Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program


  • This topic is locked This topic is locked
12 replies to this topic

#1 ComputerDELL

ComputerDELL

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 PM

Posted 23 April 2012 - 05:34 PM

My computer has been stuck in restart loop for 2 hours now and it can't seem to stop! I tried using system repair but that does not seem to be of any help at all!
I'am so worried! It also keep showing a blue screen saying STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program .

I've tried to find solutions and many are saying this is related to AVG the anti-virus but i don't even have that anti-virus
I would appreciate a tons if anyone could help me! Thank SO much!

Edited by Orange Blossom, 23 April 2012 - 06:03 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:31 PM

Posted 23 April 2012 - 05:43 PM

Hi,

This is generally caused by malware, I will have a mod move this thread to the Virus Removal Forum,

in the meantime, please run the following:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 ComputerDELL

ComputerDELL
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 PM

Posted 23 April 2012 - 06:36 PM

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 24-04-2012 04:33:20
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6629480 2011-04-14] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-05] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-05] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-05] (Intel Corporation)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10365952 2011-05-19] (Intel Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-04-29] ()
HKLM\...\Run: [McPvTray_exe] "C:\Program Files\McAfee\MAT\McPvTray.exe" [436384 2011-04-08] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2825741 2011-04-29] ()
HKLM-x32\...\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2009-01-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [290088 2009-01-06] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [1694128 2011-11-09] (iMesh, Inc)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296056 2012-01-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2011-11-22] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Arshad-3\...\Run: [Google Update] "C:\Users\Arshad-3\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-24] (Google Inc.)
HKU\Arshad-3\...\Run: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000 [338296 2011-10-20] (Uniblue Systems Limited)
HKU\Arshad-3\...\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe [478720 2011-05-15] (Crossrider)
HKU\Arshad-3\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation)
HKU\Arshad-3\...\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray [x]
HKU\Arshad-3\...\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81912 2012-01-02] (PC Utilities Pro)
HKU\Arshad-3\...\CurrentVersion\Windows: [Load] C:\Users\Arshad-3\AppData\Local\Temp\{62722~1.EXE
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-20] (Adobe Systems Incorporated)
2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [1166848 2011-08-08] (Intel Corporation)
2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [132424 2008-11-07] (Apple Inc.)
2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [921664 2011-05-19] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1335360 2011-05-19] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [995392 2011-05-19] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-06-03] (Intel® Corporation)
2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [166912 2012-03-08] (Dell Products, LP.)
3 iPod Service; "C:\Program Files (x86)\iPod\bin\iPodService.exe" [536872 2009-01-06] (Apple Inc.)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2011-10-18] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-12-06] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-12-06] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [161168 2011-11-18] (McAfee, Inc.)
2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [231224 2010-04-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
2 RichVideo; "C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe" [247152 2009-04-17] ()
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 ShockMgr; C:\Windows\System32\wudfrd.dll [6656 2009-07-13] (Oak Technology Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]
3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 AMPPAL; C:\Windows\System32\Drivers\AMPPAL.sys [299008 2011-08-08] (Windows ® Win 7 DDK provider)
3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [299008 2011-08-08] (Windows ® Win 7 DDK provider)
3 Apowersoft_AudioDevice; C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [51712 2011-05-19] (Intel Corporation)
3 btmaux; C:\Windows\System32\Drivers\btmaux.sys [53248 2011-05-19] (Intel Corporation)
3 btmhsf; C:\Windows\System32\Drivers\btmhsf.sys [282624 2011-07-19] (Intel Corporation)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2011-07-19] (Intel Corporation)
3 intaud_WaveExtensible; C:\Windows\System32\drivers\intelaud.sys [34200 2011-05-17] (Intel Corporation)
3 iwdbus; C:\Windows\System32\Drivers\iwdbus.sys [25496 2011-05-17] (Intel Corporation)
0 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [71800 2011-04-11] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
3 NETwNs64; C:\Windows\System32\Drivers\NETwNs64.sys [8604672 2011-08-03] (Intel Corporation)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [125376 2011-11-14] (Power Software Ltd)
3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: ShockMgr

