Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer stuck on FBI moneypak virus screen [Solved]


  • This topic is locked This topic is locked

#61
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Ok let's try last know good configuration.

  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Last Known Good Configuration", as shown here:
    Posted Image

  • 0

Advertisements


#62
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Update:
It is displaying another screen.
"windows boot manager
Windows has encountered a problem communicating with a device connected to your computer.
This error can be caused by unplugging a removable storage device such as an external USB drive while the device is in use, or by faulty hardware such as a hard drive or CD-ROM drive that is failing. Make sure any removable storage is properly connected and then restart your computer.
If you continue to see this error message, contact the hardware manufacturer.

Status:0xc00000e9
Info: an expected I/O error has occured

Enter=continue"
  • 0

#63
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
After I hit enter, the next screen is this:
Choose an operating system to start,or press tab to select a tool:
Windows setup [EMS Enabled]




To specify zn advanced option for this choice, press f8.



Tools:
Windows memory diagnostic


Enter=choose. Tab=menu. Esc=cancel
  • 0

#64
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
The notices you are getting are indicating a hardware failure of your hard drive.

HDD Diagnose

Let's diagnose your HD.

Run hard drive diagnostics: http://www.tacktech....ay.cfm?ttid=287
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.

NOTE. If your hard drive is made by Toshiba, try the Hitachi DFT CD Image version of the software
  • 0

#65
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Hello,
How do I figure out which hard drive I have without being able to turn on my laptop? This is the link to the laptop I have:
http://store.sony.co...ditionalImage1"
It doesn't say Sony on the page that you directed me to download the program.
  • 0

#66
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
OK when it boots up at the SONY screen press F2 or if it shows something different for Setup or Bios.

Then you will find the hard drive on one of the screens, it will have letters and numbers for what it is. Please let me know those letters and numbers.
  • 0

#67
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Hard disk drive: 320GB
  • 0

#68
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Normally it will have something else about the drive there so we need to try a different tack.

I believe the computer was not booting up on the CD the last time so let's make sure it is set to boot from the CD drive.

Insert the CD we made with the recovery environment in post #59.

When it starts and you see the SONY screen it should say F12 or some key to select Boot Menu.

Make sure it is booting from the CD and follow the instructions in post #59.

If it does not run from the CD then you will need to change the boot order in the BIOS by going into the BIOS again using F2 putting the CD/DVD drive first in the boot order.
  • 0

#69
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Hello,
I finally got the laptop to boot from the CD (made a new CD and it worked); however, on the screen where I am supposed to click on my operating system, there are no options. I did click where it says load from drivers and it opened up a window but I had no clue what to pick. After closing it, just for the heck of it, I clicked on next and it actually worked and took me to the next screen where I can click on command prompt. I am hesitating to follow through with the rest of the steps, since I did not pick an operating system in the previous step. I will just wait for your response when you are back. Have a good weekend!
  • 0

#70
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Great work to get a command prompt :thumbsup:

Now go to the command prompt again with the CD.

Step 1.

Enter System Recovery Options.



On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt

Then at the prompt type: sfc /scannow

Notice: Leave a single space between sfc and /scannow.


Then press Enter and it will run. Once it completes please make note of any message and post it here.

Then reboot into Normal Mode.


Step 2.

  • Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
    Posted Image
  • Copy the line below and paste it at the command prompt. Then press Enter

    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt
  • The file sfcdetails.txt will now be on your desktop. Please open it , Edit | select all | copy and paste it in your next reply.

  • 0

Advertisements


#71
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Hello,
I typed the command in and this is what it said:
"beginning system scan. this process will take some time.
Windows resource protection could not perform the requested operation.
x:\Sources>"
Is it because I did not pick out an operating system? It didn't give me an option to pick one out so I just clicked next and clicked on command prompt.
  • 0

#72
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.



To enter System Recovery Options by using the Recovery disc:
  • Insert the disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
Posted Image
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#73
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I downloaded the file and plugged the usb drive in and got as far as the screen where I have to pick my operating system. I still have no options there. Should I go ahead and click next to get to command prompt or click on load drivers?

Edited by Maya_k, 03 September 2012 - 08:25 PM.

  • 0

#74
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Hello,
I went ahead and clicked next just to see if it would work and it did. I am attaching the file.

Attached Files

  • Attached File  FRST.txt   36.03KB   86 downloads

  • 0

#75
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
I am going to post the log here for easier review.

