******************************************************************************
*             ShowNew.bat - (c) 07/01/2006 By Chaslang                       *
*              This version supports Win2K, XP and Vista                     *
*                                                                            *
*   01/13/2011 Version 2.80 - Locate WinSxS\shsvcs.dll files                 *
******************************************************************************
* Most of the information reported below is not necessarily bad.  You must   *
* not take any steps on any of these lines without consulting an expert.     *
******************************************************************************
 
Windows OS is  

Microsoft Windows [versie 6.0.6001]
It's Wed April 6, 2011  06:01:19 PM
 
Not All Files Found are bad files: DO NOT TOUCH THEM WITHOUT EXPERT HELP!!!!  
 
******************************************************************************
OS assumed command prompt execution folder is:                                
C:\MGtools
                                                                              
******************************************************************************
ShowNew installation folder and files 
******************************************************************************

"C:\MGtools\"
analyse.exe   23 Apr 2010      388608  "analyse.exe"
bamfix.bat     7 Oct 2010        6806  "BamFix.bat"
bamrcfix.txt   5 Dec 2010         372  "bamRCfix.txt"
chodefix.bat   7 Jun 2007        6146  "chodefix.bat"
config.reg    13 Dec 2009        1954  "config.reg"
disabl~1.reg   2 Aug 2007         120  "DisableUAC.reg"
download.exe   7 Aug 2008       61440  "download.exe"
enable~1.reg   2 Aug 2007         120  "EnableUAC.reg"
ffinfo.txt     6 Apr 2011         249  "ffinfo.txt"
filelog.txt    6 Apr 2011        4097  "filelog.txt"
findovl.bat   18 Apr 2009         320  "FindOVL.bat"
findrn.bat    14 Aug 2010        2027  "FindRN.bat"
fixacls.bat   28 Nov 2010        6196  "FixACLS.bat"
fixbagle.bat  10 Jul 2008        1897  "FixBagle.bat"
fixbagle.reg  27 Jan 2009        3765  "fixBagle.reg"
fixbamrc.bat   5 Dec 2010        1623  "FixbamRC.bat"
fixcf.bat     14 Jan 2009        1034  "FixCF.bat"
fixcf.reg      3 Jan 2009         581  "fixCF.reg"
fixchode.reg   7 Jun 2007         738  "fixChode.reg"
fixfa.bat     29 Dec 2008         438  "FixFA.bat"
fixfa.reg     18 Jun 2010       22032  "fixFA.reg"
fixperm.bat   24 Dec 2009        6988  "FixPerm.bat"
fixsbm.bat    14 Aug 2010         439  "FixSBM.bat"
fixsbm.reg     4 Dec 2006       12924  "fixSBM.reg"
getdet~1.exe  30 Oct 2006      245760  "GetDetails.exe"
getlogs.bat   21 Jul 2010       11640  "GetLogs.Bat"
getmbr.bat    24 Dec 2010        3054  "GetMBR.bat"
getrun~1.bat  23 Mar 2011      113050  "GetRunKey.bat"
getunkey.txt   6 Apr 2011      202754  "GetUnKey.txt"
getunk~1.bat  23 Jan 2009        2949  "GetUnKeys.bat"
grep.exe      14 Apr 2003       80412  "grep.exe"
grk64.bat     23 Mar 2011      114407  "GRK64.bat"
hide.reg      23 Jun 2009         393  "hide.reg"
history.txt   23 Mar 2011       42805  "history.txt"
htafind.bat    6 Mar 2009        6606  "HTAfind.bat"
iefix.reg      3 Apr 2004        1756  "IEFIX.reg"
locate.com    14 Jan 2005       11254  "locate.com"
ltime.exe     28 Oct 1986       13184  "ltime.exe"
mbrfix.bat     5 Mar 2010         220  "mbrfix.bat"
mgclean.bat    5 Dec 2010        5743  "MGclean.bat"
miscinfo.bat  14 Jul 2010        7999  "MiscInfo.bat"
newfiles.txt   6 Apr 2011        1354  "newfiles.txt"
nwktst.bat     9 Mar 2011       12400  "NwkTst.bat"
process.exe    6 Jun 2003       53248  "Process.exe"
proces~1.exe   1 Aug 2006        6656  "ProcessDll.exe"
regfix.bat    18 Apr 2007         145  "Regfix.bat"
remmws.bat    31 Jul 2009         497  "RemMWS.bat"
runkeys.txt    6 Apr 2011       52142  "runkeys.txt"
runmb.bat     16 Jun 2009         195  "RunMB.bat"
scantime.txt   6 Apr 2011          51  "scantime.txt"
sed.exe       31 Aug 2000       98816  "sed.exe"
shownew.bat   13 Jan 2011       97344  "ShowNew.bat"
sn64.bat      20 Mar 2011      106682  "SN64.bat"
swreg.exe     17 Dec 2007      156160  "swreg.exe"
swwhoami.exe  17 Dec 2007       66048  "swwhoami.exe"
sysbu.bat     11 Sep 2009        5841  "SysBU.bat"
TEMP          11 Sep 2009              "temp"
unhide.reg     3 Aug 2007         213  "unhide.reg"
unkeys.bat    31 May 2010        1755  "UnKeys.bat"
userinfo.bat   4 May 2010        3004  "UserInfo.bat"
vfind.exe     28 Dec 2007       49152  "vfind.exe"
vunfind.bat   28 Dec 2007         861  "VunFind.bat"
zip.exe       14 Jan 2005      126976  "zip.exe"

"C:\MGtools\temp\"
ERDNT          6 Apr 2011              "ERDNT"
grkflag.log    6 Apr 2011          40  "GRKflag.log"
junk.txt       6 Apr 2011          37  "junk.txt"
NTSPU          6 Apr 2011              "NTSPU"
NTUKB          6 Apr 2011              "NTUKB"
SPF            6 Apr 2011              "SPF"
VSP1          11 Sep 2009              "VSP1"
VSP2          11 Sep 2009              "VSP2"
XPSP2         11 Sep 2009              "XPSP2"
XPSP3         11 Sep 2009              "XPSP3"

"C:\MGtools\temp\VSP1\"
beep~1.sys    19 Jan 2008        6144  "beep.sysmg"
cngaud~1.dll   2 Nov 2006       11776  "cngaudit.dllmg"
netlog~1.dll  19 Jan 2008      592384  "netlogon.dllmg"
scecli~1.dll  19 Jan 2008      177152  "scecli.dllmg"

"C:\MGtools\temp\XPSP2\"
beep~1.sys    29 Aug 2002        4224  "beep.sysmg"
eventl~1.dll   4 Aug 2004       55808  "eventlog.dllmg"
netlog~1.dll   4 Aug 2004      407040  "netlogon.dllmg"
scecli~1.dll   4 Aug 2004      180224  "scecli.dllmg"

"C:\MGtools\temp\XPSP3\"
beep~1.sys     4 Aug 2004        4224  "beep.sysmg"
eventl~1.dll  14 Apr 2008       56320  "eventlog.dllmg"
netlog~1.dll  14 Apr 2008      407040  "netlogon.dllmg"
scecli~1.dll  14 Apr 2008      181248  "scecli.dllmg"

85 items found:  76 files, 9 directories.
   Total of file sizes:  4.318.101 bytes      4,12 M
 
******************************************************************************
                                USER INFORMATION     
******************************************************************************
 
Users on this computer:
Is Admin? | Username
------------------
   Yes    | Administrator (Disabled)
   Yes    | ALEX
          | Gast (Disabled)
 
******************************************************************************
                            SYSTEM and USER INFORMATION     
******************************************************************************
 
Username: PC-ALEX\ALEX

Stack overflow

 
******************************************************************************
 
 Showing any Pocket Killbox backup files     
 

No matches found.
 
******************************************************************************
 
 Showing any ComboFix folder contents                                         
 

No matches found.
 
 
 Showing any ComboFix Quarantine files/folders                                
 

No matches found.
 
******************************************************************************
 
 Showing any Avenger folder contents                                         

No matches found.
 