============ One Month Created Files and Folders ==============

2012-04-24 04:00 - 2012-04-24 03:57 - 0000000 ____D C:\FRST
2012-04-24 03:26 - 2011-11-19 11:47 - 0000000 ____D C:\Emergency
2012-04-23 22:43 - 2009-07-13 20:39 - 0101468 ____A C:\Windows\ntbtlog.txt
2012-04-23 14:53 - 2012-04-23 14:53 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-23 14:53 - 2012-04-23 14:53 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-23 14:53 - 2009-07-13 22:20 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-23 14:52 - 2011-12-21 23:33 - 0908576 ____A (Sun Microsystems, Inc.) C:\Users\Arshad-3\Downloads\chromeinstall-6u31.exe
2012-04-23 14:43 - 2009-07-13 20:39 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-22 22:22 - 2012-04-22 22:22 - 0000342 ____A C:\Windows\Tasks\At48.job
2012-04-22 22:22 - 2012-04-22 22:22 - 0000342 ____A C:\Windows\Tasks\At47.job
2012-04-22 22:22 - 2012-04-22 22:22 - 0000342 ____A C:\Windows\Tasks\At46.job
2012-04-22 22:22 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At45.job
2012-04-22 22:21 - 2012-04-23 15:05 - 0000340 ____A C:\Windows\Tasks\At1.job
2012-04-22 22:21 - 2012-04-23 15:00 - 0000342 ____A C:\Windows\Tasks\At42.job
2012-04-22 22:21 - 2012-04-23 15:00 - 0000340 ____A C:\Windows\Tasks\At18.job
2012-04-22 22:21 - 2012-04-23 14:00 - 0000342 ____A C:\Windows\Tasks\At41.job
2012-04-22 22:21 - 2012-04-23 14:00 - 0000340 ____A C:\Windows\Tasks\At17.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000342 ____A C:\Windows\Tasks\At39.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000342 ____A C:\Windows\Tasks\At38.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000342 ____A C:\Windows\Tasks\At37.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000342 ____A C:\Windows\Tasks\At36.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000342 ____A C:\Windows\Tasks\At35.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000342 ____A C:\Windows\Tasks\At34.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000342 ____A C:\Windows\Tasks\At33.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000342 ____A C:\Windows\Tasks\At32.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000342 ____A C:\Windows\Tasks\At31.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000340 ____A C:\Windows\Tasks\At9.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000340 ____A C:\Windows\Tasks\At8.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000340 ____A C:\Windows\Tasks\At7.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000340 ____A C:\Windows\Tasks\At6.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000340 ____A C:\Windows\Tasks\At4.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000340 ____A C:\Windows\Tasks\At3.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000340 ____A C:\Windows\Tasks\At16.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000340 ____A C:\Windows\Tasks\At15.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000340 ____A C:\Windows\Tasks\At14.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000340 ____A C:\Windows\Tasks\At13.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000340 ____A C:\Windows\Tasks\At12.job
2012-04-22 22:21 - 2012-04-23 13:23 - 0000340 ____A C:\Windows\Tasks\At11.job
2012-04-22 22:21 - 2012-04-23 02:00 - 0000342 ____A C:\Windows\Tasks\At40.job
2012-04-22 22:21 - 2012-04-23 02:00 - 0000342 ____A C:\Windows\Tasks\At29.job
2012-04-22 22:21 - 2012-04-23 01:00 - 0000342 ____A C:\Windows\Tasks\At30.job
2012-04-22 22:21 - 2012-04-23 01:00 - 0000342 ____A C:\Windows\Tasks\At28.job
2012-04-22 22:21 - 2012-04-23 00:01 - 0000340 ____A C:\Windows\Tasks\At20.job
2012-04-22 22:21 - 2012-04-23 00:00 - 0000342 ____A C:\Windows\Tasks\At27.job
2012-04-22 22:21 - 2012-04-22 23:48 - 0000340 ____A C:\Windows\Tasks\At10.job
2012-04-22 22:21 - 2012-04-22 23:22 - 0000342 ____A C:\Windows\Tasks\At26.job
2012-04-22 22:21 - 2012-04-22 22:22 - 0000340 ____A C:\Windows\Tasks\At5.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At44.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At43.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At25.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At24.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At23.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At22.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At21.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At2.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At19.job
2012-04-22 22:21 - 2011-11-19 11:11 - 0092672 ____A (Microsoft Corporation) C:\Users\All Users\v5HKJ6iG.exe
2012-04-22 22:21 - 2011-11-19 11:11 - 0092672 ____A (Microsoft Corporation) C:\Users\All Users\Application Data\v5HKJ6iG.exe
2012-04-22 22:21 - 2011-11-19 11:11 - 0092672 ____A (Microsoft Corporation) C:\ProgramData\v5HKJ6iG.exe
2012-04-21 23:55 - 2011-11-30 13:29 - 0000000 ____D C:\Users\Arshad-3\Downloads\Mirror Mirror (2012) DVD - Rip
2012-04-21 22:13 - 2009-07-13 20:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-21 22:12 - 2012-04-23 15:30 - 0000000 ____D C:\Windows\system64
2012-04-21 22:07 - 2012-03-22 17:20 - 28239820 ____A (Apowersoft ) C:\Users\Arshad-3\Downloads\video-download-capture (2).exe
2012-04-20 18:05 - 2012-04-20 18:05 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-20 17:11 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-20 17:10 - 2009-07-13 20:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-20 17:10 - 2009-06-10 16:10 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-20 17:09 - 2012-04-20 16:51 - 0166292 ____A C:\Users\Arshad-3\Downloads\Aimersoft.Dvd.Studio.Pack.2.4.serial.maker.zip
2012-04-20 17:01 - - 0001277 ____A C:\Users\Arshad-3\Desktop\Aimersoft DVD Studio Pack.lnk
2012-04-20 17:00 - 2012-01-04 18:08 - 0000000 ____D C:\Program Files (x86)\Aimersoft
2012-04-20 16:50 - 2012-04-20 16:35 - 0015620 ____A C:\Users\Arshad-3\Downloads\Aimersoft DVD Studio Pack 2.4.0.0 KeyGen -TrT [h33t].torrent
2012-04-20 16:32 - 2011-12-18 01:28 - 35291522 ____A ( ) C:\Users\Arshad-3\Downloads\aimer-dvd-creator_full242.exe
2012-04-20 02:12 - 2012-04-21 22:14 - 0002308 ____A C:\Users\Arshad-3\Desktop\Free Video to DVD Converter.lnk
2012-04-20 02:09 - 2012-04-20 01:58 - 25407280 ____A (DVDVideoSoft Ltd. ) C:\Users\Arshad-3\Downloads\FreeVideoToDVDConverter.exe
2012-04-20 01:57 - 2012-01-13 00:04 - 17229528 ____A (DVDVideoSoft Ltd. ) C:\Users\Arshad-3\Downloads\FreeDVDVideoBurner.exe
2012-04-20 01:52 - 2012-04-11 21:17 - 6118990 ____A (LIGHTNING UK!) C:\Users\Arshad-3\Downloads\SetupImgBurn_2.5.7.0.exe
2012-04-20 00:21 - 2011-11-24 22:37 - 0000000 ____D C:\Users\Arshad-3\Application Data\AVS4YOU
2012-04-20 00:21 - 2011-11-24 22:37 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\AVS4YOU
2012-04-20 00:19 - 2012-04-20 17:01 - 0001243 ____A C:\Users\Arshad-3\Desktop\AVS Video Converter.lnk
2012-04-20 00:19 - 2012-01-13 00:13 - 0000000 ____D C:\Program Files (x86)\AVS4YOU
2012-04-20 00:19 - 2011-11-24 20:26 - 0000000 ____D C:\Users\All Users\AVS4YOU
2012-04-20 00:19 - 2011-11-24 20:26 - 0000000 ____D C:\Users\All Users\Application Data\AVS4YOU
2012-04-20 00:19 - 2011-11-24 20:26 - 0000000 ____D C:\ProgramData\AVS4YOU
2012-04-20 00:19 - 2010-11-20 22:24 - 1700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2012-04-20 00:19 - 2010-11-20 22:24 - 0024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2012-04-20 00:19 - 2004-10-12 13:40 - 11137024 ____A (Intel Corporation) C:\Windows\SysWOW64\libmfxsw32.dll
2012-04-20 00:07 - 2012-02-17 11:29 - 0000000 ____D C:\Users\Arshad-3\My Documents\DreamVideoSoft
2012-04-20 00:07 - 2012-02-17 11:29 - 0000000 ____D C:\Users\Arshad-3\Documents\DreamVideoSoft
2012-04-20 00:06 - 2012-03-13 17:03 - 6251172 ____A (TopVideoSoft,Inc. ) C:\Users\Arshad-3\Downloads\dream-mkv-converter.exe
2012-04-19 23:16 - 2012-04-18 00:13 - 0010185 ____A C:\Users\Arshad-3\Downloads\Xilisoft MKV Converter 6.0.12 build 0914 key [h33t].torrent
2012-04-19 22:57 - 2012-04-19 23:16 - 0006342 ____A C:\Users\Arshad-3\Downloads\Xilisoft_MKV_Converter_5.1.23_build-0424_Incl_serial_[Bit-Byte].5073181.TPB.torrent
2012-04-19 22:26 - 2012-02-19 11:01 - 0000000 ____D C:\Users\Arshad-3\Desktop\New folder
2012-04-19 14:34 - 2011-12-14 01:45 - 0057856 ____A C:\Users\Arshad-3\Downloads\910119e0d4685e2b0d51d58ee5a3899c.doc
2012-04-19 00:32 - 2012-03-22 13:34 - 0092160 ____A C:\Users\Arshad-3\Downloads\b3b42fcef7cf37a04f6dbe75e095ff95.doc
2012-04-18 22:17 - 2012-04-02 22:42 - 0059392 ____A C:\Users\Arshad-3\My Documents\RESUME.doc
2012-04-18 22:17 - 2012-04-02 22:42 - 0059392 ____A C:\Users\Arshad-3\Documents\RESUME.doc
2012-04-18 00:21 - 2012-04-19 22:57 - 2741826 ____A (Media Finder ) C:\Users\Arshad-3\Downloads\Xilisoft_MKV_Converter_5.1.exe
2012-04-18 00:15 - 2012-04-21 22:10 - 0002085 ____A C:\Users\Public\Desktop\Xilisoft MKV Converter.lnk
2012-04-18 00:15 - 2012-04-21 22:10 - 0002085 ____A C:\Users\All Users\Desktop\Xilisoft MKV Converter.lnk
2012-04-18 00:15 - 2011-12-11 14:23 - 0000000 ____D C:\Users\Arshad-3\Application Data\Xilisoft
2012-04-18 00:15 - 2011-12-11 14:23 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\Xilisoft
2012-04-18 00:14 - 2012-03-22 17:10 - 0000000 ____D C:\Program Files (x86)\Xilisoft
2012-04-18 00:14 - 2011-11-24 19:25 - 0000000 ____D C:\Users\All Users\Xilisoft
2012-04-18 00:14 - 2011-11-24 19:25 - 0000000 ____D C:\Users\All Users\Application Data\Xilisoft
2012-04-18 00:14 - 2011-11-24 19:25 - 0000000 ____D C:\ProgramData\Xilisoft
2012-04-18 00:10 - 2012-01-09 19:57 - 35440682 ____A C:\Users\Arshad-3\Downloads\x-mkv-converter6.exe
2012-04-17 14:00 - 2012-04-10 14:57 - 0069124 ____A C:\Users\Arshad-3\Downloads\t4a_2011_english (1).pdf
2012-04-17 13:58 - 2012-03-22 13:34 - 0073574 ____A C:\Users\Arshad-3\Downloads\t2202a_2011_english (1).pdf
2012-04-15 19:59 - 2011-11-19 11:32 - 0000000 ____D C:\divx
2012-04-15 14:36 - 2012-03-03 10:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{D812553B-67CF-442D-8FB7-6B46BD141108}
2012-04-15 14:36 - 2012-03-03 10:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{D812553B-67CF-442D-8FB7-6B46BD141108}
2012-04-15 14:36 - 2012-03-03 10:37 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{D812553B-67CF-442D-8FB7-6B46BD141108}
2012-04-15 14:36 - 2012-03-01 14:00 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{EEDCF7C1-EEB2-48F9-86B4-8EA2687DD249}
2012-04-15 14:36 - 2012-03-01 14:00 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{EEDCF7C1-EEB2-48F9-86B4-8EA2687DD249}
2012-04-15 14:36 - 2012-03-01 14:00 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{EEDCF7C1-EEB2-48F9-86B4-8EA2687DD249}
2012-04-14 20:23 - 2012-03-31 15:31 - 0000000 ____D C:\Users\Arshad-3\Downloads\Aliens.in.the.Attic[2009]DvDrip-x264-AAC[Eng]-MKVGuy
2012-04-14 13:55 - 2012-03-23 10:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{12D22109-DBDD-42DC-9561-3255FBFE5A15}
2012-04-14 13:55 - 2012-03-23 10:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{12D22109-DBDD-42DC-9561-3255FBFE5A15}
2012-04-14 13:55 - 2012-03-23 10:37 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{12D22109-DBDD-42DC-9561-3255FBFE5A15}
2012-04-14 13:54 - 2012-03-11 19:02 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{0B1D519B-5091-40EF-AC40-F844B6188601}
2012-04-14 13:54 - 2012-03-11 19:02 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{0B1D519B-5091-40EF-AC40-F844B6188601}
2012-04-14 13:54 - 2012-03-11 19:02 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{0B1D519B-5091-40EF-AC40-F844B6188601}
2012-04-13 21:49 - 2012-03-22 17:09 - 0000000 ____D C:\Users\Arshad-3\Downloads\Housefull 2 2012 480p DVDSCR Hindi Srkfan
2012-04-13 14:36 - 2011-12-11 14:23 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{9EEA8F24-1C87-4B3E-A68F-99821C7BA4B9}
2012-04-13 14:36 - 2011-12-11 14:23 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{9EEA8F24-1C87-4B3E-A68F-99821C7BA4B9}
2012-04-13 14:36 - 2011-12-11 14:23 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{9EEA8F24-1C87-4B3E-A68F-99821C7BA4B9}
2012-04-13 12:14 - 2011-12-18 00:38 - 1339939 ____A C:\Users\Arshad-3\Desktop\Photo0049.jpg
2012-04-12 12:46 - 2012-03-27 07:44 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{3DE058E4-14E5-45A4-BE19-A06FC26D0C62}
2012-04-12 12:46 - 2012-03-27 07:44 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{3DE058E4-14E5-45A4-BE19-A06FC26D0C62}
2012-04-12 12:46 - 2012-03-27 07:44 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{3DE058E4-14E5-45A4-BE19-A06FC26D0C62}
2012-04-11 21:27 - 2011-12-11 19:28 - 0000000 ____D C:\Users\Arshad-3\Application Data\Optimizer Pro
2012-04-11 21:27 - 2011-12-11 19:28 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\Optimizer Pro
2012-04-11 21:20 - 2011-12-01 00:06 - 0000000 ____D C:\Users\All Users\Codecv
2012-04-11 21:20 - 2011-12-01 00:06 - 0000000 ____D C:\Users\All Users\Application Data\Codecv
2012-04-11 21:20 - 2011-12-01 00:06 - 0000000 ____D C:\ProgramData\Codecv
2012-04-11 21:20 - 2011-11-26 03:05 - 0000000 ____D C:\Program Files (x86)\Optimizer Pro
2012-04-11 21:19 - 2012-02-01 00:49 - 0283320 ____A (Premium) C:\Users\Arshad-3\Downloads\Codec-V.exe
2012-04-11 21:17 - 2011-12-07 16:02 - 0447402 ____A (http://www.vgrabber.com) C:\Users\Arshad-3\Downloads\setup.exe
2012-04-11 02:01 - 2012-02-28 02:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-11 02:01 - 2012-02-28 01:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-11 02:01 - 2012-02-28 01:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-11 02:01 - 2012-02-28 01:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-11 02:01 - 2012-02-28 01:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-11 02:01 - 2012-02-27 20:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-11 02:01 - 2012-02-27 20:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-11 02:01 - 2012-02-27 20:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-11 02:01 - 2012-02-27 20:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-11 02:01 - 2012-02-27 20:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-11 02:01 - 2011-11-19 12:06 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-11 02:01 - 2011-11-19 12:06 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-11 02:01 - 2011-11-19 11:45 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-11 02:01 - 2011-11-19 11:45 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-11 02:01 - 2011-11-19 11:45 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-11 02:01 - 2011-11-19 11:45 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-11 02:01 - 2011-11-19 11:45 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-11 02:01 - 2011-11-19 11:45 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-11 02:01 - 2011-11-19 11:45 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-11 02:01 - 2011-11-19 11:45 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-11 02:01 - 2010-11-20 22:24 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-11 02:01 - 2010-11-20 22:23 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-11 02:01 - 2009-07-13 20:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-11 02:01 - 2009-07-13 20:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-11 02:01 - 2009-07-13 20:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-11 02:01 - 2009-07-13 20:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-11 02:01 - 2009-07-13 20:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-11 02:01 - 2009-07-13 20:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-11 02:01 - 2009-07-13 20:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-11 02:00 - 2009-07-13 20:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-11 02:00 - 2009-07-13 20:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-11 02:00 - 2009-07-13 20:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-11 02:00 - 2009-07-13 20:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-11 02:00 - 2009-07-13 20:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-11 02:00 - 2009-07-13 20:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-11 02:00 - 2009-07-13 20:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-10 14:58 - 2012-04-17 14:00 - 0069124 ____A C:\Users\Arshad-3\Downloads\t4a_2011_english.pdf
2012-04-10 14:57 - 2012-04-17 13:58 - 0073574 ____A C:\Users\Arshad-3\Downloads\t2202a_2011_english.pdf
2012-04-09 19:01 - 2011-12-06 20:46 - 6660224 ____A C:\Users\Arshad-3\Downloads\pardes - meri mehbooba.mp3
2012-04-09 19:00 - 2012-03-31 15:33 - 3449701 ____A C:\Users\Arshad-3\Downloads\o meri mehbooba (remix).mp3
2012-04-09 12:56 - 2011-12-14 01:46 - 0946688 ____A (Apowersoft) C:\Users\Arshad-3\Downloads\Video Download Capture.exe
2012-04-09 12:45 - 2011-01-07 16:28 - 0000000 ____D C:\Users\Arshad-3\Desktop\Études Canadiennes - SOSC 1920
2012-04-08 02:28 - 2012-04-12 12:47 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{3E895924-FBAC-4D01-937C-BDFE3C007F9C}
2012-04-08 02:28 - 2012-04-12 12:47 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{3E895924-FBAC-4D01-937C-BDFE3C007F9C}
2012-04-08 02:28 - 2012-04-12 12:47 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{3E895924-FBAC-4D01-937C-BDFE3C007F9C}
2012-04-06 18:55 - 2012-04-23 14:47 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-04-06 18:55 - 2012-03-08 13:47 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-04-06 18:54 - 2011-11-19 11:14 - 0000000 ____D C:\Program Files\Dell Support Center
2012-04-05 09:55 - 2012-04-15 14:36 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{FF201C32-8D3E-4A20-A10C-EF24E79C35C9}
2012-04-05 09:55 - 2012-04-15 14:36 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{FF201C32-8D3E-4A20-A10C-EF24E79C35C9}
2012-04-05 09:55 - 2012-04-15 14:36 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{FF201C32-8D3E-4A20-A10C-EF24E79C35C9}
2012-04-04 16:35 - 2012-03-08 19:14 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{C1A644DD-B225-4F5B-82BB-8A12618C1F41}
2012-04-04 16:35 - 2012-03-08 19:14 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{C1A644DD-B225-4F5B-82BB-8A12618C1F41}
2012-04-04 16:35 - 2012-03-08 19:14 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{C1A644DD-B225-4F5B-82BB-8A12618C1F41}
2012-04-04 13:44 - 2012-04-15 14:35 - 0000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2012-04-04 13:40 - 2012-04-14 13:55 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{0B5DA892-8BD8-43F1-8292-F3BDD635E229}
2012-04-04 13:40 - 2012-04-14 13:55 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{0B5DA892-8BD8-43F1-8292-F3BDD635E229}
2012-04-04 13:40 - 2012-04-14 13:55 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{0B5DA892-8BD8-43F1-8292-F3BDD635E229}
2012-04-03 13:24 - 2012-02-26 10:42 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{494276D9-5ADA-4720-A3B7-E6A82A6DCE69}
2012-04-03 13:24 - 2012-02-26 10:42 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{494276D9-5ADA-4720-A3B7-E6A82A6DCE69}
2012-04-03 13:24 - 2012-02-26 10:42 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{494276D9-5ADA-4720-A3B7-E6A82A6DCE69}
2012-04-02 22:42 - 2012-03-22 17:43 - 0037206 ____A C:\Users\Arshad-3\My Documents\RESUME AND COVER LETTER.docx
2012-04-02 22:42 - 2012-03-22 17:43 - 0037206 ____A C:\Users\Arshad-3\Documents\RESUME AND COVER LETTER.docx
2012-04-02 22:40 - 2012-01-13 00:12 - 0037206 ____A C:\Users\Arshad-3\Downloads\RESUME AND COVER LETTER.docx