9:47 PM 9/3/2012Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 02-09-2012 03
Ran by SYSTEM at 03-09-2012 21:33:49
Running from F:\
Windows Vista ™ Business (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-07] (Synaptics, Inc.)
HKLM\...\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [24576 2008-02-19] (Sony Electronics, Inc.)
HKLM\...\Run: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [77824 2008-06-27] (Sony Electronics Corporation)
HKLM\...\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [290816 2007-08-27] ()
HKLM\...\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup [367128 2008-06-13] (Intel Corporation)
HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup [48904 2008-04-03] (UPEK Inc.)
HKLM\...\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [65256 2010-02-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Athan] C:\Program Files\Athan\Athan.exe [1146880 2010-03-27] (www.IslamicFinder.org)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288080 2009-07-17] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [273544 2011-08-12] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3508624 2011-11-29] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\AFSHEEN KHAN\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\AFSHEEN KHAN\...\Run: [AdobeBridge] [x]
HKU\AFSHEEN KHAN\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\AFSHEEN KHAN\...\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\AFSHEEN KHAN\...\Run: [Google Update] "C:\Users\AFSHEEN KHAN\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-09] (Google Inc.)
HKU\AFSHEEN KHAN\...\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [4686848 2012-06-05] (Veoh Networks)
HKU\AFSHEEN KHAN\...\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s [935312 2011-11-29] (Samsung)
HKU\AFSHEEN KHAN\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2011-11-29] ()
HKU\AFSHEEN KHAN\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\AFSHEEN KHAN\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-02] (Google Inc.)
HKU\AFSHEEN KHAN\...\Run: [Windows Update Server] C:\Users\AFSHEEN KHAN\f50313d9-5762.exe [x]
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Guest\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin [686792 2012-08-14] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\Users\AFSHEEN KHAN\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\AFSHEEN KHAN\Start Menu\Programs\Startup\_uninst_.lnk
ShortcutTarget: _uninst_.lnk -> (No File)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

========================== Services (Whitelisted) ========================

2 Giraffic; C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe --service [2232504 2012-07-02] (Giraffic)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 msfwsvc; "C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe" [869952 2007-11-27] (Microsoft Corporation)
2 OcHealthMon; "C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe" [26120 2010-02-05] (Microsoft Corporation)
2 OneCareMP; "C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe" [18704 2008-07-09] (Microsoft Corporation)
2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2008-06-13] (Intel Corporation)
2 USB Access Restriction; C:\Program Files\Sony\USB Access Restriction Setting\USB Access Restriction.exe [59232 2008-03-31] (Sony Corporation)
2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-10] (Sony Corporation)
2 winss; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [1141112 2010-02-05] (Microsoft Corporation)
2 FastUserSwitchingCompatibility; C:\Windows\system32\FastUserSwitchingCompatibilityex.dll [x]
2 IviRegMgr; c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [x]
3 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

==================== Drivers (Whitelisted) ===================

3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
2 cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x32.sys [12672 2009-03-26] (Windows ® Codename Longhorn DDK provider)
0 d85819b532b8f062; C:\Windows\System32\Drivers\d85819b532b8f062.sys [68864 2012-08-05] () ATTENTION =====> Rootkit?
3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20032 2011-11-29] (Devguru Co., Ltd)
3 hitmanpro35; \??\C:\Windows\system32\drivers\hitmanpro35.sys [20552 2011-06-23] ()
3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows ® Win 7 DDK provider)
3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [103424 2009-01-23] (QUALCOMM Incorporated)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
3 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [53168 2008-05-15] (Microsoft Corporation)
2 MSFWDrv; C:\Windows\System32\DRIVERS\msfwdrv.sys [91200 2007-11-27] (Microsoft Corporation)
1 MSFWHLPR; C:\Windows\System32\DRIVERS\msfwhlpr.sys [37440 2007-11-27] (Microsoft Corporation)
3 NETwNv32; C:\Windows\System32\DRIVERS\NETwNv32.sys [6680064 2010-07-14] (Intel Corporation)
3 PTUMWBus; C:\Windows\System32\DRIVERS\PTUMWBus.sys [54544 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWCDF; C:\Windows\System32\DRIVERS\PTUMWCDF.sys [22032 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWFLT; C:\Windows\System32\DRIVERS\PTUMWFLT.sys [12048 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWMdm; C:\Windows\System32\DRIVERS\PTUMWMdm.sys [160400 2009-10-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTUMWNET; C:\Windows\System32\DRIVERS\PTUMWNET.sys [115216 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWVsp; C:\Windows\System32\DRIVERS\PTUMWVsp.sys [160400 2009-10-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45648 2010-08-11] (Sonic Solutions)
0 shpf; C:\Windows\System32\DRIVERS\shpf.sys [21408 2007-10-09] (Sony Corporation)
3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181432 2011-10-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys [14080 2012-07-31] ()
2 5762; \??\C:\Users\AFSHEE~1\AppData\Local\Temp\5762.sys [x]
3 anvsoftf2v; C:\Windows\System32\drivers\anvsoftf2v.sys [x]
3 catchme; \??\C:\Users\AFSHEE~1\AppData\Local\Temp\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NETw5v32; C:\Windows\System32\DRIVERS\NETw5v32.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
4 UIUSys; C:\Windows\System32\DRIVERS\UIUSYS.SYS [x]