 
******************************************************************************
 
 
************************       VISTA OS FOUND      ***************************
******************************************************************************
                                                                              
List contents of "C:\Users"                                          
                                                                              

"C:\Users\"
ALEX           4 Jul 2009              "ALEX"
ALLUSE~1       2 Nov 2006              "All Users"
DEFAULT        2 Nov 2006              "Default"
DEFAUL~1       2 Nov 2006              "Default User"
desktop.ini   21 Jan 2008         174  "desktop.ini"
PUBLIC         2 Nov 2006              "Public"

6 items found:  1 file (1 H/S), 5 directories (3 H/S).
   Total of file sizes:  174 bytes      0,17 K
******************************************************************************
                                                                              
Locating all files created in "C:\Users\ALEX\AppData\Local\" within the last 90 days.  
                                                                              

"C:\Users\ALEX\AppData\Local\"
1516c7~1.txt   5 Apr 2011        4598  "1516C7EA-3C8A-7B75-06D7-35807DC0AE78.txt"
APPLEC~1       7 Feb 2011              "Apple Computer"
ARES          13 Feb 2011              "Ares"
dcbc2a~1.ini   6 Apr 2011       60416  "DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini"
ELEVAT~1      14 Feb 2011              "ElevatedDiagnostics"
iconca~1.db    6 Apr 2011     3154937  "IconCache.db"

6 items found:  3 files (1 H/S), 3 directories.
   Total of file sizes:  3.219.951 bytes      3,07 M
******************************************************************************
                                                                              
    Checking for Win32/Bagle aka Beagle infection related files               
    ===========================================================               
 LOCATE any files/folders in "C:\Users\ALEX\AppData\drivers"                  
                                                                              

No matches found.
                                                                              
 LOCATE any files/folders in "C:\Users\ALEX\AppData\hidires"                  
                                                                              

No matches found.
                                                                              
 LOCATE any files/folders in "C:\Users\ALEX\AppData\hidn"                     
                                                                              

No matches found.
                                                                              
 LOCATE/folders in "C:\Users\ALEX\AppData\m"                                  
                                                                              

No matches found.
                                                                              
 LOCATE/folders in "C:\Users\ALEX\AppData\Roaming\drivers"                                        
                                                                              

No matches found.
                                                                              
 LOCATE/folders in C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers 
                                                                              

No matches found.
                                                                              
******************************************************************************
                                                                              
    Checking for Trojan.Fake infections making use of Google folder           
Locating all files in "C:\Users\ALEX\AppData\Google"                          
                                                                              

No matches found.
******************************************************************************
                                                                              
    Checking for infections making use of AppData\Macromedia\Common folder    
Locating all files in "C:\Users\ALEX\AppData\Macromedia\Common"               
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files created in "C:\Users\ALEX\AppData\Roaming\" within the last 90 days.           
                                                                              

"C:\Users\ALEX\AppData\Roaming\"
AHEAD         22 Mar 2011              "Ahead"
BANDOO        14 Feb 2011              "Bandoo"
MALWAR~1       4 Apr 2011              "Malwarebytes"
MINECR~1      14 Feb 2011              ".minecraft"
SUPERA~1.COM   6 Apr 2011              "SUPERAntiSpyware.com"

5 items found:  0 files, 5 directories.
******************************************************************************
                                                                              
Locating all files created in "C:\Users\ALEX\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs" 
                                                                              

"C:\Users\ALEX\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
supera~1.log   6 Apr 2011        1400  "SUPERAntiSpyware Scan Log - 04-06-2011 - 17-23-00.log"
supera~2.log   6 Apr 2011         499  "SUPERAntiSpyware Scan Log - 04-06-2011 - 17-28-54.log"

2 items found:  2 files, 0 directories.
   Total of file sizes:  1.899 bytes      1,85 K
******************************************************************************
                                                                              
Locating all files created in "C:\Users\ALEX\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\" 
                                                                              

"C:\Users\ALEX\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\"
LOGS           4 Apr 2011              "Logs"
QUARAN~1       4 Apr 2011              "Quarantine"

"C:\Users\ALEX\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
mb11df~1.txt   5 Apr 2011        1047  "mbam-log-2011-04-05 (21-22-30).txt"
mb402f~1.txt   6 Apr 2011        1059  "mbam-log-2011-04-06 (13-49-23).txt"
mb412f~1.txt   6 Apr 2011        2216  "mbam-log-2011-04-06 (17-33-53).txt"
mbam-l~1.txt   5 Apr 2011        1040  "mbam-log-2011-04-05 (17-42-40).txt"
mbam-l~2.txt   5 Apr 2011        3152  "mbam-log-2011-04-05 (18-26-29).txt"
mbam-l~3.txt   5 Apr 2011        2303  "mbam-log-2011-04-05 (19-49-09).txt"
mbam-l~4.txt   5 Apr 2011        2092  "mbam-log-2011-04-05 (21-09-24).txt"

"C:\Users\ALEX\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\"
backup~1.121   6 Apr 2011         107  "BACKUP1.12173"
backup~1.205   6 Apr 2011         146  "BACKUP1.20548"
backup~1.344   6 Apr 2011          78  "BACKUP1.34447"
backup~1.362   6 Apr 2011          86  "BACKUP1.36265"
backup~1.503   6 Apr 2011         225  "BACKUP4.50363"
backup~1.551   6 Apr 2011          80  "BACKUP1.55130"
backup~1.664   6 Apr 2011          73  "BACKUP1.66473"
backup~1.864   6 Apr 2011         208  "BACKUP4.86487"
backup~1.921   6 Apr 2011         140  "BACKUP1.92158"
backup~1.968   6 Apr 2011         201  "BACKUP4.96831"
quar1~1.121    6 Apr 2011      585728  "QUAR1.12173"
quar1~1.205    6 Apr 2011      585728  "QUAR1.20548"
quar1~1.344    6 Apr 2011      585728  "QUAR1.34447"
quar1~1.362    6 Apr 2011      585728  "QUAR1.36265"
quar1~1.551    6 Apr 2011      585728  "QUAR1.55130"
quar1~1.664    6 Apr 2011      585728  "QUAR1.66473"
quar1~1.921    6 Apr 2011         889  "QUAR1.92158"

26 items found:  24 files, 2 directories.
   Total of file sizes:  3.529.510 bytes      3,36 M
******************************************************************************
                                                                              
Locating all files created in "C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Templates"         
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files in "C:\Users\ALEX\desktop"                                  
                                                                              

"C:\Users\ALEX\Desktop\"
99.doc        21 Mar 2011       25088  "99.doc"
accounts.dat   8 Dec 2010          30  "accounts.dat"
antima~1.txt   6 Apr 2011       10511  "antimalware insturies.txt"
AUDIO_TS      22 Mar 2011              "AUDIO_TS"
autoho~1.ahk  12 Feb 2011       27988  "AutoHotkey.ahk"
axifem~1.lnk   6 Jul 2009         829  "Axife Mouse Recorder DEMO.lnk"
BACKUPS        5 Apr 2011              "backups"
batch.bat     12 Sep 2010          11  "batch.bat"
BOT            8 Oct 2009              "bot"
BVI-13~1.2    31 Jul 2009              "bvi-1.3.2"
capita~1.lnk  26 Sep 2009         819  "Capitalism II.lnk"
carava~1.exe  20 Jun 2007     9826174  "Caravaneer.exe"
ccleaner.lnk   9 Jun 2010        1674  "CCleaner.lnk"
cheate~1.lnk  25 Apr 2010         813  "Cheat Engine.lnk"
CIVILI~1      11 May 2010              "Civilization"
clayso~1.jav  28 Mar 2010       17301  "ClaySoftenerV.java"
COCONUT       19 Aug 2009              "Coconut"
combofix.exe   6 Apr 2011     4315129  "ComboFix.exe"
d3d9.dll      14 Aug 2009      278616  "d3d9.dll"
d3d9.ini      30 Aug 2009           8  "d3d9.ini"
DATA          17 Apr 2010              "Data"
defogger.exe   6 Apr 2011       50477  "Defogger.exe"
desktop.ini   11 Jul 2009         700  "desktop.ini"
dia%20~1.doc   8 Dec 2010       35840  "Dia%20presentatie%20ckv%20we%20moeten%20praten[1].doc"
ECLIPSE        1 Jan 2011              "eclipse"
eclipse.pgp    6 Dec 2010   251852421  "eclipse.pgp"
EDUCAT~1      26 Mar 2010              "education-source"
eqtd.exe      14 Mar 2010     1668101  "EQTD.exe"
errorl~1.exe  30 Jul 2009      155753  "ErrorLogSystemRemover.exe"
excel2~1.lnk  12 Jul 2009        2617  "EXCEL  2003.lnk"
fa123alg.tt_  19 Nov 1999       44520  "FA123ALG.TT_"
fa123grf.ft_  19 Nov 1999        1312  "FA123GRF.FT_"
fa123grf.tt_  19 Nov 1999       41796  "FA123GRF.TT_"
FILE_S~1      27 May 2010              ".file_store_32"
gfxfil~1.dll  12 Aug 2006      458752  "GFXFileManager.dll"
GOLLY-~1.1-W  12 Jul 2010              "golly-2.1-win"
google.url    14 Feb 2011         166  "Google.url"
harves~1.lnk   5 May 2010        1826  "Harvest - Massive Encounter.lnk"
HASHTA~1      20 Jul 2009              "HashTab Shell Extension"
hijack~1.exe   5 Apr 2011      388608  "hijackthis.exe"
hijack~1.log   5 Apr 2011       10044  "hijackthis.log"
ijji~1.lnk    19 Aug 2009        1539  "i j j i.lnk"
IMPERI~1       6 May 2010              "Imperionbot"
intell~1.lnk  29 May 2010         837  "IntelliJ IDEA Community Edition 9.0.2.lnk"
intern~1.lnk   4 Jul 2009         953  "Internet Explorer.lnk"
JAGEX_~1       6 Apr 2010              ".jagex_cache_32"
JSDOC_~1.2    23 May 2010              "jsdoc_toolkit-2.3.2"
KARELJ-1.1    25 May 2010              "karelj-1.1"
kboter~1.txt  12 Jun 2010     3855797  "kbot.error.log.txt"
kbotob~2.jar  30 May 2010     3029726  "KbotObf-B721.jar"
KBOTSC~1      27 May 2010              "KBotScript"
KEYMOU~1.1-H   6 Jun 2010              "Key.Mouse.Genie.v4.1-HERETiC"
LOLBOT~1      27 Aug 2009              "LoL bots"
lol.bat       28 Jan 2010         187  "lol.bat"
lol.dll       13 Sep 2009       19199  "lol.dll"
lol.pgp        7 Dec 2010       26166  "lol.pgp"
m&oram~1.doc  29 Mar 2011       28672  "m&o ramon.doc"
manual~1.doc  28 Dec 2007       44544  "Manual Single File Import.doc"
mbam-l~1.txt   6 Apr 2011        2216  "mbam-log-2011-04-06 (17-33-53).txt"
meter.dll     19 Nov 1999        9232  "METER.DLL"
mgtools.exe    6 Apr 2011     2418162  "MGtools.exe"
MINECR~1      14 Feb 2011              "Minecraft Fix Windows"
minecr~1.exe  21 Oct 2010      695296  "MinecraftSP.exe"
minecr~1.jar  12 Feb 2011      291515  "minecraft.jar"
minecr~1.tor  14 Feb 2011        2152  "Minecraft_Beta_1.2_01.6105226.TPB.torrent"
minecr~2.exe  14 Feb 2011      232501  "Minecraft.exe"
MINES-~1       3 Dec 2010              "Mines-PerfectPortable"
minesw~1.lnk   3 Dec 2010        1055  "Minesweeper Variants.lnk"
minesw~2.lnk   3 Dec 2010         836  "MineSweeper3D.lnk"
minesxp.lnk    3 Dec 2010        2421  "MinesXP.lnk"
multih~1.cla   1 Jun 2010       22138  "MultiHunterPro.class"
NEWWIT~1      12 Sep 2009              "NewWitch160"
NI2818~1      23 May 2010              "Nieuwe map (5)"
NI2828~1      23 May 2010              "Nieuwe map (6)"
NI2838~1      24 May 2010              "Nieuwe map (7)"
NI2848~1      12 Jul 2010              "Nieuwe map (8)"
NI2858~1      26 Jul 2010              "Nieuwe map (9)"
NI4C7E~1      15 Aug 2010              "Nieuwe map (10)"
NI5353~1      26 Mar 2010              "Nieuwe map (3) - kopie"
NI5C76~1      23 Oct 2010              "Nieuwe map (11)"
NI5C7E~1       5 Jan 2011              "Nieuwe map (12)"
NI6C76~1       5 Jan 2011              "Nieuwe map (13)"
nieuw-~1.exe  29 Dec 2010      802691  "Nieuw - AutoHotkey Script.exe"
NIEUWE~1      19 Nov 2009              "Nieuwe map"
nieuwe~1.lnk   1 Apr 2010         395  "Nieuwe map (3) - Snelkoppeling.lnk"
NIEUWE~2      21 Mar 2010              "Nieuwe map (2)"
NIEUWE~3      24 Mar 2010              "Nieuwe map (3)"
NIEUWE~4       7 May 2010              "Nieuwe map (4)"
noob.dll      30 Aug 2009        9250  "noob.dll"
noteta~1.lnk  21 Mar 2010         794  "NoteTab Pro Trial.lnk"
pk2edi~1.doc  28 Dec 2007       33280  "PK2 Editing Tutorial.doc"
pk2edi~1.exe  28 Dec 2007      286720  "Pk2Editor.exe"
pk2ext~1.exe  28 Dec 2007      299008  "Pk2Extractor.exe"
PLAYWH~1       4 Jul 2009              "Playwhat Downloads"
powerp~1.lnk  11 Jul 2009        2046  "PowerPoint 2003.lnk"
PRECOM~1      24 May 2010              "Precompiled"
proxim~1.lnk   7 Aug 2009         820  "Proximodo.lnk"
proxyf~1.lnk  24 Jun 2010         806  "ProxyFirewall.lnk"
pxperl.lnk    27 Aug 2009        1480  "PXPerl.lnk"
quirlion.jar   8 Apr 2010      519892  "Quirlion.jar"
rootre~1.exe  13 Aug 2009      472064  "RootRepeal.exe"
rs2bot~1.lnk  29 Oct 2009        1687  "RS2Bot Install.lnk"
RSBOT         10 Oct 2009              "RSbot"
RSBOTSVN       7 Oct 2009              "rsbotsvn"
runecr~2.cla  18 Oct 2009         628  "Runecrafter$GUI$1.class"
runecr~3.cla  18 Oct 2009        7007  "Runecrafter$RcPaths.class"
scite.lnk     27 Aug 2009         629  "SciTE.lnk"
SCRIPTS       28 Mar 2010              "Scripts"
setpoint.exe   7 Apr 2007      249893  "SetPoint.exe"
settings.dat   6 Apr 2011          15  "settings.dat"
setup.inf     19 Nov 1999        1492  "SETUP.INF"
showsd~1.lnk  21 Jan 2008         258  "Shows Desktop.lnk"
shutter.lnk   27 Oct 2009         766  "Shutter.lnk"
silkroad.lnk  10 Apr 2010        1674  "Silkroad.lnk"
silkro~1.exe  10 Apr 2010  1369542521  "SilkroadOnline_GlobalOfficial_v1_240.exe"
smines~1.lnk   3 Dec 2010        1634  "SMine Shareware.lnk"
speedfan.lnk  31 Dec 2010         808  "SpeedFan.lnk"
splash.jpg    18 Aug 2009       62418  "Splash.jpg"
SROKING       17 Apr 2010              "SROKing"
ss_1.jpg      28 Dec 2007       48152  "ss_1.JPG"
swiftkit.lnk   5 Apr 2010         808  "SwiftKit.lnk"
SYSTEM~1      20 Jul 2009              "system editting"
test.cpp       5 Dec 2010       22401  "test.cpp"
thelos~1.lnk   6 Dec 2010         646  "The lost castle.lnk"
THE_LO~1       5 May 2010              "the_lost_castle_setup"
tvmana~1.lnk  27 Sep 2009         862  "TV Manager.lnk"
uc.rar        29 Dec 2010     8005502  "uc.rar"
ucf.rar       29 Dec 2010    39534889  "ucf.rar"
VIDEO_TS      22 Mar 2011              "VIDEO_TS"
voipbu~1.lnk  22 Feb 2010         919  "VoipBuster.lnk"
window~1.lnk  11 Jul 2009         919  "Windows Mail.lnk"
winema~1.txt  26 Mar 2010       17435  "WineMaker.TXT"
word20~1.lnk  30 Mar 2011        2635  "WORD  2003.lnk"
wordpa~1.lnk  26 Jul 2010        1147  "Word Password Recovery.lnk"
XGAME         21 Apr 2010              "xGame"
youtub~1.url  26 Nov 2010         147  "YouTube - Youp van 't Hek - Rijbewijs.url"
youtub~2.url   9 Feb 2011         147  "YouTube - Gunz Online - Epic Clan War.url"
__MACOSX       9 May 2010              "__MACOSX"

138 items found:  91 files (1 H/S), 47 directories.
   Total of file sizes:  1.699.840.353 bytes      1,58 G
******************************************************************************
                                                                              
Locating all files created in "C:\Users\ALEX\My Documents" within the last 90 days.  
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files created in "C:\Users\ALEX\Start Menu\Programs\Startup" within the last 90 days.  
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files created in "C:\ProgramData"  within the last 90 days.   
                                                                              

"C:\ProgramData\"
BANDOO        14 Feb 2011              "Bandoo"
MALWAR~1       4 Apr 2011              "Malwarebytes"
SUPERA~1.COM   6 Apr 2011              "SUPERAntiSpyware.com"
WINMAX~1      22 Mar 2011              "WinMaximizer"

4 items found:  0 files, 4 directories.
******************************************************************************
                                                                              
Locating all files created in "C:\ProgramData\Start Menu" within the last 90 days.  
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files created in "C:\ProgramData\Start Menu\Programs\Startup\" 
                                                                              

C:\PROGRA~2\STARTM~1\PROGRAMS\STARTUP\
desktop.ini   21 Jan 2008         174  DESKTOP.INI