2012-04-02 22:37 - 2011-11-24 17:10 - 0037117 ____A C:\Users\Arshad-3\Downloads\mahdia resume.docx
2012-04-02 22:17 - 2012-01-23 00:13 - 0000000 ____D C:\Users\Arshad-3\My Documents\Outlook Files
2012-04-02 22:17 - 2012-01-23 00:13 - 0000000 ____D C:\Users\Arshad-3\Documents\Outlook Files
2012-04-02 22:14 - 2012-01-24 22:18 - 0015793 ____A C:\Users\Arshad-3\My Documents\Mehdia Arshed CL.docx
2012-04-02 22:14 - 2012-01-24 22:18 - 0015793 ____A C:\Users\Arshad-3\Documents\Mehdia Arshed CL.docx
2012-04-02 21:54 - 2012-04-02 22:36 - 0021959 ____A C:\Users\Arshad-3\My Documents\Mehdia Arshed cover letter.docx
2012-04-02 21:54 - 2012-04-02 22:36 - 0021959 ____A C:\Users\Arshad-3\Documents\Mehdia Arshed cover letter.docx
2012-04-02 15:00 - 2012-03-08 10:04 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{D4192AFC-63D8-4C28-8FF4-3F4E0C7FFFC8}
2012-04-02 15:00 - 2012-03-08 10:04 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{D4192AFC-63D8-4C28-8FF4-3F4E0C7FFFC8}
2012-04-02 15:00 - 2012-03-08 10:04 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{D4192AFC-63D8-4C28-8FF4-3F4E0C7FFFC8}
2012-04-01 13:12 - 2012-02-24 18:24 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{7769ED1B-B416-4DAC-95E6-8C07FD7953D2}
2012-04-01 13:12 - 2012-02-24 18:24 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{7769ED1B-B416-4DAC-95E6-8C07FD7953D2}
2012-04-01 13:12 - 2012-02-24 18:24 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{7769ED1B-B416-4DAC-95E6-8C07FD7953D2}
2012-03-31 20:47 - 2012-04-21 16:42 - 0000000 ____D C:\Users\Arshad-3\Desktop\Download
2012-03-31 20:47 - 2010-11-21 02:16 - 0000000 ____D C:\Users\Arshad-3\Application Data\Media Finder
2012-03-31 20:47 - 2010-11-21 02:16 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\Media Finder
2012-03-31 20:46 - 2012-03-31 15:32 - 2741837 ____A (Media Finder ) C:\Users\Arshad-3\Downloads\perfect_strangers_2004_torrent.new.djvu.exe
2012-03-31 15:33 - 2012-03-31 15:31 - 2219520 ____A C:\Users\Arshad-3\Downloads\Nova_Scotia.ppt
2012-03-31 15:33 - 2012-01-22 18:30 - 0130464 ____A C:\Users\Arshad-3\Downloads\Ontario_pres._.docx
2012-03-31 15:31 - 2012-04-20 17:09 - 6351872 ____A C:\Users\Arshad-3\Downloads\Alberta-_Province_Presentation.ppt
2012-03-31 15:31 - 2012-04-09 19:01 - 6580224 ____A C:\Users\Arshad-3\Downloads\peipresentation.ppt
2012-03-31 15:31 - 2012-03-31 20:46 - 1269284 ____A C:\Users\Arshad-3\Downloads\POLS2600_New_Brunswick_-_Melinda_Lana.pptx
2012-03-31 15:31 - 2012-03-17 17:50 - 0258541 ____A C:\Users\Arshad-3\Downloads\Newfoundland_and_Labrador.pptx
2012-03-31 15:31 - 2012-03-08 14:24 - 0079849 ____A C:\Users\Arshad-3\Downloads\Quebec.pptx
2012-03-31 15:31 - 2012-02-10 17:18 - 1126912 ____A C:\Users\Arshad-3\Downloads\Manitoba.ppt
2012-03-31 15:31 - 2011-12-12 23:27 - 0598153 ____A C:\Users\Arshad-3\Downloads\Jeopardy_pptfinal.pptx
2012-03-31 11:24 - 2012-04-01 13:12 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{7ACE8DE8-0711-4B9C-855C-AA89DC33801C}
2012-03-31 11:24 - 2012-04-01 13:12 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{7ACE8DE8-0711-4B9C-855C-AA89DC33801C}
2012-03-31 11:24 - 2012-04-01 13:12 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{7ACE8DE8-0711-4B9C-855C-AA89DC33801C}
2012-03-30 18:23 - 2012-03-22 12:20 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{A85F03FE-565E-4C38-8225-E3EEAF6A298A}
2012-03-30 18:23 - 2012-03-22 12:20 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{A85F03FE-565E-4C38-8225-E3EEAF6A298A}
2012-03-30 18:23 - 2012-03-22 12:20 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{A85F03FE-565E-4C38-8225-E3EEAF6A298A}
2012-03-29 08:37 - 2012-03-27 23:11 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{E7AA3202-CC90-4CD2-BED5-AD1E7B885BEB}
2012-03-29 08:37 - 2012-03-27 23:11 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{E7AA3202-CC90-4CD2-BED5-AD1E7B885BEB}
2012-03-29 08:37 - 2012-03-27 23:11 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{E7AA3202-CC90-4CD2-BED5-AD1E7B885BEB}
2012-03-28 11:07 - 2012-04-15 14:36 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{D91DCE70-C86B-4C58-BF81-F2EA652DDF07}
2012-03-28 11:07 - 2012-04-15 14:36 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{D91DCE70-C86B-4C58-BF81-F2EA652DDF07}
2012-03-28 11:07 - 2012-04-15 14:36 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{D91DCE70-C86B-4C58-BF81-F2EA652DDF07}
2012-03-28 11:07 - 2012-03-11 19:02 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{6022D1C7-5827-4D25-A9C1-C30D3B09F521}
2012-03-28 11:07 - 2012-03-11 19:02 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{6022D1C7-5827-4D25-A9C1-C30D3B09F521}
2012-03-28 11:07 - 2012-03-11 19:02 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{6022D1C7-5827-4D25-A9C1-C30D3B09F521}
2012-03-28 08:31 - 2012-03-27 14:07 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{1EB1046C-F682-48A1-935E-AEE265EA090C}
2012-03-28 08:31 - 2012-03-27 14:07 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{1EB1046C-F682-48A1-935E-AEE265EA090C}
2012-03-28 08:31 - 2012-03-27 14:07 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{1EB1046C-F682-48A1-935E-AEE265EA090C}
2012-03-28 08:31 - 2012-03-22 15:19 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{B6FB9585-7C87-47F5-A71C-02CE8440C285}
2012-03-28 08:31 - 2012-03-22 15:19 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{B6FB9585-7C87-47F5-A71C-02CE8440C285}
2012-03-28 08:31 - 2012-03-22 15:19 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{B6FB9585-7C87-47F5-A71C-02CE8440C285}
2012-03-27 23:11 - 2012-03-27 07:44 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{E49859AD-E199-4673-AE42-3DF86F4EC446}
2012-03-27 23:11 - 2012-03-27 07:44 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{E49859AD-E199-4673-AE42-3DF86F4EC446}
2012-03-27 23:11 - 2012-03-27 07:44 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{E49859AD-E199-4673-AE42-3DF86F4EC446}
2012-03-27 23:11 - 2012-02-21 19:44 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{CBD9990C-CFA0-4244-9F7C-CAACEB9108FF}
2012-03-27 23:11 - 2012-02-21 19:44 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{CBD9990C-CFA0-4244-9F7C-CAACEB9108FF}
2012-03-27 23:11 - 2012-02-21 19:44 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{CBD9990C-CFA0-4244-9F7C-CAACEB9108FF}
2012-03-27 14:07 - 2012-04-14 13:55 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{13163618-1989-4284-BE20-A7798599ECEC}
2012-03-27 14:07 - 2012-04-14 13:55 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{13163618-1989-4284-BE20-A7798599ECEC}
2012-03-27 14:07 - 2012-04-14 13:55 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{13163618-1989-4284-BE20-A7798599ECEC}
2012-03-27 14:06 - 2012-03-07 13:03 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{27D0254D-62E0-42E2-B5AD-419C1F7B58DE}
2012-03-27 14:06 - 2012-03-07 13:03 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{27D0254D-62E0-42E2-B5AD-419C1F7B58DE}
2012-03-27 14:06 - 2012-03-07 13:03 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{27D0254D-62E0-42E2-B5AD-419C1F7B58DE}
2012-03-27 11:32 - 2012-03-31 15:31 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Arshad-3\Downloads\mbam--setup-1.60.1.1000.exe
2012-03-27 07:44 - 2012-03-25 10:09 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{3A507A73-2D95-47B8-A4D5-4DE2B6F8A72F}
2012-03-27 07:44 - 2012-03-25 10:09 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{3A507A73-2D95-47B8-A4D5-4DE2B6F8A72F}
2012-03-27 07:44 - 2012-03-25 10:09 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{3A507A73-2D95-47B8-A4D5-4DE2B6F8A72F}
2012-03-27 07:43 - 2012-03-15 09:06 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{E33BAE92-59EF-4B33-B3D0-04A7208DD57D}
2012-03-27 07:43 - 2012-03-15 09:06 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{E33BAE92-59EF-4B33-B3D0-04A7208DD57D}
2012-03-27 07:43 - 2012-03-15 09:06 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{E33BAE92-59EF-4B33-B3D0-04A7208DD57D}
2012-03-26 23:10 - 2011-12-05 19:34 - 0021444 ____A C:\Users\Arshad-3\My Documents\When viewing historical events or history in general itself we often hear the phrase.docx
2012-03-26 23:10 - 2011-12-05 19:34 - 0021444 ____A C:\Users\Arshad-3\Documents\When viewing historical events or history in general itself we often hear the phrase.docx
2012-03-26 22:01 - 2012-03-03 15:06 - 0817664 ____A C:\Users\Arshad-3\Downloads\Ewout Frankema - Full Paper 62.doc
2012-03-26 15:18 - 2012-03-19 15:18 - 0016613 ____A C:\Users\Arshad-3\My Documents\CANADIAN GEOGRAPHY MARCH 26 12.docx
2012-03-26 15:18 - 2012-03-19 15:18 - 0016613 ____A C:\Users\Arshad-3\Documents\CANADIAN GEOGRAPHY MARCH 26 12.docx
2012-03-26 15:18 - 2012-03-19 15:11 - 0000162 ___AH C:\Users\Arshad-3\My Documents\~$NADIAN GEOGRAPHY MARCH 26 12.docx
2012-03-26 15:18 - 2012-03-19 15:11 - 0000162 ___AH C:\Users\Arshad-3\Documents\~$NADIAN GEOGRAPHY MARCH 26 12.docx
2012-03-25 10:09 - 2012-03-22 09:28 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{38F624AA-9CBE-4101-AFE3-F2E2DE044A4E}
2012-03-25 10:09 - 2012-03-22 09:28 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{38F624AA-9CBE-4101-AFE3-F2E2DE044A4E}
2012-03-25 10:09 - 2012-03-22 09:28 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{38F624AA-9CBE-4101-AFE3-F2E2DE044A4E}
2012-03-25 10:08 - 2012-02-22 13:09 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{A3965AB8-8BE4-4FC9-827F-6D1DB697500B}
2012-03-25 10:08 - 2012-02-22 13:09 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{A3965AB8-8BE4-4FC9-827F-6D1DB697500B}
2012-03-25 10:08 - 2012-02-22 13:09 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{A3965AB8-8BE4-4FC9-827F-6D1DB697500B}