==================== NetSvcs (Whitelisted) =================


============ One Month Created Files and Folders ==============

2012-09-03 21:33 - 2012-09-03 21:33 - 00000000 ____D C:\FRST
2012-08-28 10:41 - 2012-08-28 10:41 - 00134928 ____A C:\Windows\Minidump\Mini082812-01.dmp
2012-08-26 12:11 - 2012-08-26 12:11 - 00462848 ____A C:\Users\AFSHEEN KHAN\AppData\Local\vewcnmov.exe
2012-08-26 10:33 - 2012-08-26 10:33 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{F8FB9F80-BCE1-4110-A67E-884F9C2A21D9}
2012-08-26 08:55 - 2012-08-26 08:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-08-25 22:17 - 2012-08-25 22:18 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{32BE119F-92C0-47B5-B108-7AF5E9B76A0D}
2012-08-25 21:57 - 2012-08-25 21:57 - 00000000 ____D C:\Users\AFSHEEN KHAN\Documents\BatmanBeginsAllLanguages
2012-08-25 21:54 - 2012-08-25 21:55 - 00000000 ____D C:\Users\AFSHEEN KHAN\Documents\A.Reham Sudais + Urdu Translation 2.1 GB
2012-08-25 21:50 - 2012-08-25 21:50 - 00000000 ____D C:\Users\AFSHEEN KHAN\Documents\Batman.Begins.2005.720p.BluRay.DTS.x264-ESiR [PublicHD]
2012-08-25 20:02 - 2012-08-25 20:02 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{2CF69A43-AA04-49BF-88F9-776447113F55}
2012-08-25 20:00 - 2012-08-25 20:00 - 00135416 ____A C:\Windows\Minidump\Mini082512-01.dmp
2012-08-24 09:55 - 2012-08-24 09:56 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{9EE67DB5-CB89-4725-998F-F1001F99E4F1}
2012-08-23 21:23 - 2012-08-23 21:23 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{67930A5B-DA90-13E6-12CD-D566F2A4AE3E}
2012-08-23 12:24 - 2012-08-23 12:24 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{78977124-8428-5D2A-0C81-D825EC4EB62D}
2012-08-23 10:39 - 2012-08-23 10:39 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{A84F220C-F631-0CC7-F8FF-2079D8D5A6B4}
2012-08-23 10:11 - 2012-08-23 10:12 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{66A564E9-DF55-407A-8DDB-4F35CEAB2DB3}
2012-08-22 16:38 - 2012-08-22 16:38 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{95503354-C031-4499-A3FF-95BB1AA199EF}
2012-08-22 13:42 - 2012-08-22 13:42 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{5728EEBD-5C83-41E5-8015-998F936082FA}
2012-08-21 19:37 - 2012-08-21 19:38 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{80E0AF51-BB4E-42D2-95F3-9892BAB2F1D5}
2012-08-21 00:02 - 2012-08-21 00:02 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{D2AD190F-5AC9-4C0C-8459-F79D227C6B4A}
2012-08-17 15:56 - 2012-08-17 15:57 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{77DB4F6D-96E2-43A5-AE15-066717451B1A}
2012-08-17 15:56 - 2012-08-17 15:56 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{2DF3CE21-19E1-4B5F-A1CB-35CF1A37D2EF}
2012-08-17 15:52 - 2012-08-17 15:52 - 00139048 ____A C:\Windows\Minidump\Mini081712-01.dmp
2012-08-16 09:09 - 2012-08-16 09:10 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{115A89D5-FEB4-495B-8D29-1F870C6C388E}
2012-08-16 09:09 - 2012-08-16 09:09 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{A1A997FB-6B34-4113-AEE0-914619D53BB0}
2012-08-14 09:03 - 2012-08-14 09:03 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{ED060A17-67AC-4602-A0C4-1B3AE0C0D5F4}
2012-08-14 09:02 - 2012-08-14 09:03 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{8B1FD8BD-3958-4FFE-96F5-D98736C6F95F}
2012-08-12 12:26 - 2012-08-12 12:27 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{89F0B8D8-83A5-4406-A44D-E96095C75930}
2012-08-12 12:26 - 2012-08-12 12:26 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{3855079B-F2B0-4517-90B9-BF52FA29742D}
2012-08-11 10:38 - 2012-08-11 10:38 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{049966C3-A8A9-4216-85BF-103D45D87EB3}
2012-08-11 10:37 - 2012-08-11 10:38 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{3601E2C7-06F1-431E-B316-14DF225DE662}
2012-08-09 23:29 - 2012-08-09 23:29 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{DAF11C1E-ABBB-F52E-2427-D20D0408BB92}
2012-08-09 22:07 - 2012-08-26 10:32 - 00000000 ___RD C:\Users\AFSHEEN KHAN\Dropbox
2012-08-09 22:07 - 2012-08-09 22:07 - 00000948 ____A C:\Users\AFSHEEN KHAN\Desktop\Dropbox.lnk
2012-08-09 22:05 - 2012-08-09 22:05 - 00000000 ____D C:\Program Files\Dropbox