1 item found:  1 file (1 H/S), 0 directories.
   Total of file sizes:  174 bytes      0,17 K
******************************************************************************
                                                                              
Locating all files created in "C:\ProgramData\desktop"                    
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files created in "C:\Users\Default User\Start Menu" within the last 90 days.  
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files created in "C:\Users\Default User\Start Menu\Programs\Startup\"         
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files created in "C:\Users\Default User\"                                     
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files created in "C:\Program Files\" within the last 90 days.      
                                                                              

"C:\Program Files\"
AHEAD         22 Mar 2011              "Ahead"
CONDUIT       14 Feb 2011              "Conduit"
MALWAR~1       4 Apr 2011              "Malwarebytes' Anti-Malware"
MI2020~1       5 Mar 2011              "Microsoft Silverlight"
MI7E58~1      14 Feb 2011              "Microsoft ATS"
SUPERA~1       6 Apr 2011              "SUPERAntiSpyware"
UTORRENT      14 Feb 2011              "uTorrent"
UTORRE~1      14 Feb 2011              "uTorrentBar_NL"
WI9130~1      13 Feb 2011              "Windows Searchqu Toolbar"

9 items found:  0 files, 9 directories.
******************************************************************************
                                                                              
Locating all files created in "C:\Program Files\Internet Explorer"              
                                                                              

"C:\Program Files\Internet Explorer\"
EN-US         14 Feb 2011              "en-US"
hmmapi.dll    21 Jan 2008       69632  "hmmapi.dll"
iedw.exe      21 Jan 2008       87040  "iedw.exe"
ieinstal.exe  21 Jan 2008      263168  "ieinstal.exe"
iessetup.ceb  21 Jan 2008        4355  "iessetup.ceb"
iessetup.dll   2 Nov 2006       16384  "iessetup.dll"
ieuser.exe    21 Jan 2008      299520  "ieuser.exe"
iexplore.exe   9 Mar 2010      634648  "iexplore.exe"
NL-NL         21 Jan 2008              "nl-NL"
PLUGINS       15 Sep 2009              "Plugins"
SIGNUP         2 Nov 2006              "SIGNUP"
sqmapi.dll    21 Jan 2008      129536  "sqmapi.dll"

"C:\Program Files\Internet Explorer\en-US\"
eula.rtf      13 Feb 2009        5630  "eula.rtf"

"C:\Program Files\Internet Explorer\nl-NL\"
eula.rtf      13 Feb 2009        6463  "eula.rtf"
hmmapi~1.mui  21 Jan 2008       12288  "hmmapi.dll.mui"
iedwex~1.mui  21 Jan 2008        5632  "iedw.exe.mui"
ieinst~1.mui  21 Jan 2008        3072  "ieinstal.exe.mui"
ieuser~1.mui  21 Jan 2008       16384  "ieuser.exe.mui"
iexplo~1.mui  21 Jan 2008       16384  "iexplore.exe.mui"

"C:\Program Files\Internet Explorer\Plugins\"
npb260~1.dll  15 Sep 2009      159744  "npqtplugin5.dll"
npb660~1.dll  15 Sep 2009      159744  "npqtplugin6.dll"
npba60~1.dll  15 Sep 2009      159744  "npqtplugin7.dll"
npqtpl~1.dll  15 Sep 2009      159744  "npqtplugin.dll"
npqtpl~2.dll  15 Sep 2009      159744  "npqtplugin2.dll"
npqtpl~3.dll  15 Sep 2009      159744  "npqtplugin3.dll"
npqtpl~4.dll  15 Sep 2009      159744  "npqtplugin4.dll"
quickt~1.cla  15 Sep 2009        4208  "QuickTimePlugin.class"

"C:\Program Files\Internet Explorer\SIGNUP\"
install.ins    4 Jul 2009         613  "install.ins"

28 items found:  24 files, 4 directories.
   Total of file sizes:  2.693.165 bytes      2,57 M
******************************************************************************
                                                                              
         DeluxeCommunications Search (new form of SurfSideKick)               
Locating all files created in C:\Program Files\DeluxeCommunications\ within the last 90 days.  
                                                                              

No matches found.
******************************************************************************
                                                                              
         WebHancer - dohancer form Search                                     
Locating all files created in C:\Program Files\em\ within the last 90 days.     
                                                                              

No matches found.
******************************************************************************
                                                                              
         WebHancer - hancmmnew form Search                                    
Locating all files created in C:\Program Files\mm\ within the last 90 days.     
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files created in C:\Program Files\Common Files\ within the last 90 days.  
                                                                              

"C:\Program Files\Common Files\"
AHEAD         22 Mar 2011              "Ahead"
JAVA          14 Feb 2011              "Java"

2 items found:  0 files, 2 directories.
******************************************************************************
                                                                              
Locating all files created in C:\Program Files\Common Files\Microsoft Shared\Web Folders within the last 90 days.  
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files in C:\Program Files\Common Files\system  within the last 120 days.  
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files created in C:\                                  
                                                                              

"C:\"
$RECYCLE.BIN   4 Jul 2009              "$RECYCLE.BIN"
32788R~1       6 Apr 2011              "32788R22FWJFW"
57FDBC~1       4 Jul 2009              "57fdbc7988386a46bb4069d00d228970"
ACER          22 Apr 2008              "Acer"
ACERSW        22 Apr 2008              "AcerSW"
ARENA         21 Jul 2009              "ARENA"
autoexec.bat  18 Sep 2006          24  "autoexec.bat"
bknows~1.log  21 Apr 2008      704602  "bknowsetup.log"
BOOK          22 Apr 2008              "Book"
BOOT          22 Apr 2008              "Boot"
bootmgr       21 Jan 2008      333203  "bootmgr"
bootsect.bak  22 Apr 2008        8192  "BOOTSECT.BAK"
config.sys    18 Sep 2006          10  "config.sys"
DEV-CPP        5 Dec 2010              "Dev-Cpp"
DOCUME~1       2 Nov 2006              "Documents and Settings"
DRV           22 Apr 2008              "DRV"
EGIS_D~1      10 Dec 2010              "EGIS_Drive"
FA-123        21 Jan 2010              "FA-123"
FILE_S~1       3 Oct 2009              ".file_store_32"
GNUPG          5 Dec 2010              "gnupg"
hiberfil.sys   6 Apr 2011  3220332544  "hiberfil.sys"
IJJI           4 Jul 2009              "ijji"
io.sys        19 Sep 2009           0  "IO.SYS"
JAGEX_~1       1 Oct 2009              ".jagex_cache_32"
MAXIS         13 Jul 2010              "MAXIS"
mglogs.zip     6 Apr 2011       37198  "MGlogs.zip"
MGTOOLS        6 Apr 2011              "MGtools"
mgtools.exe    6 Apr 2011     2418162  "MGtools.exe"
MPS           11 May 2010              "MPS"
msdos.sys     19 Sep 2009           0  "MSDOS.SYS"
pagefile.sys   6 Apr 2011  3534036992  "pagefile.sys"
PERFLOGS      21 Jan 2008              "PerfLogs"
PROGRA~1       2 Nov 2006              "Program Files"
PROGRA~2       2 Nov 2006              "ProgramData"
PXPERL        27 Aug 2009              "PXPerl"
rhdsetup.log   4 Jul 2009         477  "RHDSetup.log"
RSBOT          8 Oct 2009              "rsbot"
scandisk.lnk   6 Apr 2011         479  "scandisk.lnk"
setup.log     21 Apr 2008          32  "setup.log"
SIMEARTH      13 Jul 2010              "SIMEARTH"
SUN           10 Oct 2009              "Sun"
SYSTEM~1      22 Apr 2008              "System Volume Information"
TEMP           4 Jul 2009              "Temp"
THELOS~1       5 May 2010              "The lost Castle"
USERS          2 Nov 2006              "Users"
WINDOWS        2 Nov 2006              "Windows"

46 items found:  14 files (6 H/S), 32 directories (5 H/S).
   Total of file sizes:  6.757.871.915 bytes      6,29 G
******************************************************************************
                                                                              
Locating all files created in C:\Windows\Downloaded Program Files\ within the last 90 days.  
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files and folders created in C:\Windows within the last 180 days.  
                                                                              

"C:\Windows\"
bootstat.dat   6 Apr 2011       67584  "bootstat.dat"
directx.log    9 Oct 2010      370802  "DirectX.log"
ie8_main.log  14 Feb 2011      190023  "ie8_main.log"
ie9_main.log  14 Feb 2011       10753  "IE9_main.log"
memory.dmp     6 Apr 2011   264501860  "MEMORY.DMP"
ntbtlog.txt    6 Apr 2011     1136986  "ntbtlog.txt"
ocsetu~2.etl  14 Feb 2011     3211264  "ocsetup_install_MicrosoftWindowsPowerShell.etl"
pfro.log       6 Apr 2011     5390968  "PFRO.log"
pgp_cl~1.prf   5 Dec 2010        6244  "PGP_Client.prf"
randseed.rnd   5 Dec 2010         512  "randseed.rnd"
setupact.log  18 Feb 2011      106953  "setupact.log"
window~1.log   6 Apr 2011     1786616  "WindowsUpdate.log"

12 items found:  12 files (1 H/S), 0 directories.
   Total of file sizes:  276.780.565 bytes    263,96 M
******************************************************************************
                                                                              
Locating ini files created in C:\Windows\assembly\GAC\*.ini within the last 90 days. 
  - we are looking for files like __AssemblyInfo__.ini which are used to create    
  - driver files like C:\WINDOWS\system32\drivers\vbma6b97.sys that show up as     
  - infections like \\.\globalroot\Device\svchost.exe\svchost.exe                  
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating new files in C:\Windows\inf  Some malware may save things here.        
                                                                              

"C:\Windows\inf\"
setupa~2.log   6 Apr 2011     5914673  "setupapi.app.log"
WMIAPRPL       6 Apr 2011              "WmiApRpl"

"C:\Windows\inf\WmiApRpl\"
0009           6 Apr 2011              "0009"
0013           6 Apr 2011              "0013"
wmiaprpl.h     6 Apr 2011        3766  "WmiApRpl.h"

"C:\Windows\inf\WmiApRpl\0009\"
wmiaprpl.ini   6 Apr 2011       54630  "WmiApRpl.ini"

"C:\Windows\inf\WmiApRpl\0013\"
wmiaprpl.ini   6 Apr 2011       54630  "WmiApRpl.ini"

7 items found:  4 files, 3 directories.
   Total of file sizes:  6.027.699 bytes      5,75 M
******************************************************************************
                                                                              
Locating new folders created in C:\Windows\system32 within the last 120 days.   
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating new files in C:\Windows\system32\AppCert                         .     
   This is not a normal folder to have and often contains malware.            
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating new files in C:\Windows\system32\config\systemprofile\Application Data\Macromedia\Common 
   This is not a normal folder to have and often contains malware.            
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating new files created in C:\Windows\system32 within the last 120 days.     
                                                                              

"C:\Windows\System32\"
7b296f~1.c74   6 Apr 2011        3216  "7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0"
7b296f~2.c74   6 Apr 2011        3216  "7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0"
initde~1.nfo  31 Dec 2010          45  "initdebug.nfo"
jupdat~2.log  14 Feb 2011        5706  "jupdate-1.6.0_23-b05.log"
mpsigs~1.exe   2 Feb 2011      222080  "MpSigStub.exe"
perfc009.dat   6 Apr 2011      101052  "perfc009.dat"
perfc013.dat   6 Apr 2011      126648  "perfc013.dat"
perfh009.dat   6 Apr 2011      586980  "perfh009.dat"
perfh013.dat   6 Apr 2011      667114  "perfh013.dat"
perfst~1.ini   6 Apr 2011     1471570  "PerfStringBackup.INI"

10 items found:  10 files (2 H/S), 0 directories.
   Total of file sizes:  3.187.627 bytes      3,04 M
******************************************************************************
                                                                              
Locating ALL files created in C:\Windows\System32\DLLCACHE within the last 90 days. 
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files created in C:\Windows\System32\components within the last 90 days. 
This folder is sometimes used by Trojan.FakeAlert.CX aka SmitFraud            
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files in C:\Windows\System32\com - used by the W32.Pagipef worm    
     *** BE CAREFUL ---- Not all files in this folder are bad ***             
                                                                              

"C:\Windows\System32\com\"
comadmin.dll  21 Jan 2008      201728  "comadmin.dll"
comempty.dat  18 Sep 2006       61440  "comempty.dat"
comrepl.exe    2 Nov 2006       13312  "comrepl.exe"
DMP            2 Nov 2006              "dmp"
migregdb.exe   2 Nov 2006       10752  "MigRegDB.exe"
mtsadmin.tlb   2 Nov 2006       18944  "mtsadmin.tlb"
NL-NL         21 Jan 2008              "nl-NL"

"C:\Windows\System32\com\nl-NL\"
comrep~1.mui  21 Jan 2008        2560  "comrepl.exe.mui"
migreg~1.mui  21 Jan 2008        2560  "MigRegDB.exe.mui"

9 items found:  7 files, 2 directories.
   Total of file sizes:  311.296 bytes    304,00 K
******************************************************************************
                                                                              
Locating all files created in C:\Windows\System32\drivers within the last 90 days. 
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files in C:\Windows\System32\drivers\down                          
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files in C:\Windows\System32\drivers\downld                        
                                                                              

No matches found.
******************************************************************************
 Running hosts file permissions fix                                           
                                                                              
                                                                              
Locating all files created in C:\Windows\System32\drivers\etc                   
                                                                              

"C:\Windows\System32\drivers\etc\"
lmhosts.sam   18 Sep 2006        3683  "lmhosts.sam"
netadapt.cfg  17 Jul 2009         120  "NetAdapt.cfg"
netada~1.bck  17 Jul 2009         120  "NetAdapt.cfg.bck"
netloc.wlt    17 Jul 2009          68  "NetLoc.wlt"
netloc~1.bck  17 Jul 2009          68  "NetLoc.wlt.bck"
networks      18 Sep 2006         407  "networks"
protocol      18 Sep 2006        1358  "protocol"
services      18 Sep 2006       17244  "services"

8 items found:  8 files, 0 directories.
   Total of file sizes:  23.068 bytes     22,53 K
******************************************************************************
                                                                              
Locating all files in C:\Windows\System32\inf  This is not a normal Win folder  
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating all files created in C:\Windows\Driver Cache\I386 within the last 360 days.  
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating C:\Windows\TEMP files created with in the last 90 days.                
                                                                              

"C:\Windows\Temp\"
50e84516       6 Apr 2011        6232  "50e84516"
5rasdvdc.exe   5 Apr 2011      178176  "5rasdvdc.exe"
ADOBE          5 Apr 2011              "Adobe"
bc48e673       6 Apr 2011      125047  "bc48e673"
cbqmicjd.exe   5 Apr 2011      178176  "cbqmicjd.exe"
eb89e949       6 Apr 2011       16918  "eb89e949"
google~2.log   6 Apr 2011       87831  "GoogleToolbarInstaller1.log"
HSPERF~1       6 Apr 2011              "hsperfdata_PC-ALEX$"
i14whg41.exe   5 Apr 2011      178176  "i14whg41.exe"
i7fl5b2x.exe   5 Apr 2011      178176  "i7fl5b2x.exe"
ikj1q7vj.exe   5 Apr 2011      178176  "ikj1q7vj.exe"
kjj5zo09.exe   5 Apr 2011      178176  "kjj5zo09.exe"
l4hbsrt6.exe   5 Apr 2011      178176  "l4hbsrt6.exe"
mhos1oc9.exe   5 Apr 2011      178176  "mhos1oc9.exe"
mpcmdrun.log   5 Apr 2011        1192  "MpCmdRun.log"
MPTELE~1       5 Apr 2011              "MPTelemetrySubmit"
n4jl5rbl.exe   5 Apr 2011      178176  "n4jl5rbl.exe"
pgpsso~1.txt   6 Apr 2011          92  "PGPssoLog.txt"
ptjrvqw.exe    5 Apr 2011      178176  "ptjrvqw.exe"

19 items found:  16 files (3 H/S), 3 directories.
   Total of file sizes:  2.019.072 bytes      1,92 M
******************************************************************************
                                                                              
Locating "C:\Users\ALEX\AppData\Local\Temp" files created within the last 90 days.  
                                                                              

"C:\Users\ALEX\AppData\Local\Temp\"
736a.tmp       6 Apr 2011      311248  "736A.tmp"
a543.tmp       6 Apr 2011      311248  "A543.tmp"
alex.bmp       6 Apr 2011       31832  "ALEX.bmp"
au-des~1.xml   6 Apr 2011        7808  "au-descriptor-1.6.0_24-b71.xml"
auchec~1.txt   6 Apr 2011         302  "AUCHECK_CORE.txt"
auchec~2.txt   6 Apr 2011          74  "AUCHECK_PARSER.txt"
DWDCD4F.TMP    5 Apr 2011              "DWDCD4F.tmp"
EDATAS~1       6 Apr 2011              "eDatasecurity"
GOOGLE~1       6 Apr 2011              "Google Toolbar"
IS-AQ6SL.TMP   5 Apr 2011              "is-AQ6SL.tmp"
jusched.log    6 Apr 2011       13504  "jusched.log"
RARSFX0        4 Apr 2011              "RarSFX0"
SUPERS~1       6 Apr 2011              "SUPERSetup"
wmplog00.sqm   6 Apr 2011        1646  "wmplog00.sqm"
WPDNSE         6 Apr 2011              "WPDNSE"
~df8dd8.tmp    6 Apr 2011      114688  "~DF8DD8.tmp"
~dfa283.tmp    6 Apr 2011      114688  "~DFA283.tmp"

17 items found:  10 files, 7 directories.
   Total of file sizes:  907.038 bytes    885,78 K
******************************************************************************
                                                                              
Locating C:\TEMP files and folders  created within the last 90 days. 
                                                                              

No matches found.
******************************************************************************
                                                                              
Locating .COM files in the C:\Windows\System32 folder                           
                                                                              

"C:\Windows\System32\"
chcp.com       2 Nov 2006       11776  "chcp.com"
command.com    2 Nov 2006       50648  "COMMAND.COM"
diskcomp.com   2 Nov 2006       13824  "diskcomp.com"
diskcopy.com   2 Nov 2006       11264  "diskcopy.com"
edit.com      18 Sep 2006       69886  "edit.com"
format.com     2 Nov 2006       35328  "format.com"
graftabl.com  21 Jan 2008       56320  "graftabl.com"
graphics.com   2 Nov 2006       19694  "GRAPHICS.COM"
kb16.com       2 Nov 2006       14710  "KB16.COM"
loadfix.com    2 Nov 2006        1131  "LOADFIX.COM"
mode.com       2 Nov 2006       25088  "mode.com"
more.com       2 Nov 2006       20992  "more.com"
tree.com       2 Nov 2006       16384  "tree.com"
win.com        2 Nov 2006        6656  "win.com"

14 items found:  14 files, 0 directories.
   Total of file sizes:  353.701 bytes    345,41 K
******************************************************************************
                                                                              
Show all occurrences of various system files that may need to be restored     
                                                                              
============= Finding copies of actxprxy.dll =================================
"C:\Windows\System32\actxprxy.dll" 326656 21-01-2008 04:24 
"C:\Windows\winsxs\x86_microsoft-windows-activexproxy_31bf3856ad364e35_6.0.6001.18000_none_120e336fea4a5696\actxprxy.dll" 326656 21-01-2008 04:24 
                                                                              
============= Finding copies of atapi.sys ====================================
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys" 19944 11-04-2009 08:32 
"C:\Windows\System32\drivers\atapi.sys" 21560 21-01-2008 04:23 
"C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys" 19048 02-11-2006 11:49 
"C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys" 21560 21-01-2008 04:23 
"C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys" 21560 21-01-2008 04:23 
                                                                               
============= Finding copies of beep.sys =====================================
"C:\Windows\System32\drivers\beep.sys" 6144 21-01-2008 04:23 
"C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys" 6144 21-01-2008 04:23 
                                                                              
============= Finding copies of csrss.exe ====================================
"C:\Windows\System32\csrss.exe" 6144 21-01-2008 04:24 
"C:\Windows\System32\nl-NL\csrss.exe.mui" 2560 21-01-2008 08:33 
"C:\Windows\winsxs\x86_microsoft-windows-csrss.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_91663a796d8d8a38\csrss.exe.mui" 2560 21-01-2008 08:33 
"C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe" 6144 21-01-2008 04:24 
                                                                                         
============= Finding copies of ctfmon.exe ===================================
"C:\Windows\System32\ctfmon.exe" 8704 02-11-2006 11:45 
"C:\Windows\System32\nl-NL\ctfmon.exe.mui" 2560 21-01-2008 08:35 
"C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe" 8704 02-11-2006 11:45 
"C:\Windows\winsxs\x86_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_4d4ec48bc241670f\ctfmon.exe.mui" 2560 21-01-2008 08:35 
                                                                              
============= Finding copies of cngaudit.dll =================================
"C:\Windows\System32\cngaudit.dll" 11776 02-11-2006 11:46 
"C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll" 11776 02-11-2006 11:46 
                                                                              
============= Finding copies of explorer.exe =================================
"C:\Windows\explorer.exe" 2927104 29-10-2008 08:29 
"C:\Windows\nl-NL\explorer.exe.mui" 913408 21-01-2008 08:37 
"C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf" 76504 06-04-2011 15:04 
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe" 2926592 11-04-2009 08:27 
"C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_bcc7b67fffbeb627\explorer.exe.mui" 913408 21-01-2008 08:37 
"C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe" 2923520 29-10-2008 08:20 
"C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe" 2923520 28-10-2008 04:15 
"C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe" 2927104 21-01-2008 04:24 
"C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe" 2927104 29-10-2008 08:29 
"C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe" 2927616 30-10-2008 05:59 
                                                                              
============= Finding copies of kernel32.dll =================================
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6002.18005_none_7cc3af8dde4f2233\kernel32.amx" 530196 11-04-2009 06:17 
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa\kernel32.dll" 891392 11-04-2009 08:28 
"C:\Windows\System32\kernel32.dll" 888832 13-02-2009 10:49 
"C:\Windows\System32\manifeststore\kernel32.amx" 534116 17-03-2009 03:07 
"C:\Windows\System32\nl-NL\kernel32.dll.mui" 802816 21-01-2008 08:40 
"C:\Windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.16834_none_78d58d0be41b7973\kernel32.amx" 535568 17-03-2009 02:50 
"C:\Windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.21029_none_796ed356fd2caf41\kernel32.amx" 535568 17-03-2009 02:50 
"C:\Windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_7ad83681e12d56e7\kernel32.amx" 534104 21-01-2008 04:24 
"C:\Windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.18230_none_7ab7ca89e145a508\kernel32.amx" 534116 17-03-2009 03:07 
"C:\Windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.22399_none_7b098a66fa8bd087\kernel32.amx" 536264 21-03-2009 02:51 
"C:\Windows\winsxs\x86_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_f3eff2e0b16164ca\kernel32.dll.mui" 749568 21-01-2008 08:35 
"C:\Windows\winsxs\x86_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.0.6001.18000_nl-nl_f626b4dcae4c759e\kernel32.dll.mui" 802816 21-01-2008 08:40 
"C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll" 875520 13-02-2009 09:26 
"C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll" 875520 13-02-2009 09:13 
"C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll" 888320 21-01-2008 04:24 
"C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll" 888832 13-02-2009 10:49 
"C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll" 890880 13-02-2009 10:21 
                                                                              
============= Finding copies of lsass.exe ====================================
"C:\Windows\System32\lsass.exe" 9728 15-06-2009 14:57 
"C:\Windows\System32\nl-NL\lsass.exe.mui" 11264 21-01-2008 08:40 
"C:\Windows\winsxs\x86_microsoft-windows-lsa.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_3d7d03b422b8425a\lsass.exe.mui" 11264 21-01-2008 08:32 
"C:\Windows\winsxs\x86_microsoft-windows-lsa.resources_31bf3856ad364e35_6.0.6001.18000_nl-nl_3fb3c5b01fa3532e\lsass.exe.mui" 11264 21-01-2008 08:40 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe" 7680 13-02-2009 09:26 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe" 7680 15-06-2009 15:10 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe" 7680 13-02-2009 06:58 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe" 7680 15-06-2009 14:59 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe" 7680 10-09-2009 16:47 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe" 9728 21-01-2008 04:24 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe" 9728 21-01-2008 04:24 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe" 9728 15-06-2009 14:57 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe" 9728 13-02-2009 10:20 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe" 9728 15-06-2009 15:03 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe" 9728 09-09-2009 13:09 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe" 9728 21-01-2008 04:24 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe" 9728 15-06-2009 14:48 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe" 9728 15-06-2009 14:51 
"C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe" 9728 10-09-2009 16:44 
                                                                              
============= Finding copies of netlogon.dll =================================
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll" 592896 11-04-2009 08:28 
"C:\Windows\System32\netlogon.dll" 592384 21-01-2008 04:24 
"C:\Windows\System32\nl-NL\netlogon.dll.mui" 10752 21-01-2008 08:40 
"C:\Windows\winsxs\x86_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_e698b44caaed1503\netlogon.dll.mui" 6144 21-01-2008 08:34 
"C:\Windows\winsxs\x86_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_6.0.6001.18000_nl-nl_e8cf7648a7d825d7\netlogon.dll.mui" 10752 21-01-2008 08:40 
"C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll" 592384 21-01-2008 04:24 
                                                                              
============= Finding copies of powrprof.dll =================================
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6002.18005_none_a505176cf9fa2abd\powrprof.dll" 98816 11-04-2009 08:28 
"C:\Windows\System32\powrprof.dll" 97280 21-01-2008 04:25 
"C:\Windows\System32\nl-NL\powrprof.dll.mui" 20480 21-01-2008 08:40 
"C:\Windows\winsxs\x86_microsoft-windows-u..anagement.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_bc1824f8b688b00d\powrprof.dll.mui" 18944 21-01-2008 08:35 
"C:\Windows\winsxs\x86_microsoft-windows-u..anagement.resources_31bf3856ad364e35_6.0.6001.18000_nl-nl_be4ee6f4b373c0e1\powrprof.dll.mui" 20480 21-01-2008 08:40 
"C:\Windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6001.18000_none_a3199e60fcd85f71\powrprof.dll" 97280 21-01-2008 04:25 
                                                                              
============= Finding copies of proquota.exe =================================
"C:\Windows\System32\proquota.exe" 27648 02-11-2006 11:45 
"C:\Windows\System32\nl-NL\proquota.exe.mui" 4608 21-01-2008 08:32 
"C:\Windows\winsxs\x86_microsoft-windows-proquota.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_b5ae6be506ea5b8d\proquota.exe.mui" 4608 21-01-2008 08:32 
"C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe" 27648 02-11-2006 11:45 
                                                                              
============= Finding copies of regedit.exe ==================================
"C:\Windows\regedit.exe" 134656 21-01-2008 04:24 
"C:\Windows\nl-NL\regedit.exe.mui" 61440 21-01-2008 08:34 
"C:\Windows\winsxs\x86_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_b1a66c5e8edc2bdb\regedit.exe.mui" 61440 21-01-2008 08:34 
"C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe" 134656 21-01-2008 04:24 
                                                                              
============= Finding copies of scecli.dll   =================================
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll" 177152 11-04-2009 08:28 
"C:\Windows\System32\scecli.dll" 177152 21-01-2008 04:24 
"C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll" 177152 21-01-2008 04:24 
                                                                              
============= Finding copies of services.exe =================================
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe" 279552 11-04-2009 08:27 
"C:\Windows\System32\services.exe" 279040 21-01-2008 04:24 
"C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe" 279040 21-01-2008 04:24 
                                                                              
============= Finding copies of spoolsv.exe =================================
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe" 127488 11-04-2009 08:28 
"C:\Windows\System32\spoolsv.exe" 125952 21-01-2008 04:24 
"C:\Windows\System32\nl-NL\spoolsv.exe.mui" 6656 21-01-2008 08:34 
"C:\Windows\winsxs\x86_microsoft-windows-p..oler-core.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_deac8f688d92a358\spoolsv.exe.mui" 6656 21-01-2008 08:34 
"C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe" 125952 21-01-2008 04:24 
                                                                              
============= Finding copies of svchost.exe ==================================
"C:\Windows\Prefetch\SVCHOST.EXE-3AB35CA7.pf" 28302 06-04-2011 17:42 
"C:\Windows\Prefetch\SVCHOST.EXE-61AE5AB6.pf" 27444 06-04-2011 17:42 
"C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf" 20520 06-04-2011 14:57 
"C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf" 13314 06-04-2011 18:01 
"C:\Windows\Prefetch\SVCHOST.EXE-A1476A17.pf" 74764 06-04-2011 15:40 
"C:\Windows\Prefetch\SVCHOST.EXE-C9A9BB77.pf" 77170 06-04-2011 14:38 
"C:\Windows\System32\svchost.exe" 21504 21-01-2008 04:23 
"C:\Windows\System32\nl-NL\svchost.exe.mui" 2560 21-01-2008 08:33 
"C:\Windows\winsxs\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_081e203c33968ea3\svchost.exe.mui" 2560 21-01-2008 08:33 
"C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe" 21504 21-01-2008 04:23 
                                                                              
============= Finding copies of tcpip.sys ====================================
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys" 897000 11-04-2009 08:33 
"C:\Windows\System32\drivers\tcpip.sys" 898952 18-02-2010 16:49 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" 891448 21-01-2008 04:25 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys" 891448 26-04-2008 10:26 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys" 897608 14-08-2009 19:07 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys" 897624 08-12-2009 22:52 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys" 898952 18-02-2010 16:49 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys" 891448 26-04-2008 10:08 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys" 900168 14-08-2009 19:01 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys" 900696 08-12-2009 22:37 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" 902024 18-02-2010 19:36 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys" 904776 14-08-2009 18:27 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys" 904776 08-12-2009 22:01 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys" 904576 18-02-2010 16:07 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys" 905784 14-08-2009 18:33 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys" 907832 08-12-2009 22:15 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys" 910216 18-02-2010 16:22 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys" 813568 14-08-2009 16:24 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys" 813568 08-12-2009 19:58 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys" 815104 18-02-2010 14:05 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys" 816640 15-08-2009 23:30 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys" 816640 08-12-2009 19:45 
"C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys" 818688 18-02-2010 13:51 
                                                                               
============= Finding copies of tcpip6.sys ===================================
                                                                               
============= Finding copies of termsrv.dll ==================================
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2ae\termsrv.dll" 449024 11-04-2009 08:28 
"C:\Windows\System32\termsrv.dll" 448512 21-01-2008 04:24 
"C:\Windows\System32\nl-NL\termsrv.dll.mui" 40960 21-01-2008 08:41 
"C:\Windows\winsxs\x86_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_537745ced1750626\termsrv.dll.mui" 34816 21-01-2008 08:35 
"C:\Windows\winsxs\x86_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_6.0.6001.18000_nl-nl_55ae07cace6016fa\termsrv.dll.mui" 40960 21-01-2008 08:41 
"C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll" 448512 21-01-2008 04:24 
                                                                              
============= Finding copies of userinit.exe =================================
"C:\Windows\System32\userinit.exe" 25088 21-01-2008 04:24 
"C:\Windows\System32\nl-NL\userinit.exe.mui" 4096 21-01-2008 08:33 
"C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_46c5d58e5e6f7df9\userinit.exe.mui" 4096 21-01-2008 08:33 
"C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe" 25088 21-01-2008 04:24 
                                                                              
============= Finding copies of user32.dll ===================================
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6002.18005_none_7cc3af8dde4f2233\user32.amx" 331742 11-04-2009 06:23 
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll" 627712 11-04-2009 08:28 
"C:\Windows\System32\user32.dll" 627200 21-01-2008 04:24 
"C:\Windows\System32\manifeststore\user32.amx" 331298 17-03-2009 03:14 
"C:\Windows\System32\nl-NL\user32.dll.mui" 21504 21-01-2008 08:40 
"C:\Windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.16834_none_78d58d0be41b7973\user32.amx" 354882 17-03-2009 02:55 
"C:\Windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.21029_none_796ed356fd2caf41\user32.amx" 350698 17-03-2009 02:55 
"C:\Windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_7ad83681e12d56e7\user32.amx" 350726 21-01-2008 04:24 
"C:\Windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.18230_none_7ab7ca89e145a508\user32.amx" 331298 17-03-2009 03:14 
"C:\Windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.22399_none_7b098a66fa8bd087\user32.amx" 331298 21-03-2009 02:57 
"C:\Windows\winsxs\x86_microsoft-windows-user32.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_f4d3272cb73a2540\user32.dll.mui" 21504 21-01-2008 08:35 
"C:\Windows\winsxs\x86_microsoft-windows-user32.resources_31bf3856ad364e35_6.0.6001.18000_nl-nl_f709e928b4253614\user32.dll.mui" 21504 21-01-2008 08:40 
"C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll" 627200 21-01-2008 04:24 
                                                                              
============= Finding copies of wininit.dll ==================================
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18005_none_03d46c899ef4dd32\wininet.dll" 828416 11-04-2009 08:28 
"C:\Windows\System32\wininet.dll" 833024 09-03-2010 18:28 
"C:\Windows\System32\nl-NL\wininet.dll.mui" 57344 21-01-2008 08:36 
"C:\Windows\winsxs\x86_microsoft-windows-i..mentation.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_cf25da67e5c61d88\wininet.dll.mui" 57344 21-01-2008 08:36 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll" 826368 21-02-2008 06:43 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16851_none_ffcda951a4d4204f\wininet.dll" 827392 24-04-2009 18:22 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16890_none_ffa16957a4f576bc\wininet.dll" 827392 18-07-2009 14:17 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16916_none_fffdec59a4af2c65\wininet.dll" 832512 27-08-2009 16:02 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16945_none_ffdc7c4ba4c866e1\wininet.dll" 832512 27-10-2009 17:05 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0\wininet.dll" 832512 18-12-2009 14:52 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.17037_none_ffe924eda4beb0e0\wininet.dll" 832512 09-03-2010 18:54 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll" 827392 22-02-2008 06:52 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21046_none_0066ef9cbde5561d\wininet.dll" 828928 24-04-2009 18:01 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21089_none_003eb0cabe0311e6\wininet.dll" 828928 18-07-2009 14:16 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21116_none_00876146bdccff71\wininet.dll" 840704 27-08-2009 15:40 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21148_none_0068f216bde385f2\wininet.dll" 841216 27-10-2009 15:18 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21184_none_0039b13ebe07905a\wininet.dll" 841216 18-12-2009 14:25 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21242_none_0062f240bde8eb0f\wininet.dll" 841216 09-03-2010 18:31 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll" 825856 21-01-2008 04:24 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll" 826880 22-02-2008 07:01 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\wininet.dll" 827904 24-04-2009 18:05 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\wininet.dll" 827904 18-07-2009 18:06 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18319_none_01e72bdda1d3095b\wininet.dll" 833024 27-08-2009 15:32 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18349_none_01c6bc19a1eb5d2e\wininet.dll" 833024 27-10-2009 15:20 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18385_none_01977b41a20f6796\wininet.dll" 833024 18-12-2009 15:05 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18444_none_01c1bc8da1efdba2\wininet.dll" 833024 09-03-2010 18:28 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll" 826880 22-02-2008 06:52 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22418_none_026fc85ebaf18fce\wininet.dll" 828416 24-04-2009 18:00 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22475_none_022be7f8bb24eb6f\wininet.dll" 828416 18-07-2009 13:56 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22508_none_027a9a30bae97104\wininet.dll" 834048 27-08-2009 15:17 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22550_none_023c8844bb193201\wininet.dll" 834048 27-10-2009 15:07 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22585_none_022119f2bb2d0487\wininet.dll" 834048 18-12-2009 14:24 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22653_none_023f8b08bb167b2d\wininet.dll" 834048 11-03-2010 18:40 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18024_none_03bdcc679f05fbbd\wininet.dll" 828416 23-04-2009 14:15 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18071_none_0384bbed9f313b6d\wininet.dll" 828416 18-07-2009 13:35 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18100_none_03cf6cfd9ef95ba6\wininet.dll" 834048 27-08-2009 14:40 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18130_none_03aefd399f11af79\wininet.dll" 834048 27-10-2009 16:11 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18167_none_03958f7b9f23b4ad\wininet.dll" 834048 16-12-2009 13:44 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18226_none_03bfd0c79f0428b9\wininet.dll" 834048 09-03-2010 17:42 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22121_none_04446854b8264f82\wininet.dll" 828416 24-04-2009 17:43 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22180_none_04028882b857ddd1\wininet.dll" 828928 18-07-2009 13:47 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22212_none_04503a70b81d4a0f\wininet.dll" 834048 27-08-2009 14:56 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22252_none_0424fac0b83db9d3\wininet.dll" 834048 27-10-2009 14:53 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22290_none_03f7ba7cb85ff6e9\wininet.dll" 834048 17-12-2009 14:04 
"C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22360_none_04182c26b847a03d\wininet.dll" 834560 11-03-2010 18:52 
                                                                              
============= Finding copies of winlogon.exe =================================
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe" 314368 11-04-2009 08:28 
"C:\Windows\System32\winlogon.exe" 314880 21-01-2008 04:24 
"C:\Windows\System32\nl-NL\winlogon.exe.mui" 32768 21-01-2008 08:40 
"C:\Windows\System32\wbem\winlogon.mof" 2794 18-09-2006 23:41 
"C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof" 2794 18-09-2006 23:41 
"C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_81cdc0ed90335d6d\winlogon.exe.mui" 32768 21-01-2008 08:34 
"C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_nl-nl_840482e98d1e6e41\winlogon.exe.mui" 32768 21-01-2008 08:40 
"C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe" 314880 21-01-2008 04:24 
                                                                              
******************************************************************************
                                                                              
Show all occurrences of specific system files that sometimes are infected     
by SpamTool.Win32 or Trojan.Win32.Patched.g, or Kobcka.Patched.  Seeing them  
listed does not mean they are infected.  They have to be checked for changes  
to attributes.   
                                                                              
============= Finding copies of ndis.sys  ====================================
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys" 527848 11-04-2009 08:32 
"C:\Windows\System32\drivers\ndis.sys" 529464 21-01-2008 04:23 
"C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys" 529464 21-01-2008 04:23 
                                                                              
============= Finding copies of ntfs.sys  ====================================
"C:\Windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys" 1083880 11-04-2009 08:32 
"C:\Windows\System32\drivers\ntfs.sys" 1081912 21-01-2008 04:23 
"C:\Windows\System32\drivers\nl-NL\ntfs.sys.mui" 73728 21-01-2008 08:36 
"C:\Windows\System32\wbem\ntfs.mof" 308 18-09-2006 23:39 
"C:\Windows\winsxs\x86_microsoft-windows-ntfs-mof_31bf3856ad364e35_6.0.6000.16386_none_92f285d74d281676\ntfs.mof" 308 18-09-2006 23:39 
"C:\Windows\winsxs\x86_microsoft-windows-ntfs.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_9b876bdfea522b47\ntfs.sys.mui" 73728 21-01-2008 08:36 
"C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys" 1081912 21-01-2008 04:23 
                                                                              
============= Finding copies of ws2_32.dll  ==================================
"C:\Windows\System32\ws2_32.dll" 179200 21-01-2008 04:24 
"C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll" 179200 21-01-2008 04:24 
******************************************************************************
                                                                              
Checking for .COM files to Delete. They will only print if deleted!           
                                                                              
                                                                              
                                                                              
******************************************************************************
                                                                              
Dumping HKLM Uninstall Programs list                                          
                                                                              
Torrent
A.V.A
Aangifte inkomstenbelasting 2009
Acer Arcade Live Main Page
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer eSettings Management
Acer GameZone Console DTV 2.0.1.1
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer HomeMedia
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3 - Nederlands
Adobe Shockwave Player 11.5
Agatha Christie Death on the Nile
Age of Empires III
Age of Empires III
Alice Greenfingers
ANNO 1602 Gold-Edition
Apple Application Support
Apple Software Update
ATI Catalyst Install Manager
AutoHotkey 1.0.91.03
Axife Mouse Recorder DEMO 5.01
Azada
Backspin Billiards
Big Kahuna Reef
BioShock
Bonjour
Bookworm Deluxe
Bricks of Egypt
Cake Mania
Camtasia Studio 6
Capitalism II
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Norwegian
CCC Help Spanish
CCC Help Swedish
CCleaner
Chariots of War
Cheat Engine 5.5
Cheat Engine 5.6
Chuzzle
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Conduit Engine
Cossacks - Back To War
DarKGunZ
Dev-C++ 5 beta 9 release (4.9.9.2)
Diner Dash Flo on the Go
Direct Show Ogg Vorbis Filter (remove only)
EAX4 Unified Redist
Electronic Arts Game Updater
Entropia Universe
eSobi v2
eSobi v2
Flip Words 2
FreeOTFE Explorer
FreeOTFE
FreeProxy version 3.92
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Growler Guncam
GvRng 4.4
Harvest - Massive Encounter
HashTab 1.14 for x32
Hotel Giant Demo
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HyperCam 2
ijji - Gunz
ijji REACTOR
Immortal Defense 1.1
IntelliJ IDEA Community Edition 9.0.2
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java DB 10.5.3.0
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 23
Java(TM) SE Development Kit 6 Update 16
Java(TM) SE Development Kit 6 Update 18
Jewel Quest Solitaire
Key Mouse Genie 4.1
Kick N Rush
LightScribe  1.4.142.1
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Professional Editie 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mines XP
Minesweeper Variants 1.1.0
MineSweeper3D (remove only)
Mozilla Firefox (3.5.2)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
Need For Speed - Porsche 2000
Nero ShowTime CE
NiftyWindows 0.9.3.1
Notepad++
NoteTab Pro 6 Trial (Remove only)
NTI Backup NOW! 4.7
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NTI CD & DVD-Maker
NVIDIA Drivers
Oblivion
Panda Internet Security 2009
Pando Media Booster
PGP Desktop
pidgin-otr 3.2.0-1
Pidgin
Proximodo 0.2.5
ProxyFirewall 1.0.4 Beta
QuickTime
Realtek High Definition Audio Driver
Rome - Total War
RS2Bot 1.00
RS2Bot
RS2Bot
RS2Bot
Scour Toolbar
SearchElf_1.2 Toolbar
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Shutter
Silkroad
Skins
Smugglers 4 Online Demo 1.1h
Solid State ION Internet Explorer Plugin
SpeedFan (remove only)
SPORET Creature Creator Demo Versie
Super Minesweeper Shareware
SUPERAntiSpyware
Switcher 2.0.0
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
TeamViewer 5
The lost Castle
Tom Clancy's Splinter Cell Double Agent
TortoiseSVN 1.6.7.18415 (32 bit)
TrafficBar 1.6
Turbo Pizza
TV Manager (Demo)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
uTorrentBar_NL Toolbar
VoipBuster
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
WinRAR archiver
Zuma Deluxe
******************************************************************************
End scan time          
It's Wed April 6, 2011  06:03:51 PM


Zipping newfiles.txt  
