Hardware/Software . existing HP notebook with Win7 32bit Symptoms . to diagnose a virus attack, it helps to know, to the second, when a file was updated. With only a sorted ADMIN DIR output B 4 the restore, it could only log to the minute. Tho I eventually saw the files it created, seconds are more accurate in tracking the events THAT AREN'T SURPRESSED! Attempts to address . many; ... ... DIR; looked in help, tried /t w/DIRCMD, searched around; nothing. ...... It may be in physical order tho, so there may be SOME order ... explorer/prop just says "within 7 hours", eventually (days/weeks?) showing the second. HARDLY USEFUL AT THE TIME!! ... powershell showed the time to milliseconds, but only for a single file. Solution I wrote an MASM assembler program using INT21h/4E&Fh with an IBM mainframe flavor (a la VSAM) to chain&swap multiple active DTA requests per DIR (based on day (ie: TODAY)), like RPLs after POINTs. Using CMSort.exe w/the few hundred I get daily, I get a .txt file, for example, sorted to the millisecond, which runs surprisingly quick (<1min; 5sec when buffered) against the root drive: 2013/03/12 22:13:07.418 0000018939 a CMSORT.BAT C:\DAD\CMSort &C:\DAD\CMSort\CMSORT.BAT & I'd like to hear any other solutions anyone else has for this issue... ##### DSNTODAY system now available For anyone interested, my program is available here: http://users.foxvalley.net/~qcd/index4.htm If your platform is x86 and supports the Win32 API, download the .zip file to a DIRectory and extract it, then either make a Shortcut on your Desktop, double-click the .BAT file using Explorer, or use cmd.exe (the .BAT has the doc). In about a minute or so, the console window should PAUSE with this message: date&time 32bit Good: DSNTODAY=0,CMSort=N/A ... but the .log file in your extracted DIR now shows all the "non-System" files updated today on your C: drive in "alphabetical" order. The first run may have to perform disk I/O, but still should run in less than a minute. This "N/A" failure is just until the .BAT file knows about CMSort, when the file can be sorted by descending date&time. This is kinda what I was expecting PowerShell to do. An issue with a 'DIR /o-d' is that it doesn't span directories. I set this up to AUTOMATICALLY and SILENTLY run at intervals with Windows Task Scheduler, showing files&DIRs updated today; you can decide whether to append or over-write the .log file whenever and however you decide to run it. Perhaps businesses that offer guests Internet access would find this beneficial for both, or for parents monitoring what their children surf to, or for anyone that got infected to easily find the bogus file(s) and when they were implanted, or to find ANY files that have a logically-bogus date&time. Have fun... NOTE: CMSort.exe can be downloaded from here: http://www.chmaas.handshake.de/delphi/freeware/cmsort/cmsort.htm ##### Watch for any recently implanted executables I added an option to watch for any executable files that were recently implanted, or to list all executables, based on the PATHEXT Environment Variable, plus a few more. In addition, I can look at all 3 file timestamps at once. This means that, for example, if a file, such as a .dll, a .lnk, a .exe, or more, is CREATED by a trojan, even if its' attributes are System and/or Hidden, I'll now see any within 5 minutes (the minimum time allowed by WTS), and the sort places them at the top. This now replaces what I used to do manually every day using multiple sorted ADMIN DIR outputs for monitoring executables, while the regular run (as supplied) monitors any other files that are UPDATED.