2012-08-09 22:02 - 2012-08-26 10:32 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Roaming\Dropbox
2012-08-09 14:50 - 2012-08-09 14:50 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{076B2363-4C75-49F2-9A3D-195A6D0296E4}
2012-08-09 14:49 - 2012-08-09 14:50 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{6025605F-19CF-4C9E-B93F-A1235AAFB20B}
2012-08-08 21:24 - 2012-08-08 21:27 - 01560670 ____A C:\Users\AFSHEEN KHAN\Desktop\Tickets.ai
2012-08-08 19:22 - 2012-08-08 19:22 - 00013229 ____A C:\Users\AFSHEEN KHAN\Documents\mom's fall 2012.txt
2012-08-08 19:07 - 2012-08-08 19:08 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{F17F1C53-F7AE-47CB-9D96-1815496BD1FA}
2012-08-08 19:07 - 2012-08-08 19:07 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{5ABB6E50-104F-4D77-A77C-CE4B55EE33A6}
2012-08-08 14:51 - 2012-08-08 14:52 - 03941299 ____A C:\Users\AFSHEEN KHAN\Desktop\Final_Poster.jpg.dwg
2012-08-08 12:04 - 2012-08-08 12:04 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{BBAB8E51-E2A3-40F1-8FBA-DF426F7D40EC}
2012-08-08 00:54 - 2012-08-08 00:54 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{57F90403-0617-4E3E-AA36-1529F9D3882A}
2012-08-08 00:53 - 2012-08-08 00:54 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{283993B8-4D9E-441E-8E2E-A817A05B3617}
2012-08-07 21:15 - 2012-08-07 21:15 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{C5CC97C8-5BA0-C72D-5E0E-B9FC3DE5BF96}
2012-08-07 18:52 - 2012-08-07 18:52 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{E76C31F5-78A8-7AA5-0586-9BF0E54876E8}
2012-08-07 18:40 - 2012-08-08 15:20 - 03585527 ____A C:\Users\AFSHEEN KHAN\Desktop\dinner flyer.ai
2012-08-07 14:43 - 2012-08-08 12:27 - 01422193 ____A C:\Users\AFSHEEN KHAN\Desktop\label.ai
2012-08-07 13:41 - 2012-08-07 13:34 - 01543982 ____A C:\Users\AFSHEEN KHAN\Desktop\realistic_water.rar
2012-08-07 09:00 - 2012-08-07 09:00 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{41AC36AB-CC84-4785-8498-F3BF6479393A}
2012-08-07 08:57 - 2012-08-07 08:58 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{9A050CA2-9EF4-4B39-94FE-2A291395A61E}
2012-08-07 08:57 - 2012-08-07 08:57 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{31F45EB9-0A8F-4548-A07D-FC6BBEB0FF8B}
2012-08-06 23:01 - 2012-08-06 23:01 - 00818096 ____A C:\Users\AFSHEEN KHAN\Desktop\h2o logo.ai
2012-08-06 15:56 - 2012-08-06 15:56 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{77E94A4D-1E83-46F9-BD5A-E36358F73138}
2012-08-06 15:55 - 2012-08-06 15:56 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{679590E1-70B4-40D7-83C0-0D6C7F5B7F2C}
2012-08-06 11:35 - 2012-08-06 11:35 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{965BEA8E-6DB8-4B25-865B-3D5A2BE62E5C}
2012-08-06 00:53 - 2012-08-06 02:32 - 03629820 ____A C:\Users\AFSHEEN KHAN\Untitled-1.ai
2012-08-05 22:49 - 2012-08-05 22:49 - 03602781 ____A C:\Users\AFSHEEN KHAN\Documents\Untitled-1.ai
2012-08-05 20:33 - 2012-08-05 20:33 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{E01F2952-D181-49B1-B04B-D523BF91A276}
2012-08-05 12:34 - 2012-08-05 11:26 - 14985298 ____A C:\Users\AFSHEEN KHAN\Desktop\globes.eps
2012-08-05 11:23 - 2012-08-05 11:23 - 00000000 ____D C:\Users\AFSHEEN KHAN\Documents\Adobe Scripts
2012-08-05 11:21 - 2012-07-26 07:54 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-05 08:41 - 2012-08-05 12:41 - 00000368 ____A C:\Users\All Users\lpSv5bowgfReTj
2012-08-05 08:41 - 2012-08-05 12:41 - 00000072 ____A C:\Users\All Users\-lpSv5bowgfReTjr
2012-08-05 08:41 - 2012-08-05 12:41 - 00000072 ____A C:\Users\All Users\-lpSv5bowgfReTj
2012-08-05 08:39 - 2012-08-05 08:39 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{3B509B4B-2F8A-A4F7-4617-55FC25F7F338}
2012-08-05 07:47 - 2012-08-05 07:47 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{0B0805B4-D88B-49A0-8FCA-3648EEEF2081}
2012-08-05 07:46 - 2012-08-05 07:47 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{40407ED4-255E-4D59-B0B9-220102A080F1}
2012-08-05 07:27 - 2012-08-05 07:27 - 00000000 ____D C:\Users\AFSHEEN KHAN\AppData\Local\{8671455E-CBF6-4A19-8025-E809F989F34D}
2012-08-05 07:23 - 2012-08-05 07:23 - 00068864 ____A C:\Windows\System32\Drivers\d85819b532b8f062.sys

============ 3 Months Modified Files ========================

2012-08-29 10:23 - 2010-10-26 17:24 - 207284363 ____A C:\Windows\MEMORY.DMP
2012-08-29 10:23 - 2006-11-02 05:00 - 00122804 ____A C:\Windows\PFRO.log
2012-08-28 10:42 - 2012-05-16 23:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-28 10:42 - 2008-07-31 10:31 - 00002140 ____A C:\Windows\bthservsdp.dat
2012-08-28 10:42 - 2006-11-02 05:01 - 00032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-28 10:42 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-28 10:41 - 2012-08-28 10:41 - 00134928 ____A C:\Windows\Minidump\Mini082812-01.dmp
2012-08-28 10:41 - 2011-06-15 18:14 - 00000318 __ASH C:\Windows\Tasks\Thnqb.job
2012-08-28 10:41 - 2006-11-02 04:47 - 00003744 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-28 10:41 - 2006-11-02 04:47 - 00003744 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-27 12:07 - 2010-08-30 21:23 - 00001356 ____A C:\Users\AFSHEEN KHAN\AppData\Local\d3d9caps.dat
2012-08-26 12:11 - 2012-08-26 12:11 - 00462848 ____A C:\Users\AFSHEEN KHAN\AppData\Local\vewcnmov.exe
2012-08-26 12:01 - 2010-07-03 07:40 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-26 11:53 - 2011-06-09 18:01 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1340476193-1627373412-1124528107-1003UA.job
2012-08-26 10:40 - 2012-06-24 11:31 - 15339346 ____A C:\Users\AFSHEEN KHAN\Desktop\outdoor_travel_theme_icon_vector_153217.zip
2012-08-26 10:40 - 2012-06-18 22:40 - 07805548 ____A C:\Users\AFSHEEN KHAN\Desktop\FreeVector-Ants-Vector.zip
2012-08-26 10:31 - 2010-07-03 07:40 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-26 10:25 - 2010-01-13 10:02 - 01390709 ____A C:\Windows\WindowsUpdate.log
2012-08-25 20:00 - 2012-08-25 20:00 - 00135416 ____A C:\Windows\Minidump\Mini082512-01.dmp
2012-08-23 16:31 - 2006-11-02 02:33 - 00810286 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-22 16:30 - 2011-06-09 18:01 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1340476193-1627373412-1124528107-1003Core.job
2012-08-17 15:52 - 2012-08-17 15:52 - 00139048 ____A C:\Windows\Minidump\Mini081712-01.dmp
2012-08-14 10:42 - 2012-07-26 20:42 - 09826504 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-08-14 10:42 - 2012-05-16 23:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-14 10:42 - 2011-09-01 19:05 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-11 12:47 - 2012-06-25 22:44 - 117117376 ____A C:\Users\AFSHEEN KHAN\Desktop\BBQ_Invitation_1.avi
2012-08-11 12:47 - 2010-08-04 00:42 - 00137728 ____A C:\Users\AFSHEEN KHAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-09 22:07 - 2012-08-09 22:07 - 00000948 ____A C:\Users\AFSHEEN KHAN\Desktop\Dropbox.lnk
2012-08-08 21:27 - 2012-08-08 21:24 - 01560670 ____A C:\Users\AFSHEEN KHAN\Desktop\Tickets.ai
2012-08-08 19:22 - 2012-08-08 19:22 - 00013229 ____A C:\Users\AFSHEEN KHAN\Documents\mom's fall 2012.txt
2012-08-08 15:20 - 2012-08-07 18:40 - 03585527 ____A C:\Users\AFSHEEN KHAN\Desktop\dinner flyer.ai
2012-08-08 14:52 - 2012-08-08 14:51 - 03941299 ____A C:\Users\AFSHEEN KHAN\Desktop\Final_Poster.jpg.dwg
2012-08-08 12:27 - 2012-08-07 14:43 - 01422193 ____A C:\Users\AFSHEEN KHAN\Desktop\label.ai
2012-08-07 13:34 - 2012-08-07 13:41 - 01543982 ____A C:\Users\AFSHEEN KHAN\Desktop\realistic_water.rar
2012-08-06 23:01 - 2012-08-06 23:01 - 00818096 ____A C:\Users\AFSHEEN KHAN\Desktop\h2o logo.ai
2012-08-06 02:32 - 2012-08-06 00:53 - 03629820 ____A C:\Users\AFSHEEN KHAN\Untitled-1.ai
