgrade_or_custom.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 11776 ----a-r- c:\$windows.~bt\Sources\en-us\setup.exe.mui
    2011-12-19 01:44 . 2009-07-14 09:29 4096 ----a-r- c:\$windows.~bt\Sources\en-us\rollback.exe.mui
    2011-12-19 01:44 . 2009-07-14 09:29 138745 ----a-r- c:\$windows.~bt\Sources\en-us\readme.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 128854 ----a-r- c:\$windows.~bt\Sources\en-us\privacy.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 4608 ----a-r- c:\$windows.~bt\Sources\en-us\pnpibs.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 51682 ----a-r- c:\$windows.~bt\Sources\en-us\oobe_help_opt_in_details.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 68608 ----a-r- c:\$windows.~bt\Sources\en-us\nlsbres.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 79360 ----a-r- c:\$windows.~bt\Sources\en-us\msxml6r.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 7680 ----a-r- c:\$windows.~bt\Sources\en-us\mofd.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 5632 ----a-r- c:\$windows.~bt\Sources\en-us\logprovider.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 24064 ----a-r- c:\$windows.~bt\Sources\en-us\input.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 42491 ----a-r- c:\$windows.~bt\Sources\en-us\help_what_is_activation.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 2048 ----a-r- c:\$windows.~bt\Sources\en-us\folderprovider.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 7063 ----a-r- c:\$windows.~bt\Sources\en-us\erofflps.txt
    2011-12-19 01:44 . 2009-07-14 09:29 46640 ----a-r- c:\$windows.~bt\Sources\en-us\du_help_why_get_updates.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 43758 ----a-r- c:\$windows.~bt\Sources\en-us\du_help_what_info_sent_to_ms.rtf
    2011-12-19 01:44 . 2009-07-14 09:29 2048 ----a-r- c:\$windows.~bt\Sources\en-us\dismprov.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 2560 ----a-r- c:\$windows.~bt\Sources\en-us\dismhost.exe.mui
    2011-12-19 01:44 . 2009-07-14 09:29 6144 ----a-r- c:\$windows.~bt\Sources\en-us\dismcore.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 28672 ----a-r- c:\$windows.~bt\Sources\en-us\dism.exe.mui
    2011-12-19 01:44 . 2009-07-14 09:29 10240 ----a-r- c:\$windows.~bt\Sources\en-us\compres.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 12800 ----a-r- c:\$windows.~bt\Sources\en-us\compatprovider.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 4096 ----a-r- c:\$windows.~bt\Sources\en-us\cmisetup.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 12288 ----a-r- c:\$windows.~bt\Sources\en-us\cbsmsg.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 4096 ----a-r- c:\$windows.~bt\Sources\en-us\arunres.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 3072 ----a-r- c:\$windows.~bt\Sources\en-us\apss.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 4608 ----a-r- c:\$windows.~bt\Sources\en-us\apircl.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 49152 ----a-r- c:\$windows.~bt\Sources\en-us\apds.dll.mui
    2011-12-19 01:44 . 2009-07-14 09:29 3072 ----a-r- c:\$windows.~bt\Sources\en-us\actionqueue.dll.mui
    2011-12-19 01:44 . 2009-08-08 02:33 91136 ----a-r- c:\$windows.~bt\Sources\du.dll
    2011-12-19 01:44 . 2009-07-14 09:29 417792 ----a-r- c:\$windows.~bt\Sources\drvstore.dll
    2011-12-19 01:44 . 2009-08-08 02:33 143360 ----a-r- c:\$windows.~bt\Sources\drvmgrtn.dll
    2011-12-19 01:44 . 2010-09-09 20:58 105870 ----a-w- c:\$windows.~bt\Sources\drvmain.sdb
    2011-12-19 01:44 . 2009-08-08 02:33 158720 ----a-r- c:\$windows.~bt\Sources\diagnostic.dll
    2011-12-19 01:44 . 2009-08-08 02:33 38912 ----a-r- c:\$windows.~bt\Sources\diager.dll
    2011-12-19 01:44 . 2009-07-14 09:29 49 ----a-r- c:\$windows.~bt\Sources\cversion.ini
    2011-12-19 01:44 . 2009-07-14 09:29 10240 ----a-r- c:\$windows.~bt\Sources\compres.dll
    2011-12-19 01:44 . 2009-07-14 09:29 476 ----a-r- c:\$windows.~bt\Sources\compliance.ini
    2011-12-19 01:44 . 2009-07-14 09:29 3739136 ----a-r- c:\$windows.~bt\Sources\cmiv2.dll
    2011-12-19 01:44 . 2009-08-08 02:33 334336 ----a-r- c:\$windows.~bt\Sources\cmisetup.dll
    2011-12-19 01:44 . 2009-07-14 09:29 13326 ----a-r- c:\$windows.~bt\Sources\appcompat_detailed_txt.xsl
    2011-12-19 01:44 . 2009-07-14 09:29 13371 ----a-r- c:\$windows.~bt\Sources\appcompat_detailed_bidi_txt.xsl
    2011-12-19 01:44 . 2009-07-14 09:29 13732 ----a-r- c:\$windows.~bt\Sources\appcompat_detailed_bidi.xsl
    2011-12-19 01:44 . 2009-07-14 09:29 13687 ----a-r- c:\$windows.~bt\Sources\appcompat_detailed.xsl