============ 3 Months Modified Files and Folders =============

2012-04-24 04:33 - 2012-04-24 04:00 - 0000000 ____D C:\FRST
2012-04-24 03:57 - 2012-04-24 03:26 - 0000000 ____D C:\Emergency
2012-04-24 01:17 - 2011-11-19 12:13 - 3137994752 __ASH C:\hiberfil.sys
2012-04-23 22:44 - 2012-04-23 22:43 - 0101468 ____A C:\Windows\ntbtlog.txt
2012-04-23 15:30 - 2010-11-20 22:47 - 0069330 ____A C:\Windows\PFRO.log
2012-04-23 15:28 - 2012-04-06 18:55 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-04-23 15:13 - 2011-11-19 10:20 - 1697663 ____A C:\Windows\WindowsUpdate.log
2012-04-23 15:05 - 2012-04-20 17:11 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-23 15:00 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At41.job
2012-04-23 15:00 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At17.job
2012-04-23 14:53 - 2012-04-23 14:53 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-23 14:53 - 2012-04-23 14:53 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-23 14:53 - 2012-04-23 14:53 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-23 14:53 - 2011-12-26 15:38 - 0000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-23 14:53 - 2011-11-19 10:37 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-23 14:52 - 2012-04-23 14:52 - 0908576 ____A (Sun Microsystems, Inc.) C:\Users\Arshad-3\Downloads\chromeinstall-6u31.exe
2012-04-23 14:47 - 2011-11-24 22:31 - 0000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1620107277-2827814893-1988640675-1000UA.job
2012-04-23 14:47 - 2011-11-24 22:31 - 0000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1620107277-2827814893-1988640675-1000Core.job
2012-04-23 14:00 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At40.job
2012-04-23 14:00 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At16.job
2012-04-23 13:44 - 2012-01-09 23:34 - 0001790 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2012-04-23 13:44 - 2012-01-09 23:34 - 0001790 ____A C:\Users\All Users\Desktop\McAfee Total Protection.lnk
2012-04-23 13:42 - 2009-07-13 23:51 - 0139734 ____A C:\Windows\setupact.log
2012-04-23 13:23 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At39.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At38.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At37.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At36.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At35.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At34.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At33.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At32.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At31.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At30.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At29.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At9.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At8.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At7.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At6.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At5.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At15.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At14.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At13.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At12.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At11.job
2012-04-23 13:23 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At10.job
2012-04-23 02:00 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At28.job
2012-04-23 02:00 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At4.job
2012-04-23 01:55 - 2011-12-06 14:59 - 0000000 ____D C:\Program Files\PeerBlock
2012-04-23 01:00 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At27.job
2012-04-23 01:00 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At3.job
2012-04-23 00:01 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At2.job
2012-04-23 00:00 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At26.job
2012-04-22 23:48 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At1.job
2012-04-22 23:22 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At25.job
2012-04-22 22:22 - 2012-04-22 22:22 - 0000342 ____A C:\Windows\Tasks\At48.job
2012-04-22 22:22 - 2012-04-22 22:22 - 0000342 ____A C:\Windows\Tasks\At47.job
2012-04-22 22:22 - 2012-04-22 22:22 - 0000342 ____A C:\Windows\Tasks\At46.job
2012-04-22 22:22 - 2012-04-22 22:22 - 0000342 ____A C:\Windows\Tasks\At45.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0092672 ____A (Microsoft Corporation) C:\Users\All Users\v5HKJ6iG.exe
2012-04-22 22:21 - 2012-04-22 22:21 - 0092672 ____A (Microsoft Corporation) C:\Users\All Users\Application Data\v5HKJ6iG.exe
2012-04-22 22:21 - 2012-04-22 22:21 - 0092672 ____A (Microsoft Corporation) C:\ProgramData\v5HKJ6iG.exe
2012-04-22 22:21 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At44.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At43.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000342 ____A C:\Windows\Tasks\At42.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At24.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At23.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At22.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At21.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At20.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At19.job
2012-04-22 22:21 - 2012-04-22 22:21 - 0000340 ____A C:\Windows\Tasks\At18.job
2012-04-22 21:53 - 2011-12-26 15:38 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-22 00:00 - 2012-03-12 15:44 - 0000000 ____D C:\Users\Arshad-3\Application Data\vlc
2012-04-22 00:00 - 2012-03-12 15:44 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\vlc
2012-04-22 00:00 - 2011-11-25 17:30 - 0000000 ____D C:\Users\Arshad-3\Application Data\uTorrent
2012-04-22 00:00 - 2011-11-25 17:30 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\uTorrent
2012-04-21 23:59 - 2012-04-21 23:55 - 0000000 ____D C:\Users\Arshad-3\Downloads\Mirror Mirror (2012) DVD - Rip
2012-04-21 22:14 - 2011-10-16 13:28 - 0000061 ____A C:\Users\Arshad-3\Desktop\FILE_ID.DIZ
2012-04-21 22:14 - 2011-10-16 06:44 - 0004905 ____A C:\Users\Arshad-3\Desktop\FUTURiTY.nfo
2012-04-21 22:13 - 2012-04-21 22:13 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-21 22:12 - 2012-04-21 22:12 - 0000000 ____D C:\Windows\system64
2012-04-21 22:10 - 2012-03-22 17:21 - 0001326 ____A C:\Users\Public\Desktop\Video Download Capture.lnk
2012-04-21 22:10 - 2012-03-22 17:21 - 0001326 ____A C:\Users\All Users\Desktop\Video Download Capture.lnk
2012-04-21 22:08 - 2012-04-21 22:07 - 28239820 ____A (Apowersoft ) C:\Users\Arshad-3\Downloads\video-download-capture (2).exe
2012-04-21 16:42 - 2012-02-19 13:18 - 0000000 ____D C:\Users\Arshad-3\Desktop\don't touch pls
2012-04-21 16:38 - 2011-11-24 22:11 - 0000000 ____D C:\Users\Public\CyberLink
2012-04-21 16:38 - 2011-11-24 22:11 - 0000000 ____D C:\Users\Arshad-3\My Documents\CyberLink
2012-04-21 16:38 - 2011-11-24 22:11 - 0000000 ____D C:\Users\Arshad-3\Documents\CyberLink
2012-04-20 19:03 - 2012-04-20 00:19 - 0000000 ____D C:\Program Files (x86)\AVS4YOU
2012-04-20 18:05 - 2012-04-20 18:05 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-20 18:05 - 2012-04-20 17:10 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-20 18:05 - 2011-11-19 10:22 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-20 17:15 - 2012-04-11 21:20 - 0000000 ____D C:\Users\All Users\Codecv
2012-04-20 17:15 - 2012-04-11 21:20 - 0000000 ____D C:\Users\All Users\Application Data\Codecv
2012-04-20 17:15 - 2012-04-11 21:20 - 0000000 ____D C:\ProgramData\Codecv
2012-04-20 17:12 - 2012-04-15 19:59 - 0000000 ____D C:\divx
2012-04-20 17:12 - 2011-11-24 16:11 - 0000000 ____D C:\Users\Arshad-3\Local Settings\VirtualStore
2012-04-20 17:12 - 2011-11-24 16:11 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\VirtualStore
2012-04-20 17:12 - 2011-11-24 16:11 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\VirtualStore
2012-04-20 17:10 - 2012-04-20 17:10 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-20 17:09 - 2012-04-20 17:09 - 0166292 ____A C:\Users\Arshad-3\Downloads\Aimersoft.Dvd.Studio.Pack.2.4.serial.maker.zip
2012-04-20 17:01 - 2012-04-20 17:01 - 0001277 ____A C:\Users\Arshad-3\Desktop\Aimersoft DVD Studio Pack.lnk
2012-04-20 17:01 - 2012-04-19 22:26 - 0000000 ____D C:\Users\Arshad-3\Desktop\New folder
2012-04-20 17:00 - 2012-04-20 17:00 - 0000000 ____D C:\Program Files (x86)\Aimersoft
2012-04-20 16:51 - 2012-04-20 16:50 - 0015620 ____A C:\Users\Arshad-3\Downloads\Aimersoft DVD Studio Pack 2.4.0.0 KeyGen -TrT [h33t].torrent
2012-04-20 16:35 - 2012-04-20 16:32 - 35291522 ____A ( ) C:\Users\Arshad-3\Downloads\aimer-dvd-creator_full242.exe
2012-04-20 02:12 - 2012-04-20 02:12 - 0002308 ____A C:\Users\Arshad-3\Desktop\Free Video to DVD Converter.lnk
2012-04-20 02:12 - 2011-11-25 17:33 - 0000000 ____D C:\Users\Arshad-3\Application Data\DVDVideoSoft
2012-04-20 02:12 - 2011-11-25 17:33 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\DVDVideoSoft
2012-04-20 02:12 - 2011-11-25 17:32 - 0000000 ____D C:\Program Files (x86)\DVDVideoSoft
2012-04-20 02:10 - 2012-04-20 02:09 - 25407280 ____A (DVDVideoSoft Ltd. ) C:\Users\Arshad-3\Downloads\FreeVideoToDVDConverter.exe
2012-04-20 02:02 - 2012-04-14 20:23 - 0000000 ____D C:\Users\Arshad-3\Downloads\Aliens.in.the.Attic[2009]DvDrip-x264-AAC[Eng]-MKVGuy
2012-04-20 01:58 - 2012-04-20 01:57 - 17229528 ____A (DVDVideoSoft Ltd. ) C:\Users\Arshad-3\Downloads\FreeDVDVideoBurner.exe