2012-08-05 22:49 - 2012-08-05 22:49 - 03602781 ____A C:\Users\AFSHEEN KHAN\Documents\Untitled-1.ai
2012-08-05 14:27 - 2012-07-26 09:12 - 00014668 ____A C:\Users\AFSHEEN KHAN\Desktop\unhide.txt
2012-08-05 12:41 - 2012-08-05 08:41 - 00000368 ____A C:\Users\All Users\lpSv5bowgfReTj
2012-08-05 12:41 - 2012-08-05 08:41 - 00000072 ____A C:\Users\All Users\-lpSv5bowgfReTjr
2012-08-05 12:41 - 2012-08-05 08:41 - 00000072 ____A C:\Users\All Users\-lpSv5bowgfReTj
2012-08-05 11:26 - 2012-08-05 12:34 - 14985298 ____A C:\Users\AFSHEEN KHAN\Desktop\globes.eps
2012-08-05 07:23 - 2012-08-05 07:23 - 00068864 ____A C:\Windows\System32\Drivers\d85819b532b8f062.sys
2012-08-03 22:31 - 2012-08-03 22:31 - 00000368 ____A C:\Users\All Users\eftt3Gi6riJKnq
2012-08-03 22:31 - 2012-08-03 22:31 - 00000072 ____A C:\Users\All Users\-eftt3Gi6riJKnqr
2012-08-03 22:31 - 2012-08-03 22:31 - 00000072 ____A C:\Users\All Users\-eftt3Gi6riJKnq
2012-08-01 23:01 - 2012-08-01 22:57 - 141980320 ____A C:\Users\AFSHEEN KHAN\Desktop\setup_11.0.0.1245.x01_2012_08_02_09_06.exe
2012-08-01 19:45 - 2012-08-01 19:45 - 04722680 ____R (Swearware) C:\Users\AFSHEEN KHAN\Desktop\ComboFix.exe
2012-07-31 15:05 - 2012-07-31 15:05 - 00001232 ____A C:\Users\AFSHEEN KHAN\Desktop\RKreport[3].txt
2012-07-31 14:56 - 2012-07-31 14:56 - 00004206 ____A C:\Users\AFSHEEN KHAN\Desktop\RKreport[2].txt
2012-07-31 14:51 - 2012-07-31 14:51 - 00003277 ____A C:\Users\AFSHEEN KHAN\Desktop\RKreport[1].txt
2012-07-31 14:43 - 2012-07-31 14:43 - 00014080 ____A C:\Windows\System32\Drivers\TrueSight.sys
2012-07-30 10:59 - 2012-07-25 20:49 - 00000366 ____A C:\rkill.log
2012-07-28 23:54 - 2012-07-24 10:01 - 00000087 ___SH C:\Users\AFSHEEN KHAN\AppData\Roaming\winset.ini
2012-07-28 17:16 - 2012-07-28 17:16 - 00139096 ____A C:\Windows\Minidump\Mini072812-01.dmp
2012-07-27 00:08 - 2012-07-27 00:08 - 00143528 ____A C:\Windows\Minidump\Mini072712-01.dmp
2012-07-26 16:17 - 2006-11-02 04:52 - 00081372 ____A C:\Windows\setupact.log
2012-07-26 10:20 - 2012-07-26 10:20 - 00000987 ____A C:\Users\AFSHEEN KHAN\systemlog
2012-07-26 07:54 - 2012-08-05 11:21 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-26 02:42 - 2012-07-26 02:42 - 00140128 ____A C:\Windows\Minidump\Mini072612-01.dmp
2012-07-26 01:03 - 2012-07-26 01:03 - 00178692 ____A C:\Windows\System32\c_726522.nls
2012-07-25 19:58 - 2012-07-25 19:58 - 00140920 ____A C:\Windows\Minidump\Mini072512-01.dmp
2012-07-22 21:27 - 2012-07-22 21:09 - 00000112 ____A C:\Users\All Users\lKoZb6nps1b8zh
2012-07-22 21:18 - 2012-07-22 21:09 - 00000096 ____A C:\Users\All Users\-lKoZb6nps1b8zhr
2012-07-22 21:18 - 2012-07-22 21:09 - 00000096 ____A C:\Users\All Users\-lKoZb6nps1b8zh
2012-07-22 21:09 - 2012-07-22 21:09 - 00000607 ____A C:\Users\AFSHEEN KHAN\Desktop\File_Recovery.lnk
2012-07-18 12:32 - 2012-07-18 12:32 - 00001131 ____A C:\Users\Guest\Desktop\Stories of The Prophets.lnk
2012-07-18 12:32 - 2012-07-18 12:32 - 00001131 ____A C:\Users\AFSHEEN KHAN\Desktop\Stories of The Prophets.lnk
2012-07-18 11:41 - 2012-07-18 11:41 - 00000140 ____A C:\Windows\winamp.ini
2012-07-14 16:36 - 2006-11-02 04:47 - 03753512 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-13 00:07 - 2006-11-02 02:23 - 00000377 ____A C:\Windows\win.ini
2012-07-13 00:02 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-13 00:01 - 2012-07-13 00:01 - 00271150 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-09 22:18 - 2012-07-09 22:18 - 31898392 ____A C:\Users\AFSHEEN KHAN\Desktop\Mehndi mix.wav
2012-07-09 22:09 - 2012-07-09 22:09 - 31781868 ____A C:\Users\AFSHEEN KHAN\Desktop\aaja nachle.wav