    2011-12-19 01:44 . 2009-07-14 09:29 12498 ----a-r- c:\$windows.~bt\Sources\appcompat_bidi.xsl
    2011-12-19 01:44 . 2009-07-14 09:29 11673 ----a-r- c:\$windows.~bt\Sources\appcompat.xsl
    2011-12-19 01:44 . 2009-07-14 09:29 1046 ----a-r- c:\$windows.~bt\Sources\alert.gif
    2011-12-19 01:44 . 2009-07-14 09:29 65024 ----a-r- c:\$windows.~bt\Sources\admtv3check.dll
    2010-09-09 20:59 . 2010-09-09 20:59 3920124 ------w- c:\$windows.~bt\Sources\DU\sysmain32.sdb
    2010-09-09 20:58 . 2010-09-09 20:58 105870 ------w- c:\$windows.~bt\Sources\DU\drvmain.sdb
    2010-09-09 20:58 . 2010-09-09 20:58 121830 ------w- c:\$windows.~bt\Sources\DU\sysmain.sdb
    2009-08-08 17:22 . 2009-08-15 10:26 25 ---ha-r- c:\$windows.~bt\Sources\$oem$\$$\DELL_version
    2009-07-14 09:29 . 2009-07-14 09:29 213504 ----a-r- c:\$windows.~bt\Sources\actionqueue.dll
    .
    ---- Directory of C:\$WINDOWS.~LS ----
    .
    .
    ---- Directory of c:\windows\SysWow64\Microsoft ----
    .
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-25_20.11.38 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2011-12-24 05:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-12-26 21:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-12-24 05:37 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-12-26 21:24 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-12-24 05:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-12-26 21:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-08 01:23 . 2011-12-29 23:27 81060 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-12-30 11:48 38044 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-04-14 22:19 . 2011-12-30 11:48 18850 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-952912834-1767576808-1017798417-1000_UserData.bin
    - 2009-07-14 05:30 . 2011-12-25 18:41 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2009-07-14 05:30 . 2011-12-27 11:26 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2011-12-19 23:59 . 2011-12-19 23:59 93200 c:\windows\system32\DriverStore\FileRepository\inspect.inf_amd64_neutral_a7ec3789bc21a5c0\inspect.sys
    + 2011-04-14 19:01 . 2011-12-30 11:46 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-14 19:01 . 2011-12-25 18:42 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-04-14 19:01 . 2011-12-30 11:46 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-12-30 11:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-12-25 23:16 . 2011-12-25 23:16 49120 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
    + 2011-04-15 08:49 . 2011-12-27 13:00 5152 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2011-12-29 23:28 . 2011-12-30 08:15 2632 c:\windows\SoftwareDistribution\EventCache\{07FEB7B1-B6A1-4A87-AF6E-E6C46471E020}.bin
    - 2011-12-25 20:10 . 2011-12-25 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-12-30 12:35 . 2011-12-30 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-12-30 12:35 . 2011-12-30 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-12-25 20:10 . 2011-12-25 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-12-27 11:25 . 2011-12-27 11:25 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
    + 2011-12-27 11:25 . 2011-12-27 11:25 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
    + 2011-12-27 11:25 . 2011-12-27 11:25 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
    + 2011-04-15 08:48 . 2011-12-30 08:03 392850 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2009-07-14 02:36 . 2011-12-26 21:06 660280 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-12-26 21:06 121208 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:30 . 2011-12-27 11:26 143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2011-12-25 18:41 143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2011-12-27 11:26 143360 c:\windows\system32\DriverStore\infstor.dat
    - 2009-07-14 05:30 . 2011-12-25 18:41 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2011-12-25 23:14 . 2011-12-25 23:14 124624 c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
    + 2009-07-14 04:46 . 2011-12-28 16:11 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2009-07-14 05:01 . 2011-12-25 20:09 429320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-12-30 12:34 429320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-12-25 23:29 . 2011-12-30 12:34 430088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2009-07-14 04:45 . 2011-12-27 11:31 7351234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2011-12-25 18:42 7351234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2011-04-14 22:15 . 2011-12-25 20:09 3365912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-04-14 22:15 . 2011-12-30 12:34 3365912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-05-07 11:43 . 2011-12-27 11:39 5195954 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-952912834-1767576808-1017798417-1000-12288.dat
    + 2011-04-15 08:49 . 2011-12-30 12:34 40707988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-952912834-1767576808-1017798417-1000-8192.dat
    + 2011-12-21 03:50 . 2011-12-21 03:50 34909184 c:\windows\Installer\88f701.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
    "EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-11-07 28846216]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
    "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
    "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-05-01 1304]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
    "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
    .
    c:\users\Bassett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Launch Utility Application.lnk - c:\users\Bassett\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [2010-12-15 491520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
    R3 cpuz134;cpuz134;c:\users\Bassett\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
    R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-11-19 21712]
    R3 getbus;getbus;c:\users\Bassett\AppData\Local\Temp\getbus.sys [x]
    R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-12-14 25072]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-12 361984]
    S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
    S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-09-08 383544]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-04 687400]
    S2 VBoxDrv;VBox Support Driver;c:\program files (x86)\YouWave_Android\vb\VBoxDrv.sys [2010-07-15 203864]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
    .
    2011-12-29 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-18 9608224]
    "RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
    "RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
    "combofix"="c:\combofix\CF54.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\guard64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bing.com/?pc=BNHP
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{4923D83A-DF1B-49B6-B37A-D0C8E9ACCCC9}: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{55911FFD-63AD-4D0B-9E87-19780EFBFDCA}: NameServer = 8.26.56.26,156.154.70.22
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
    "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-30 07:39:57 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-30 12:39
    ComboFix2.txt 2011-12-28 20:53
    ComboFix3.txt 2011-12-27 12:53
    .
    Pre-Run: 903,428,497,408 bytes free
    Post-Run: 903,010,611,200 bytes free
    .
    - - End Of File - - 553B16DAB2CAE2246441D26689BC8F04
    Starmie, Dec 30, 2011
    #24

  5. Starmie Newcomer, in training

    HijackThis

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:16:50 AM, on 12/30/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Origin\Origin.exe
    C:\Users\Bassett\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
    C:\Program Files (x86)\Comodo\Dragon\dragon.exe
    C:\Program Files (x86)\Comodo\Dragon\dragon.exe
    C:\Program Files (x86)\Comodo\Dragon\dragon.exe
    C:\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
    O4 - Startup: Launch Utility Application.lnk = Bassett\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4923D83A-DF1B-49B6-B37A-D0C8E9ACCCC9}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{55911FFD-63AD-4D0B-9E87-19780EFBFDCA}: NameServer = 8.26.56.26,156.154.70.22
    O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - (no file)
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: AMD Fusion Utility Service (AMDFusionSVC) - Advanced Micro Devices - c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
    O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11735 bytes
    Starmie, Dec 30, 2011
    #25

  6. Bobbye Helper on the Fringe

    New Holiday Notice! I will not be working on the threads Sat. Dec. 31 or Sunday Jan. 1 I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.

    I will review the logs and set up some scrip for you to run in Combofix on Monday.
    Bobbye, Dec 30, 2011
    #26
Page 2 of 2