View Single Post
  #10  
Old November 13th, 2012, 03:30 AM
JohnNgSF JohnNgSF is offline
Member
 
Join Date: Feb 2007
Posts: 89
========== Files/Folders - Created Within 30 Days ==========

[2012/11/10 12:27:29 | 000,000,000 | -HSD | C] -- C:\found.010
[2012/11/10 08:27:38 | 000,000,000 | -HSD | C] -- C:\found.009
[2012/11/10 01:18:13 | 000,000,000 | -HSD | C] -- C:\found.008
[2012/11/09 02:40:10 | 000,000,000 | -HSD | C] -- C:\found.007
[2012/11/09 02:00:32 | 000,000,000 | -HSD | C] -- C:\found.006
[2012/11/09 00:01:46 | 000,000,000 | -HSD | C] -- C:\found.005
[2012/11/08 21:59:50 | 000,000,000 | -HSD | C] -- C:\found.004
[2012/11/08 21:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/11/07 23:18:18 | 000,000,000 | -HSD | C] -- C:\found.003
[2012/11/07 21:35:46 | 000,000,000 | -HSD | C] -- C:\found.002
[2012/11/07 20:58:12 | 000,000,000 | -HSD | C] -- C:\found.001
[2012/11/07 20:19:20 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/10/31 18:44:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/17 21:13:14 | 000,000,000 | ---D | C] -- C:\Users\John Ng\AppData\Roaming\AVG2013
[2012/10/17 18:07:50 | 000,000,000 | ---D | C] -- C:\Users\John Ng\AppData\Roaming\TuneUp Software
[2012/10/17 18:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2009/07/21 18:34:35 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\John Ng\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/11/12 17:37:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/10 13:28:28 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/10 13:27:10 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/10 13:27:10 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/10 13:27:06 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1000UA.job
[2012/11/10 08:32:59 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/11/10 01:22:38 | 440,988,240 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/10 00:04:59 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1001UA.job
[2012/11/09 02:52:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/08 23:36:59 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1001UA.job
[2012/11/08 23:36:59 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1000UA.job
[2012/11/08 23:30:54 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/08 20:55:42 | 000,707,584 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/08 20:55:42 | 000,607,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/08 20:55:42 | 000,105,264 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/08 20:53:54 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/11/07 23:11:47 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/06 20:37:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1000Core.job
[2012/11/06 19:05:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1001Core.job
[2012/11/06 12:11:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1000Core.job
[2012/11/05 08:37:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1321519697-982857085-2448459735-1001Core.job
[2012/10/28 15:46:36 | 000,101,688 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/10/26 07:38:16 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/10/23 10:19:03 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/10/21 12:22:26 | 000,002,651 | ---- | M] () -- C:\Users\John Ng\Desktop\Microsoft Office Word 2007.lnk

========== Files Created - No Company Name ==========

[2012/10/17 18:07:51 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/17 22:43:26 | 000,000,071 | ---- | C] () -- C:\Users\John Ng\AppData\Roaming\mbam.context.scan
[2009/09/20 17:25:05 | 000,019,968 | ---- | C] () -- C:\Users\John Ng\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 21:16:15 | 000,000,760 | ---- | C] () -- C:\Users\John Ng\AppData\Roaming\setup_ldm.iss
[2009/08/09 21:33:29 | 000,005,972 | ---- | C] () -- C:\Users\John Ng\AppData\Local\d3d9caps.dat
[2009/08/01 13:14:26 | 000,000,000 | ---- | C] () -- C:\Users\John Ng\command
[2009/07/22 00:09:29 | 000,000,375 | ---- | C] () -- C:\Users\John Ng\Documents - Shortcut.lnk

========== ZeroAccess Check ==========

[2006/11/02 07:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 09:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/10 23:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 18:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
Reply With Quote