2012-07-09 20:09 - 2012-07-09 20:07 - 36501072 ____A C:\Users\AFSHEEN KHAN\Desktop\Naureen Appi Mehndi Mix for Anum.wav
2012-07-08 07:02 - 2012-07-08 06:55 - 00002377 ____A C:\Users\Guest\Desktop\Skype.lnk
2012-07-03 10:46 - 2012-07-26 07:53 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-29 09:58 - 2012-06-29 09:58 - 00000132 ____A C:\Users\AFSHEEN KHAN\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-29 09:58 - 2012-06-19 21:07 - 07009750 ____A C:\Users\AFSHEEN KHAN\Desktop\3_food_pyramid_vector_155207.zip
2012-06-26 21:34 - 2012-06-26 21:34 - 00001992 ____A C:\Users\AFSHEEN KHAN\Desktop\Veoh Web Player.lnk
2012-06-26 11:39 - 2012-06-26 11:39 - 00013465 ____A C:\Users\AFSHEEN KHAN\Desktop\girl photo toms carpet cleaning_full.jpeg
2012-06-25 22:43 - 2012-06-25 21:04 - 00000038 ____A C:\Windows\camcodec100.ini
2012-06-25 22:41 - 2012-06-25 22:42 - 36699136 ____A C:\Users\AFSHEEN KHAN\Desktop\BBQ_Invitation.avi
2012-06-25 22:41 - 2012-06-25 22:39 - 00000067 ____A C:\Users\AFSHEEN KHAN\Desktop\BBQ_Invitation.txt
2012-06-25 21:22 - 2012-06-25 21:21 - 01707366 ____A C:\Users\AFSHEEN KHAN\Desktop\VirtualDub-1.9.11.zip
2012-06-25 21:00 - 2012-06-25 21:00 - 00034510 ____A C:\Users\AFSHEEN KHAN\Desktop\CamStudioCodec-1.4-w32.zip
2012-06-25 20:41 - 2012-06-25 20:31 - 00000067 ____A C:\Windows\swf2avi.INI
2012-06-25 20:31 - 2012-06-25 20:31 - 00000885 ____A C:\Users\AFSHEEN KHAN\Desktop\iWisoft Flash SWF to Video Converter.lnk
2012-06-25 16:15 - 2012-06-25 16:15 - 07302429 ____A C:\Users\AFSHEEN KHAN\Desktop\Obaid_BBQ.mov
2012-06-25 15:36 - 2012-07-26 09:26 - 00000887 ____A C:\Users\Public\Desktop\AnvSoft Flash to Video Converter.lnk
2012-06-25 14:51 - 2012-07-26 09:26 - 00001124 ____A C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
2012-06-25 14:50 - 2012-06-25 14:50 - 00000914 ____A C:\Users\AFSHEEN KHAN\Desktop\Free FLV Converter.lnk
2012-06-25 14:27 - 2012-06-25 14:27 - 00000816 ____A C:\Users\Guest\Desktop\Handbrake.lnk
2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\System32\msxml4.dll
2012-06-24 11:29 - 2012-06-24 11:29 - 01706056 ____A C:\Users\AFSHEEN KHAN\Desktop\barbecue-grill.rar
2012-06-19 21:43 - 2012-06-19 21:43 - 06067448 ____A C:\Users\AFSHEEN KHAN\Desktop\food_quality_vectors_146768.zip
2012-06-19 21:10 - 2012-06-19 21:09 - 31792430 ____A C:\Users\AFSHEEN KHAN\Desktop\set_of_fruits_vector_graphics_147976.zip
2012-06-19 21:09 - 2012-06-19 21:08 - 11446502 ____A C:\Users\AFSHEEN KHAN\Desktop\green_detailed_vector_icons_146806.zip
2012-06-19 21:06 - 2012-06-19 21:05 - 03272835 ____A C:\Users\AFSHEEN KHAN\Desktop\food_cooking_vector_art_5380.zip
2012-06-19 21:05 - 2012-06-19 21:05 - 02977182 ____A C:\Users\AFSHEEN KHAN\Desktop\birthday_vector_goods_and_fast_food_153194.zip
2012-06-19 20:56 - 2012-06-19 20:56 - 04424306 ____A C:\Users\AFSHEEN KHAN\Desktop\cartoon_basket_04_vector_156493.zip
2012-06-18 22:37 - 2012-06-18 22:37 - 00045964 ____A C:\Users\AFSHEEN KHAN\Desktop\ant_55940.zip
2012-06-18 21:19 - 2012-06-18 21:19 - 00565121 ____A C:\Users\AFSHEEN KHAN\Desktop\vector-grass.zip
2012-06-18 20:36 - 2012-06-18 20:36 - 00084137 ____A C:\Users\AFSHEEN KHAN\Desktop\BBQ.fxg
2012-06-13 05:40 - 2012-07-13 00:08 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 12:15 - 2012-07-26 09:26 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-08 09:47 - 2012-07-11 09:11 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-06 19:02 - 2012-07-26 09:26 - 00000947 ____A C:\Users\Public\Desktop\HTC Sync.lnk


ZeroAccess:
C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}
C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\@
C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\L
C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U
C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\L\[email protected]
C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\L\201d3dde
C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\[email protected]
C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\[email protected]
C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\[email protected]
C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\[email protected]
C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\[email protected]

ZeroAccess:
C:\Users\AFSHEEN KHAN\AppData\Local\{8aae17e6-5e51-4061-d77f-f0b85161e693}
C:\Users\AFSHEEN KHAN\AppData\Local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\@
C:\Users\AFSHEEN KHAN\AppData\Local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\L
C:\Users\AFSHEEN KHAN\AppData\Local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\n
C:\Users\AFSHEEN KHAN\AppData\Local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U
C:\Users\AFSHEEN KHAN\AppData\Local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\L\[email protected]

ZeroAccess:
C:\Users\Guest\AppData\Local\{8aae17e6-5e51-4061-d77f-f0b85161e693}
C:\Users\Guest\AppData\Local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\@
C:\Users\Guest\AppData\Local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\L
C:\Users\Guest\AppData\Local\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-07-31 12:20:42
Restore point made on: 2012-08-07 20:13:21
Restore point made on: 2012-08-25 21:56:09
Restore point made on: 2012-08-25 22:19:53

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3003.36 MB
Available physical RAM: 2551.96 MB
Total Pagefile: 2787.36 MB
Available Pagefile: 2634.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:291.7 GB) (Free:74.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF
3 Drive e: (Recovery) (Fixed) (Total:6.39 GB) (Free:0.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (UNTITLED) (Removable) (Total:1.89 GB) (Free:1.75 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 993 KB
Disk 1 Online 1937 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 6540 MB 1024 KB
Partition 2 Primary 292 GB 6541 MB
Partition 3 Primary 1360 KB 298 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 6540 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 292 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1937 MB 1024 B

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 F UNTITLED FAT32 Removable 1937 MB Healthy

==================================================================================

Last Boot: 2012-08-28 11:42

==================== End Of Log =============================
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP