So I'm trying to get a handle on the timestamp showing in my renewed / unexpired program UI and decide to take a look at some of the logs and see I have some rather specific timestamps as to when the program stopped and when it started back up. I think, though, the timestamp in my UI has changed (I mean the time zone setting, GMT/JST,etc.), which was why I started this latest bit of studying. And I have the time to do the studying.
Anyway, a few copies for anyone that might have thought I have been trying to pull a fast one and that I concocted all this. Of course, I'd have to download the entire files and do screenshots and all that if anyone wants to accuse me of doctoring those files. Will that be necessary?
Oh well, ...
usntr.log
5/13/2013 4:06:25 PM Processing file C:\Users\xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KNXBOFVY\jquery.tn3.min[1].js...
5/13/2013 4:06:25 PM --> Finished
5/13/2013 4:08:15 PM Processing file C:\Users\xxxxx\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{XXX REMOVED THIS XXX}.dat...
5/13/2013 4:08:15 PM --> Finished
5/13/2013 4:34:35 PM Processing file C:\Users\xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2J8J0M7Z\skeleton[1].js...
5/13/2013 4:34:35 PM --> Finished [2] [processing took 0 ms].
5/13/2013 4:34:35 PM Processing file C:\Users\xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KDXZFLF1\vce_st[2].js...
5/13/2013 4:34:35 PM --> Finished
5/13/2013 4:37:15 PM Processing file C:\Users\xxxxx\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{XXX REMOVED THIS XXX}.dat...
5/13/2013 4:37:15 PM --> Finished
5/24/2013 6:51:41 PM Processing file C:\Program Files\Internet Explorer\iexplore.exe...
5/24/2013 6:51:41 PM --> Finished
5/24/2013 6:51:42 PM Processing file C:\Program Files\Internet Explorer\IEShims.dll...
5/24/2013 6:51:42 PM --> Finished
5/24/2013 6:51:47 PM Processing file C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe...
5/24/2013 6:51:47 PM --> Finished
5/24/2013 7:51:02 PM Processing file C:\Users\xxxxx\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{XXX REMOVED THIS XXX}.dat...
5/24/2013 7:51:02 PM --> Finished
5/24/2013 9:18:07 PM Processing file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk...
5/24/2013 9:18:08 PM --> Finished
5/24/2013 9:18:13 PM Processing file C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe...
5/24/2013 9:18:13 PM --> Finished
5/24/2013 9:18:18 PM Processing file C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe...
5/24/2013 9:18:18 PM --> Finished
*****************************************************************
This is from the mail.log
5/13/2013 1:23:15 PM 00000710: SMTP Start: 1
5/13/2013 1:23:15 PM 00000710: SMTP RedirectPort: 25,587
5/13/2013 1:23:15 PM 00000710: IMAP Start: 1
5/13/2013 1:23:15 PM 00000710: IMAP RedirectPort: 143
5/13/2013 1:23:15 PM 00000710: NNTP Start: 1
5/13/2013 1:23:15 PM 00000710: NNTP RedirectPort: 119
5/13/2013 1:23:15 PM 00000710: POPs Start: 1
5/13/2013 1:23:15 PM 00000710: POPs RedirectPort: 995
5/13/2013 1:23:15 PM 00000710: SMTPs Start: 1
5/13/2013 1:23:15 PM 00000710: SMTPs RedirectPort: 465
5/13/2013 1:23:15 PM 00000710: IMAPs Start: 1
5/13/2013 1:23:15 PM 00000710: IMAPs RedirectPort: 993
5/13/2013 1:23:15 PM 00000710: NNTPs Start: 1
5/13/2013 1:23:15 PM 00000710: NNTPs RedirectPort: 563
5/24/2013 1:49:27 PM 0000114C: Started, Log = 15/24/2013 1:49:27 PM 0000114C: Build 7.0.1466
5/24/2013 1:49:27 PM 0000114C: OS Windows Vista Workstation (Service Pack 2)
5/24/2013 1:49:27 PM 0000114C: PopListen 127.0.0.1 12110
5/24/2013 1:49:27 PM 0000114C: SmtpListen 127.0.0.1 12025
5/24/2013 1:49:27 PM 0000114C: ImapListen 127.0.0.1 12143
5/24/2013 1:49:27 PM 0000114C: NntpListen 127.0.0.1 12119
5/24/2013 1:49:27 PM 0000114C: PopListenSSL 127.0.0.1 12995
5/24/2013 1:49:27 PM 0000114C: SmtpListenSSL 127.0.0.1 12465
5/24/2013 1:49:27 PM 0000114C: ImapListenSSL 127.0.0.1 12993
5/24/2013 1:49:27 PM 0000114C: NntpListenSSL 127.0.0.1 12563
5/24/2013 1:49:27 PM 0000114C: AutoRedirect 1
5/24/2013 1:49:27 PM 0000114C: IgnoreLocalhost 1
***************************************************************
Then there are the various bla-blaShield .txt, but here is the stop/start of the FileSystemShield,
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on:
Monday, May 13, 2013 1:23:15 PM*
*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on:
Friday, May 24, 2013 1:49:27 PM_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
By the way, if anyone thinks there's a security risk in my putting those up there please inform me pronto and I'll remove what you see as a risk. Thank you.