Part 2:
(((((((((((((((((((((((((((((
SnapShot@2009-08-10_05.11.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-05 01:45 . 2009-08-10 15:07 63212 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-10 15:07 92016 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-21 08:19 . 2009-08-10 15:07 17928 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4291981300-1112763165-1343636658-1000_UserData.bin
+ 2008-02-08 20:26 . 2009-08-10 17:33 84661 c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
+ 2007-10-18 08:33 . 2009-08-10 18:24 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-10-18 08:33 . 2009-08-10 05:10 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-10-18 08:33 . 2009-08-10 05:10 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-18 08:33 . 2009-08-10 18:24 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-18 08:33 . 2009-08-10 18:24 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-10-18 08:33 . 2009-08-10 05:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-10 15:05 . 2009-08-10 15:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-10 05:10 . 2009-08-10 05:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-10 05:10 . 2009-08-10 05:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-10 15:05 . 2009-08-10 15:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-08-10 15:12 598588 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-10 04:57 598588 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-10 04:57 102194 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-10 15:12 102194 c:\windows\System32\perfc009.dat
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-05-01 15:35 . 2009-08-10 17:22 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-01 15:35 . 2009-08-10 00:52 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\System32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCUI"="c:\progra~1\RINGCE~1\RINGCE~1\RCUI.exe" [2009-05-04 479232]
"RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2007-11-29 18944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^GATEKEEPER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\GATEKEEPER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):93,33,09,52,e3,de,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4291981300-1112763165-1343636658-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F86521EC-F013-4DEC-8ECF-394A3BA411AD}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1E7CD4B0-5C7B-4182-8E47-908AD1D3631A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{85777A53-A9B8-487C-8BB3-834527BFD7E2}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BD66770E-C9F6-4250-A095-42B33BB1ADA7}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BD0C338B-0175-43EB-8E50-502F4F30E264}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E230856B-4A8C-467F-93E3-26185C4B5B38}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F7DFD474-F2C9-4421-A152-1FBA59F2C5DF}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{4CF2EDE7-241E-4E1B-AC25-2431C75FBFC4}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{BDDF36F3-891A-49EF-BA5A-BBF79B66F7FA}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B154D3B3-6B86-46E6-A7D8-54074B2E1C5E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B8C68649-7917-4096-9D95-D1EEE03EE278}c:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:c:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{7BEF14A9-DDFF-4BFD-BF2F-407D6345208E}c:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:c:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"TCP Query User{DEF24318-0F44-40D7-8F5C-7C7D335F4385}c:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:c:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"UDP Query User{5A936BA0-E95E-43EB-BD8F-E88CB4F19405}c:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:c:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"TCP Query User{A0911BDE-4779-4665-9584-B2B58DD525DB}c:\\program files\\mail them pro\\mailthem.exe"= UDP:c:\program files\mail them pro\mailthem.exe:mailthem
"UDP Query User{8EF1B143-77BB-4052-9E77-DDF817AD94A2}c:\\program files\\mail them pro\\mailthem.exe"= TCP:c:\program files\mail them pro\mailthem.exe:mailthem
"TCP Query User{39B9655E-2CB1-47E0-A81E-CD383BD2A7DC}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{C9471E9F-6D71-4B68-8FA5-0D741F3E836E}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{9952D2F4-751D-4704-8955-378240ECC628}c:\\program files\\ringcentral\\ringcentral call controller\\rcui.exe"= UDP:c:\program files\ringcentral\ringcentral call controller\rcui.exe:RingCentral Call Controller
"UDP Query User{22ECD852-1E9A-48BB-A12F-F51F85C497B8}c:\\program files\\ringcentral\\ringcentral call controller\\rcui.exe"= TCP:c:\program files\ringcentral\ringcentral call controller\rcui.exe:RingCentral Call Controller
"TCP Query User{03034117-434A-4669-B0E3-60DB7AF273E7}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{94B2C525-0031-4DC8-A539-A3DA1A52677A}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{CC26188B-F158-43C5-A2F4-0044A5B4801F}c:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:c:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"UDP Query User{DE2062F3-B795-4379-A736-CC8D951614A3}c:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:c:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"TCP Query User{183ED917-139A-4B98-985F-3A6E9F4825E0}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{D62AF9BF-7C0E-40AD-89DF-E274F91CD3BF}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{5B2238EA-F7FA-4112-B61B-ED8D1691B39D}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{C6357DE0-2123-4D0E-BFB2-9A816B857F5F}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{4493E6AE-10BA-4DD4-9B94-950C78381951}c:\\users\\gatekeeper\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\vtkeqfyj\\housecall66[1].exe"= UDP:c:\users\gatekeeper\appdata\local\microsoft\windows\temporary internet files\content.ie5\vtkeqfyj\housecall66[1].exe:housecall66[1].exe
"UDP Query User{C47BE10D-CCEE-46D2-A2D2-039F1B5193E5}c:\\users\\gatekeeper\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\vtkeqfyj\\housecall66[1].exe"= TCP:c:\users\gatekeeper\appdata\local\microsoft\windows\temporary internet files\content.ie5\vtkeqfyj\housecall66[1].exe:housecall66[1].exe
"TCP Query User{004612BD-A197-4B54-AC79-B5F9D1805AC0}c:\\users\\gatekeeper\\music\\temp\\temporary internet files\\content.ie5\\5grm4c0s\\housecall66[1].exe"= UDP:c:\users\gatekeeper\music\temp\temporary internet files\content.ie5\5grm4c0s\housecall66[1].exe:housecall66[1].exe
"UDP Query User{07AFEB00-51F8-4F90-A3DA-26C95A938857}c:\\users\\gatekeeper\\music\\temp\\temporary internet files\\content.ie5\\5grm4c0s\\housecall66[1].exe"= TCP:c:\users\gatekeeper\music\temp\temporary internet files\content.ie5\5grm4c0s\housecall66[1].exe:housecall66[1].exe
"{1C1F66F4-BBDB-467A-AD97-5AFDC9458F07}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E4D9AF25-FBEE-4A17-93B3-3C10349B7514}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8B64B885-054F-49F3-BBBD-26D8F5AE47BE}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{6B28E4B9-4FC5-435F-90FD-0E770FBCB0C2}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{987FC20A-95EB-416D-AF60-501DCC1759E3}"= c:\program files\CyberLink\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express
"{0DF31155-E8B5-4EE0-89B9-23D81C34A06E}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{39422278-6B61-49BD-9297-0B6389595AC7}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6B3779C0-6D9C-49C3-AD05-231B86AE457D}"= UDP:c:\program files\MediaMall\MediaMallServer.exe:MediaMall Server
"{38623626-A89D-40F4-AFE9-C2143806EBA5}"= TCP:c:\program files\MediaMall\MediaMallServer.exe:MediaMall Server
"{C230316D-9950-4A81-A608-AF1087F1415E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2E857C18-70D9-4572-952D-55B1FF362D14}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{40261D61-BC2D-41DC-A82C-C7EB97910B1F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D45F0249-BACF-4FB4-B457-27F0B1ECF470}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{945B04D1-DFCF-4B9B-A95F-3E540943BE11}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes