Here the details:
Detection type : legal software that can be used by criminals for damaging your computer or personal data.
Name : PDM Keylogger
Action : Keylogger Activity.
Object : Kernel mode memory patch.
Now i installed Avast inter sec 5. i did a boot scan, No infections found.
Both kaspersky and Avast blocking some network intrusions. atleast 5 times a day (it showing some ip address)
I tried with Malwarebytes. nothing found.
Today i found "csrss.exe" running in background (found it in task manager and could not able to end the process). I google it, to know what exactly it is. Some say it is a trojan, keylogger & etc etc..
I need help..
I consider this is a threat to my security.
System info:
Windows 7 Ultimate.
Avast Internet sec 5.
Malwarebytes.
Here below is the DDS log file:
DDS (Ver_10-03-17.01) - NTFSx86
Run by HARI KRISHNAN at 10:57:43.39 on 09-Jun-10
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2010.1327 [GMT 5.5:30]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\HARI KRISHNAN\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.in/
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60111
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
================= FIREFOX ===================
FF - ProfilePath - c:\users\harikr~1\appdata\roaming\mozilla\firefox\profiles\mqcf44uk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - prefs.js: keyword.enabled - false
FF - component: c:\program files\crawler\firefox\components\xcomm.dll
FF - component: c:\program files\crawler\firefox\components\xshared.dll
FF - component: c:\program files\crawler\firefox\components\xsupport.dll
FF - component: c:\program files\crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-6-6 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-6-6 190416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-6-6 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-6-6 307280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-6 164048]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-3-23 95024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-6 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-6 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-6 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-6-6 119200]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-26 304464]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-6 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-6 40384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-26 20952]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-19 249888]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2010-5-15 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2010-5-15 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2010-5-15 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2010-5-15 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2010-5-15 98568]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-19 135664]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-3-12 583640]
=============== Created Last 30 ================
2010-06-08 18:45:17 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-08 18:45:17 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-08 18:45:14 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-08 18:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-08 18:44:56 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-08 07:52:35 0 d-----w- c:\users\harikr~1\appdata\roaming\AIMP
2010-06-08 07:52:19 0 d-----w- c:\program files\AIMP2
2010-06-06 18:04:39 307280 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-06-06 18:04:38 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-06-06 18:04:23 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-06-06 18:04:19 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-06 18:04:05 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-06-06 18:04:02 0 d-----w- c:\programdata\Alwil Software
2010-06-05 13:18:09 0 d-----w- c:\program files\Trend Micro
2010-06-04 17:58:59 3528 ---ha-w- C:\bootsqm.dat
2010-05-31 11:57:46 65536 --sha-w- c:\users\hari krishnan\ntuser.dat{70ed77b2-6ca3-11df-a621-001cc0e6a5e7}.TM.blf
2010-05-31 11:57:46 524288 --sha-w- c:\users\hari krishnan\ntuser.dat{70ed77b2-6ca3-11df-a621-001cc0e6a5e7}.TMContainer00000000000000000002.regtrans-ms
2010-05-31 11:57:46 524288 --sha-w- c:\users\hari krishnan\ntuser.dat{70ed77b2-6ca3-11df-a621-001cc0e6a5e7}.TMContainer00000000000000000001.regtrans-ms
2010-05-31 10:02:04 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-31 06:51:09 0 d-----w- c:\windows\system32\Adobe
2010-05-29 18:09:51 0 d-----w- c:\program files\CCleaner
2010-05-29 11:29:34 632 --sha-r- c:\users\hari krishnan\ntuser.pol
2010-05-26 18:31:32 207 ----a-w- c:\windows\POD.INI
2010-05-26 11:04:18 0 d-----w- c:\users\harikr~1\appdata\roaming\Malwarebytes
2010-05-26 11:04:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-26 11:04:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-26 11:04:08 0 d-----w- c:\programdata\Malwarebytes
2010-05-26 11:04:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-21 15:55:15 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-21 13:43:18 65536 --sha-w- c:\users\hari krishnan\ntuser.dat{412cbbd2-64bc-11df-a26a-001cc0e6a5e7}.TM.blf
2010-05-21 13:43:18 524288 --sha-w- c:\users\hari krishnan\ntuser.dat{412cbbd2-64bc-11df-a26a-001cc0e6a5e7}.TMContainer00000000000000000002.regtrans-ms
2010-05-21 13:43:18 524288 --sha-w- c:\users\hari krishnan\ntuser.dat{412cbbd2-64bc-11df-a26a-001cc0e6a5e7}.TMContainer00000000000000000001.regtrans-ms
2010-05-15 13:46:38 100488 ----a-w- c:\windows\system32\drivers\s115mgmt.sys
2010-05-15 13:46:37 12424 ----a-w- c:\windows\system32\drivers\s115cmnt.sys
2010-05-15 13:46:37 12424 ----a-w- c:\windows\system32\drivers\s115cm.sys
2010-05-15 13:46:36 98568 ----a-w- c:\windows\system32\drivers\s115obex.sys
2010-05-15 13:46:34 108680 ----a-w- c:\windows\system32\drivers\s115mdm.sys
2010-05-15 13:46:32 15112 ----a-w- c:\windows\system32\drivers\s115mdfl.sys
2010-05-15 13:46:31 83208 ----a-w- c:\windows\system32\drivers\s115bus.sys
2010-05-14 12:52:28 0 d-----w- c:\program files\Crawler
2010-05-11 18:29:36 524288 --sha-w- c:\users\hari krishnan\ntuser.dat{87e4bb29-5d2a-11df-84f7-001cc0e6a5e7}.TMContainer00000000000000000002.regtrans-ms
2010-05-11 18:29:36 524288 --sha-w- c:\users\hari krishnan\ntuser.dat{87e4bb29-5d2a-11df-84f7-001cc0e6a5e7}.TMContainer00000000000000000001.regtrans-ms
2010-05-11 18:29:35 65536 --sha-w- c:\users\hari krishnan\ntuser.dat{87e4bb29-5d2a-11df-84f7-001cc0e6a5e7}.TM.blf
2010-05-11 13:01:32 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-11 13:01:25 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-11 12:47:22 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-11 12:35:46 1498 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-05-11 10:28:14 0 d-----w- c:\windows\Downloaded Installations
==================== Find3M ====================
2010-06-07 06:34:10 701772 ----a-w- c:\windows\system32\perfh00A.dat
2010-06-07 06:34:10 139206 ----a-w- c:\windows\system32\perfc00A.dat
2010-03-14 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-07-18 02:15:12 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat
2009-07-18 02:15:11 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat
2009-07-18 02:15:11 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat
2009-07-18 02:15:11 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-12-13 18:44:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120720091214\index.dat
2009-12-13 18:44:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121420091215\index.dat
2009-12-16 10:10:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121620091217\index.dat
2009-12-13 12:01:10 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\privacie\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 10:58:20.22 ===============