2012-04-20 01:52 - 2012-04-20 01:52 - 6118990 ____A (LIGHTNING UK!) C:\Users\Arshad-3\Downloads\SetupImgBurn_2.5.7.0.exe
2012-04-20 00:21 - 2012-04-20 00:21 - 0000000 ____D C:\Users\Arshad-3\Application Data\AVS4YOU
2012-04-20 00:21 - 2012-04-20 00:21 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\AVS4YOU
2012-04-20 00:21 - 2012-04-20 00:19 - 0000000 ____D C:\Users\All Users\AVS4YOU
2012-04-20 00:21 - 2012-04-20 00:19 - 0000000 ____D C:\Users\All Users\Application Data\AVS4YOU
2012-04-20 00:21 - 2012-04-20 00:19 - 0000000 ____D C:\ProgramData\AVS4YOU
2012-04-20 00:19 - 2012-04-20 00:19 - 0001243 ____A C:\Users\Arshad-3\Desktop\AVS Video Converter.lnk
2012-04-20 00:08 - 2012-04-20 00:07 - 0000000 ____D C:\Users\Arshad-3\My Documents\DreamVideoSoft
2012-04-20 00:08 - 2012-04-20 00:07 - 0000000 ____D C:\Users\Arshad-3\Documents\DreamVideoSoft
2012-04-20 00:07 - 2012-04-20 00:06 - 6251172 ____A (TopVideoSoft,Inc. ) C:\Users\Arshad-3\Downloads\dream-mkv-converter.exe
2012-04-19 23:16 - 2012-04-19 23:16 - 0010185 ____A C:\Users\Arshad-3\Downloads\Xilisoft MKV Converter 6.0.12 build 0914 key [h33t].torrent
2012-04-19 22:57 - 2012-04-19 22:57 - 0006342 ____A C:\Users\Arshad-3\Downloads\Xilisoft_MKV_Converter_5.1.23_build-0424_Incl_serial_[Bit-Byte].5073181.TPB.torrent
2012-04-19 18:31 - 2012-04-02 22:17 - 0000000 ____D C:\Users\Arshad-3\My Documents\Outlook Files
2012-04-19 18:31 - 2012-04-02 22:17 - 0000000 ____D C:\Users\Arshad-3\Documents\Outlook Files
2012-04-19 17:36 - 2012-04-18 22:17 - 0059392 ____A C:\Users\Arshad-3\My Documents\RESUME.doc
2012-04-19 17:36 - 2012-04-18 22:17 - 0059392 ____A C:\Users\Arshad-3\Documents\RESUME.doc
2012-04-19 14:43 - 2012-04-19 14:34 - 0057856 ____A C:\Users\Arshad-3\Downloads\910119e0d4685e2b0d51d58ee5a3899c.doc
2012-04-19 14:27 - 2009-07-13 23:45 - 0028352 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-19 14:27 - 2009-07-13 23:45 - 0028352 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-19 00:32 - 2012-04-19 00:32 - 0092160 ____A C:\Users\Arshad-3\Downloads\b3b42fcef7cf37a04f6dbe75e095ff95.doc
2012-04-18 22:14 - 2011-12-06 15:57 - 0667648 __ASH C:\Users\Arshad-3\My Documents\Thumbs.db
2012-04-18 22:14 - 2011-12-06 15:57 - 0667648 __ASH C:\Users\Arshad-3\Documents\Thumbs.db
2012-04-18 00:25 - 2012-03-31 20:47 - 0000000 ____D C:\Users\Arshad-3\Application Data\Media Finder
2012-04-18 00:25 - 2012-03-31 20:47 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\Media Finder
2012-04-18 00:22 - 2012-03-02 15:37 - 0000524 ____A C:\user.js
2012-04-18 00:21 - 2012-04-18 00:21 - 2741826 ____A (Media Finder ) C:\Users\Arshad-3\Downloads\Xilisoft_MKV_Converter_5.1.exe
2012-04-18 00:15 - 2012-04-18 00:15 - 0002085 ____A C:\Users\Public\Desktop\Xilisoft MKV Converter.lnk
2012-04-18 00:15 - 2012-04-18 00:15 - 0002085 ____A C:\Users\All Users\Desktop\Xilisoft MKV Converter.lnk
2012-04-18 00:15 - 2012-04-18 00:15 - 0000000 ____D C:\Users\Arshad-3\Application Data\Xilisoft
2012-04-18 00:15 - 2012-04-18 00:15 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\Xilisoft
2012-04-18 00:14 - 2012-04-18 00:14 - 0000000 ____D C:\Users\All Users\Xilisoft
2012-04-18 00:14 - 2012-04-18 00:14 - 0000000 ____D C:\Users\All Users\Application Data\Xilisoft
2012-04-18 00:14 - 2012-04-18 00:14 - 0000000 ____D C:\ProgramData\Xilisoft
2012-04-18 00:14 - 2012-04-18 00:14 - 0000000 ____D C:\Program Files (x86)\Xilisoft
2012-04-18 00:13 - 2012-04-18 00:10 - 35440682 ____A C:\Users\Arshad-3\Downloads\x-mkv-converter6.exe
2012-04-17 14:00 - 2012-04-17 14:00 - 0069124 ____A C:\Users\Arshad-3\Downloads\t4a_2011_english (1).pdf
2012-04-17 13:58 - 2012-04-17 13:58 - 0073574 ____A C:\Users\Arshad-3\Downloads\t2202a_2011_english (1).pdf
2012-04-15 20:19 - 2009-07-14 00:13 - 0778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-15 20:09 - 2011-11-19 11:10 - 0000000 ____D C:\Users\All Users\Sonic
2012-04-15 20:09 - 2011-11-19 11:10 - 0000000 ____D C:\Users\All Users\Application Data\Sonic
2012-04-15 20:09 - 2011-11-19 11:10 - 0000000 ____D C:\ProgramData\Sonic
2012-04-15 14:36 - 2012-04-15 14:36 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{EEDCF7C1-EEB2-48F9-86B4-8EA2687DD249}
2012-04-15 14:36 - 2012-04-15 14:36 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{D812553B-67CF-442D-8FB7-6B46BD141108}
2012-04-15 14:36 - 2012-04-15 14:36 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{EEDCF7C1-EEB2-48F9-86B4-8EA2687DD249}
2012-04-15 14:36 - 2012-04-15 14:36 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{D812553B-67CF-442D-8FB7-6B46BD141108}
2012-04-15 14:36 - 2012-04-15 14:36 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{EEDCF7C1-EEB2-48F9-86B4-8EA2687DD249}
2012-04-15 14:36 - 2012-04-15 14:36 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{D812553B-67CF-442D-8FB7-6B46BD141108}
2012-04-15 14:35 - 2012-02-21 19:43 - 0000000 ____D C:\Users\Arshad-3\Tracing
2012-04-15 14:35 - 2012-01-09 23:34 - 0000000 __RSD C:\Users\Arshad-3\My Documents\McAfee Vaults
2012-04-15 14:35 - 2012-01-09 23:34 - 0000000 __RSD C:\Users\Arshad-3\Documents\McAfee Vaults
2012-04-15 14:35 - 2011-12-01 00:06 - 0000346 ____A C:\Windows\Tasks\DriverScanner.job
2012-04-15 14:35 - 2011-11-19 10:54 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-04-15 14:35 - 2011-11-19 10:54 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-04-15 14:35 - 2011-11-19 10:54 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-04-15 14:35 - 2011-11-19 10:54 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-04-15 14:35 - 2011-11-19 10:54 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-04-15 14:35 - 2011-11-19 10:54 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-04-15 14:35 - 2011-11-19 10:50 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-04-15 14:34 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-14 13:55 - 2012-04-14 13:55 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{12D22109-DBDD-42DC-9561-3255FBFE5A15}
2012-04-14 13:55 - 2012-04-14 13:55 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{12D22109-DBDD-42DC-9561-3255FBFE5A15}
2012-04-14 13:55 - 2012-04-14 13:55 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{12D22109-DBDD-42DC-9561-3255FBFE5A15}
2012-04-14 13:55 - 2012-04-14 13:54 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{0B1D519B-5091-40EF-AC40-F844B6188601}
2012-04-14 13:55 - 2012-04-14 13:54 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{0B1D519B-5091-40EF-AC40-F844B6188601}
2012-04-14 13:55 - 2012-04-14 13:54 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{0B1D519B-5091-40EF-AC40-F844B6188601}
2012-04-13 22:23 - 2012-04-13 21:49 - 0000000 ____D C:\Users\Arshad-3\Downloads\Housefull 2 2012 480p DVDSCR Hindi Srkfan
2012-04-13 15:56 - 2012-02-07 16:53 - 0000000 ___RD C:\Users\Arshad-3\My Documents\Scanned Documents
2012-04-13 15:56 - 2012-02-07 16:53 - 0000000 ___RD C:\Users\Arshad-3\Documents\Scanned Documents
2012-04-13 15:16 - 2012-04-13 12:14 - 1339939 ____A C:\Users\Arshad-3\Desktop\Photo0049.jpg
2012-04-13 15:10 - 2011-11-24 16:08 - 0000000 ____D C:\Users\Arshad-3\AppData\LocalLow
2012-04-13 14:37 - 2012-04-13 14:36 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{9EEA8F24-1C87-4B3E-A68F-99821C7BA4B9}
2012-04-13 14:37 - 2012-04-13 14:36 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{9EEA8F24-1C87-4B3E-A68F-99821C7BA4B9}
2012-04-13 14:37 - 2012-04-13 14:36 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{9EEA8F24-1C87-4B3E-A68F-99821C7BA4B9}
2012-04-12 12:47 - 2012-04-12 12:46 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{3DE058E4-14E5-45A4-BE19-A06FC26D0C62}
2012-04-12 12:47 - 2012-04-12 12:46 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{3DE058E4-14E5-45A4-BE19-A06FC26D0C62}
2012-04-12 12:47 - 2012-04-12 12:46 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{3DE058E4-14E5-45A4-BE19-A06FC26D0C62}
2012-04-12 12:47 - 2011-02-10 09:01 - 0000000 ____D C:\DELL
2012-04-11 21:48 - 2011-11-24 16:15 - 0000000 ____D C:\Users\Arshad-3\Application Data\Mozilla
2012-04-11 21:48 - 2011-11-24 16:15 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\Mozilla
2012-04-11 21:27 - 2012-04-11 21:27 - 0000000 ____D C:\Users\Arshad-3\Application Data\Optimizer Pro
2012-04-11 21:27 - 2012-04-11 21:27 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\Optimizer Pro
2012-04-11 21:20 - 2012-04-11 21:20 - 0000000 ____D C:\Program Files (x86)\Optimizer Pro
2012-04-11 21:20 - 2011-12-01 00:05 - 0000000 ____D C:\Users\All Users\InstallMate
2012-04-11 21:20 - 2011-12-01 00:05 - 0000000 ____D C:\Users\All Users\Application Data\InstallMate
2012-04-11 21:20 - 2011-12-01 00:05 - 0000000 ____D C:\ProgramData\InstallMate
2012-04-11 21:19 - 2012-04-11 21:19 - 0283320 ____A (Premium) C:\Users\Arshad-3\Downloads\Codec-V.exe
2012-04-11 21:19 - 2011-12-01 00:06 - 0000000 ____D C:\codec-info
2012-04-11 21:17 - 2012-04-11 21:17 - 0447402 ____A (http://www.vgrabber.com) C:\Users\Arshad-3\Downloads\setup.exe
2012-04-11 02:01 - 2011-11-30 13:48 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-11 02:01 - 2011-11-30 13:48 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-04-11 02:01 - 2011-11-30 13:48 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-10 14:58 - 2012-04-10 14:58 - 0069124 ____A C:\Users\Arshad-3\Downloads\t4a_2011_english.pdf
2012-04-10 14:57 - 2012-04-10 14:57 - 0073574 ____A C:\Users\Arshad-3\Downloads\t2202a_2011_english.pdf
2012-04-09 19:01 - 2012-04-09 19:01 - 6660224 ____A C:\Users\Arshad-3\Downloads\pardes - meri mehbooba.mp3
2012-04-09 19:00 - 2012-04-09 19:00 - 3449701 ____A C:\Users\Arshad-3\Downloads\o meri mehbooba (remix).mp3
2012-04-09 12:56 - 2012-04-09 12:56 - 0946688 ____A (Apowersoft) C:\Users\Arshad-3\Downloads\Video Download Capture.exe
2012-04-09 12:54 - 2012-04-09 12:45 - 0000000 ____D C:\Users\Arshad-3\Desktop\Études Canadiennes - SOSC 1920
2012-04-08 02:28 - 2012-04-08 02:28 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{3E895924-FBAC-4D01-937C-BDFE3C007F9C}
2012-04-08 02:28 - 2012-04-08 02:28 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{3E895924-FBAC-4D01-937C-BDFE3C007F9C}
2012-04-08 02:28 - 2012-04-08 02:28 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{3E895924-FBAC-4D01-937C-BDFE3C007F9C}
2012-04-08 02:27 - 2012-04-06 18:55 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-04-06 18:55 - 2012-04-06 18:54 - 0000000 ____D C:\Program Files\Dell Support Center
2012-04-06 15:36 - 2011-11-24 16:04 - 0054272 ____A C:\Users\Arshad-3\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-06 15:36 - 2011-11-24 16:04 - 0054272 ____A C:\Users\Arshad-3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-06 15:36 - 2011-11-24 16:04 - 0054272 ____A C:\Users\Arshad-3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-05 18:03 - 2011-11-24 20:25 - 0000000 ____D C:\Users\Arshad-3\My Documents\Word Documents
2012-04-05 18:03 - 2011-11-24 20:25 - 0000000 ____D C:\Users\Arshad-3\Documents\Word Documents
2012-04-05 09:56 - 2012-04-05 09:55 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{FF201C32-8D3E-4A20-A10C-EF24E79C35C9}
2012-04-05 09:56 - 2012-04-05 09:55 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{FF201C32-8D3E-4A20-A10C-EF24E79C35C9}
2012-04-05 09:56 - 2012-04-05 09:55 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{FF201C32-8D3E-4A20-A10C-EF24E79C35C9}
2012-04-04 16:35 - 2012-04-04 16:35 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{C1A644DD-B225-4F5B-82BB-8A12618C1F41}
2012-04-04 16:35 - 2012-04-04 16:35 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{C1A644DD-B225-4F5B-82BB-8A12618C1F41}
2012-04-04 16:35 - 2012-04-04 16:35 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{C1A644DD-B225-4F5B-82BB-8A12618C1F41}
2012-04-04 13:44 - 2012-04-04 13:44 - 0000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2012-04-04 13:42 - 2012-04-04 13:40 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{0B5DA892-8BD8-43F1-8292-F3BDD635E229}
2012-04-04 13:42 - 2012-04-04 13:40 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{0B5DA892-8BD8-43F1-8292-F3BDD635E229}
2012-04-04 13:42 - 2012-04-04 13:40 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{0B5DA892-8BD8-43F1-8292-F3BDD635E229}
2012-04-03 13:26 - 2012-04-03 13:24 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{494276D9-5ADA-4720-A3B7-E6A82A6DCE69}
2012-04-03 13:26 - 2012-04-03 13:24 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{494276D9-5ADA-4720-A3B7-E6A82A6DCE69}
2012-04-03 13:26 - 2012-04-03 13:24 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{494276D9-5ADA-4720-A3B7-E6A82A6DCE69}
2012-04-02 22:42 - 2012-04-02 22:42 - 0037206 ____A C:\Users\Arshad-3\My Documents\RESUME AND COVER LETTER.docx
2012-04-02 22:42 - 2012-04-02 22:42 - 0037206 ____A C:\Users\Arshad-3\Documents\RESUME AND COVER LETTER.docx
2012-04-02 22:40 - 2012-04-02 22:40 - 0037206 ____A C:\Users\Arshad-3\Downloads\RESUME AND COVER LETTER.docx
2012-04-02 22:38 - 2012-04-02 22:37 - 0037117 ____A C:\Users\Arshad-3\Downloads\mahdia resume.docx
2012-04-02 22:36 - 2012-04-02 22:14 - 0015793 ____A C:\Users\Arshad-3\My Documents\Mehdia Arshed CL.docx
2012-04-02 22:36 - 2012-04-02 22:14 - 0015793 ____A C:\Users\Arshad-3\Documents\Mehdia Arshed CL.docx
2012-04-02 21:59 - 2012-04-02 21:54 - 0021959 ____A C:\Users\Arshad-3\My Documents\Mehdia Arshed cover letter.docx
2012-04-02 21:59 - 2012-04-02 21:54 - 0021959 ____A C:\Users\Arshad-3\Documents\Mehdia Arshed cover letter.docx
2012-04-02 21:11 - 2012-03-31 20:47 - 0000000 ____D C:\Users\Arshad-3\Desktop\Download
2012-04-02 15:00 - 2012-04-02 15:00 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{D4192AFC-63D8-4C28-8FF4-3F4E0C7FFFC8}
2012-04-02 15:00 - 2012-04-02 15:00 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{D4192AFC-63D8-4C28-8FF4-3F4E0C7FFFC8}
2012-04-02 15:00 - 2012-04-02 15:00 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{D4192AFC-63D8-4C28-8FF4-3F4E0C7FFFC8}
2012-04-01 23:15 - 2012-03-26 15:18 - 0016613 ____A C:\Users\Arshad-3\My Documents\CANADIAN GEOGRAPHY MARCH 26 12.docx
2012-04-01 23:15 - 2012-03-26 15:18 - 0016613 ____A C:\Users\Arshad-3\Documents\CANADIAN GEOGRAPHY MARCH 26 12.docx
2012-04-01 23:13 - 2012-02-13 16:25 - 0019847 ____A C:\Users\Arshad-3\My Documents\Geography notes Feb 13 2012.docx
2012-04-01 23:13 - 2012-02-13 16:25 - 0019847 ____A C:\Users\Arshad-3\Documents\Geography notes Feb 13 2012.docx
2012-04-01 22:58 - 2012-01-16 16:28 - 0030720 ____A C:\Users\Arshad-3\My Documents\Canadian Geography notes 16.doc
2012-04-01 22:58 - 2012-01-16 16:28 - 0030720 ____A C:\Users\Arshad-3\Documents\Canadian Geography notes 16.doc
2012-04-01 22:56 - 2012-03-05 16:38 - 0019099 ____A C:\Users\Arshad-3\My Documents\GEOGRAPHY March 05 2012.docx
2012-04-01 22:56 - 2012-03-05 16:38 - 0019099 ____A C:\Users\Arshad-3\Documents\GEOGRAPHY March 05 2012.docx
2012-04-01 13:12 - 2012-04-01 13:12 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{7769ED1B-B416-4DAC-95E6-8C07FD7953D2}
2012-04-01 13:12 - 2012-04-01 13:12 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{7769ED1B-B416-4DAC-95E6-8C07FD7953D2}
2012-04-01 13:12 - 2012-04-01 13:12 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{7769ED1B-B416-4DAC-95E6-8C07FD7953D2}
2012-04-01 13:11 - 2012-01-09 23:33 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-03-31 20:46 - 2012-03-31 20:46 - 2741837 ____A (Media Finder ) C:\Users\Arshad-3\Downloads\perfect_strangers_2004_torrent.new.djvu.exe
2012-03-31 15:33 - 2012-03-31 15:33 - 2219520 ____A C:\Users\Arshad-3\Downloads\Nova_Scotia.ppt
2012-03-31 15:33 - 2012-03-31 15:33 - 0130464 ____A C:\Users\Arshad-3\Downloads\Ontario_pres._.docx
2012-03-31 15:32 - 2012-03-31 15:31 - 6580224 ____A C:\Users\Arshad-3\Downloads\peipresentation.ppt
2012-03-31 15:31 - 2012-03-31 15:31 - 6351872 ____A C:\Users\Arshad-3\Downloads\Alberta-_Province_Presentation.ppt
2012-03-31 15:31 - 2012-03-31 15:31 - 1269284 ____A C:\Users\Arshad-3\Downloads\POLS2600_New_Brunswick_-_Melinda_Lana.pptx
2012-03-31 15:31 - 2012-03-31 15:31 - 1126912 ____A C:\Users\Arshad-3\Downloads\Manitoba.ppt
2012-03-31 15:31 - 2012-03-31 15:31 - 0598153 ____A C:\Users\Arshad-3\Downloads\Jeopardy_pptfinal.pptx
2012-03-31 15:31 - 2012-03-31 15:31 - 0258541 ____A C:\Users\Arshad-3\Downloads\Newfoundland_and_Labrador.pptx
2012-03-31 15:31 - 2012-03-31 15:31 - 0079849 ____A C:\Users\Arshad-3\Downloads\Quebec.pptx
2012-03-31 11:24 - 2012-03-31 11:24 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{7ACE8DE8-0711-4B9C-855C-AA89DC33801C}
2012-03-31 11:24 - 2012-03-31 11:24 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{7ACE8DE8-0711-4B9C-855C-AA89DC33801C}
2012-03-31 11:24 - 2012-03-31 11:24 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{7ACE8DE8-0711-4B9C-855C-AA89DC33801C}
2012-03-30 18:23 - 2012-03-30 18:23 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{A85F03FE-565E-4C38-8225-E3EEAF6A298A}
2012-03-30 18:23 - 2012-03-30 18:23 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{A85F03FE-565E-4C38-8225-E3EEAF6A298A}
2012-03-30 18:23 - 2012-03-30 18:23 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{A85F03FE-565E-4C38-8225-E3EEAF6A298A}
2012-03-30 11:44 - 2011-02-10 11:10 - 0764746 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-29 08:37 - 2012-03-29 08:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{E7AA3202-CC90-4CD2-BED5-AD1E7B885BEB}
2012-03-29 08:37 - 2012-03-29 08:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{E7AA3202-CC90-4CD2-BED5-AD1E7B885BEB}
2012-03-29 08:37 - 2012-03-29 08:37 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{E7AA3202-CC90-4CD2-BED5-AD1E7B885BEB}
2012-03-29 02:00 - 2012-04-23 14:43 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-28 11:07 - 2012-03-28 11:07 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{D91DCE70-C86B-4C58-BF81-F2EA652DDF07}
2012-03-28 11:07 - 2012-03-28 11:07 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{6022D1C7-5827-4D25-A9C1-C30D3B09F521}
2012-03-28 11:07 - 2012-03-28 11:07 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{D91DCE70-C86B-4C58-BF81-F2EA652DDF07}
2012-03-28 11:07 - 2012-03-28 11:07 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{6022D1C7-5827-4D25-A9C1-C30D3B09F521}
2012-03-28 11:07 - 2012-03-28 11:07 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{D91DCE70-C86B-4C58-BF81-F2EA652DDF07}
2012-03-28 11:07 - 2012-03-28 11:07 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{6022D1C7-5827-4D25-A9C1-C30D3B09F521}
2012-03-28 08:53 - 2011-12-25 01:22 - 0000000 ____D C:\Users\Arshad-3\Application Data\Skype
2012-03-28 08:53 - 2011-12-25 01:22 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\Skype
2012-03-28 08:31 - 2012-03-28 08:31 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{B6FB9585-7C87-47F5-A71C-02CE8440C285}
2012-03-28 08:31 - 2012-03-28 08:31 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{1EB1046C-F682-48A1-935E-AEE265EA090C}
2012-03-28 08:31 - 2012-03-28 08:31 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{B6FB9585-7C87-47F5-A71C-02CE8440C285}
2012-03-28 08:31 - 2012-03-28 08:31 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{1EB1046C-F682-48A1-935E-AEE265EA090C}
2012-03-28 08:31 - 2012-03-28 08:31 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{B6FB9585-7C87-47F5-A71C-02CE8440C285}
2012-03-28 08:31 - 2012-03-28 08:31 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{1EB1046C-F682-48A1-935E-AEE265EA090C}
2012-03-27 23:11 - 2012-03-27 23:11 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{E49859AD-E199-4673-AE42-3DF86F4EC446}
2012-03-27 23:11 - 2012-03-27 23:11 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{CBD9990C-CFA0-4244-9F7C-CAACEB9108FF}
2012-03-27 23:11 - 2012-03-27 23:11 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{E49859AD-E199-4673-AE42-3DF86F4EC446}
2012-03-27 23:11 - 2012-03-27 23:11 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{CBD9990C-CFA0-4244-9F7C-CAACEB9108FF}
2012-03-27 23:11 - 2012-03-27 23:11 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{E49859AD-E199-4673-AE42-3DF86F4EC446}
2012-03-27 23:11 - 2012-03-27 23:11 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{CBD9990C-CFA0-4244-9F7C-CAACEB9108FF}
2012-03-27 14:07 - 2012-03-27 14:07 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{13163618-1989-4284-BE20-A7798599ECEC}
2012-03-27 14:07 - 2012-03-27 14:07 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{13163618-1989-4284-BE20-A7798599ECEC}
2012-03-27 14:07 - 2012-03-27 14:07 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{13163618-1989-4284-BE20-A7798599ECEC}
2012-03-27 14:07 - 2012-03-27 14:06 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{27D0254D-62E0-42E2-B5AD-419C1F7B58DE}
2012-03-27 14:07 - 2012-03-27 14:06 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{27D0254D-62E0-42E2-B5AD-419C1F7B58DE}
2012-03-27 14:07 - 2012-03-27 14:06 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{27D0254D-62E0-42E2-B5AD-419C1F7B58DE}
2012-03-27 11:34 - 2012-03-27 11:32 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Arshad-3\Downloads\mbam--setup-1.60.1.1000.exe
2012-03-27 07:44 - 2012-03-27 07:44 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{3A507A73-2D95-47B8-A4D5-4DE2B6F8A72F}
2012-03-27 07:44 - 2012-03-27 07:44 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{3A507A73-2D95-47B8-A4D5-4DE2B6F8A72F}
2012-03-27 07:44 - 2012-03-27 07:44 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{3A507A73-2D95-47B8-A4D5-4DE2B6F8A72F}
2012-03-27 07:44 - 2012-03-27 07:43 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{E33BAE92-59EF-4B33-B3D0-04A7208DD57D}
2012-03-27 07:44 - 2012-03-27 07:43 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{E33BAE92-59EF-4B33-B3D0-04A7208DD57D}
2012-03-27 07:44 - 2012-03-27 07:43 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{E33BAE92-59EF-4B33-B3D0-04A7208DD57D}
2012-03-27 02:04 - 2012-03-26 23:10 - 0021444 ____A C:\Users\Arshad-3\My Documents\When viewing historical events or history in general itself we often hear the phrase.docx
2012-03-27 02:04 - 2012-03-26 23:10 - 0021444 ____A C:\Users\Arshad-3\Documents\When viewing historical events or history in general itself we often hear the phrase.docx
2012-03-26 22:01 - 2012-03-26 22:01 - 0817664 ____A C:\Users\Arshad-3\Downloads\Ewout Frankema - Full Paper 62.doc
2012-03-26 15:18 - 2012-03-26 15:18 - 0000162 ___AH C:\Users\Arshad-3\My Documents\~$NADIAN GEOGRAPHY MARCH 26 12.docx
2012-03-26 15:18 - 2012-03-26 15:18 - 0000162 ___AH C:\Users\Arshad-3\Documents\~$NADIAN GEOGRAPHY MARCH 26 12.docx
2012-03-25 10:09 - 2012-03-25 10:09 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{38F624AA-9CBE-4101-AFE3-F2E2DE044A4E}
2012-03-25 10:09 - 2012-03-25 10:09 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{38F624AA-9CBE-4101-AFE3-F2E2DE044A4E}
2012-03-25 10:09 - 2012-03-25 10:09 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{38F624AA-9CBE-4101-AFE3-F2E2DE044A4E}
2012-03-25 10:09 - 2012-03-25 10:08 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{A3965AB8-8BE4-4FC9-827F-6D1DB697500B}
2012-03-25 10:09 - 2012-03-25 10:08 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{A3965AB8-8BE4-4FC9-827F-6D1DB697500B}
2012-03-25 10:09 - 2012-03-25 10:08 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{A3965AB8-8BE4-4FC9-827F-6D1DB697500B}
2012-03-24 11:10 - 2012-03-24 11:10 - 37931600 ____A C:\Users\Arshad-3\Downloads\GraboidVideoSetup-3.05-Complete (2).exe
2012-03-24 11:10 - 2012-03-24 11:10 - 37931600 ____A C:\Users\Arshad-3\Downloads\GraboidVideoSetup-3.05-Complete (1).exe
2012-03-24 11:10 - 2012-03-24 11:09 - 37931600 ____A C:\Users\Arshad-3\Downloads\GraboidVideoSetup-3.05-Complete.exe
2012-03-24 10:42 - 2011-12-06 20:46 - 0000000 ____D C:\Windows\AutoKMS
2012-03-23 10:37 - 2012-03-23 10:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{68961418-40CF-4B3F-A562-B36ECA1A00C5}
2012-03-23 10:37 - 2012-03-23 10:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{0D7950B9-541E-445A-8CB6-23295213A28F}
2012-03-23 10:37 - 2012-03-23 10:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{68961418-40CF-4B3F-A562-B36ECA1A00C5}
2012-03-23 10:37 - 2012-03-23 10:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{0D7950B9-541E-445A-8CB6-23295213A28F}
2012-03-23 10:37 - 2012-03-23 10:37 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{68961418-40CF-4B3F-A562-B36ECA1A00C5}
2012-03-23 10:37 - 2012-03-23 10:37 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{0D7950B9-541E-445A-8CB6-23295213A28F}
2012-03-22 18:13 - 2012-03-22 18:02 - 0000000 ____D C:\Users\Arshad-3\My Documents\hidownload
2012-03-22 18:13 - 2012-03-22 18:02 - 0000000 ____D C:\Users\Arshad-3\Documents\hidownload
2012-03-22 17:43 - 2012-03-22 17:43 - 0180606 ____A C:\Users\Arshad-3\My Documents\PDR.dmp
2012-03-22 17:43 - 2012-03-22 17:43 - 0180606 ____A C:\Users\Arshad-3\Documents\PDR.dmp
2012-03-22 17:23 - 2012-03-22 17:23 - 0000436 ____A C:\Users\Arshad-3\.swfinfo
2012-03-22 17:23 - 2012-03-22 17:23 - 0000000 ____D C:\Users\Arshad-3\My Documents\Video Download Capture
2012-03-22 17:23 - 2012-03-22 17:23 - 0000000 ____D C:\Users\Arshad-3\Documents\Video Download Capture
2012-03-22 17:23 - 2011-11-24 16:08 - 0000000 ____D C:\users\Arshad-3
2012-03-22 17:21 - 2012-03-22 17:21 - 0000000 ____D C:\Users\Arshad-3\Application Data\Apowersoft
2012-03-22 17:21 - 2012-03-22 17:21 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\Apowersoft
2012-03-22 17:21 - 2012-03-22 17:21 - 0000000 ____D C:\Program Files (x86)\Apowersoft
2012-03-22 17:20 - 2012-03-22 17:18 - 28221513 ____A (Apowersoft ) C:\Users\Arshad-3\Downloads\video-download-capture (1).exe
2012-03-22 17:10 - 2012-03-22 17:10 - 0000000 ____D C:\Program Files (x86)\WinPcap
2012-03-22 17:10 - 2012-03-22 17:10 - 0000000 ____D C:\Program Files (x86)\StreamingStar
2012-03-22 17:09 - 2012-03-22 17:09 - 4088549 ____A ( ) C:\Users\Arshad-3\Downloads\hidownload.exe
2012-03-22 15:19 - 2012-03-22 15:19 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{EBF0D2C4-BED6-4A20-88B4-F604D6B1C021}
2012-03-22 15:19 - 2012-03-22 15:19 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{B648DAFA-9FFC-4C0B-9EF5-1DA227900C08}
2012-03-22 15:19 - 2012-03-22 15:19 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{EBF0D2C4-BED6-4A20-88B4-F604D6B1C021}
2012-03-22 15:19 - 2012-03-22 15:19 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{B648DAFA-9FFC-4C0B-9EF5-1DA227900C08}
2012-03-22 15:19 - 2012-03-22 15:19 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{EBF0D2C4-BED6-4A20-88B4-F604D6B1C021}
2012-03-22 15:19 - 2012-03-22 15:19 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{B648DAFA-9FFC-4C0B-9EF5-1DA227900C08}
2012-03-22 13:35 - 2012-03-22 13:33 - 4086001 ____A C:\Users\Arshad-3\Downloads\Jhak Maar Ke Full Song Desi Boyz Deepika Padukone John Abraham.mp3
2012-03-22 13:34 - 2012-03-22 13:33 - 3213302 ____A C:\Users\Arshad-3\Downloads\Allah Maaf Kare Full Song Desi Boyz Feat Akshay Kumar Chitrangada Singh.mp3
2012-03-22 13:34 - 2012-03-22 13:31 - 4343881 ____A C:\Users\Arshad-3\Downloads\Subha Hone Na De Full Song Desi Boyz Akshay Kumar John Abraham.mp3
2012-03-22 12:20 - 2012-03-22 12:20 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{B7A6027A-2611-4DA1-A098-37C3D9862460}
2012-03-22 12:20 - 2012-03-22 12:20 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{B7A6027A-2611-4DA1-A098-37C3D9862460}
2012-03-22 12:20 - 2012-03-22 12:20 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{B7A6027A-2611-4DA1-A098-37C3D9862460}
2012-03-22 12:20 - 2012-03-22 12:19 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{A54CB434-7E69-47B6-85AB-D69F77286B01}
2012-03-22 12:20 - 2012-03-22 12:19 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{A54CB434-7E69-47B6-85AB-D69F77286B01}
2012-03-22 12:20 - 2012-03-22 12:19 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{A54CB434-7E69-47B6-85AB-D69F77286B01}
2012-03-22 09:28 - 2012-03-22 09:28 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{8AC72A4A-200E-4B30-8A36-1BF6F9ADAE61}
2012-03-22 09:28 - 2012-03-22 09:28 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{8AC72A4A-200E-4B30-8A36-1BF6F9ADAE61}
2012-03-22 09:28 - 2012-03-22 09:28 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{8AC72A4A-200E-4B30-8A36-1BF6F9ADAE61}
2012-03-22 09:28 - 2012-03-22 09:27 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{386BF65E-F8CB-4990-8435-F467510C924A}
2012-03-22 09:28 - 2012-03-22 09:27 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{386BF65E-F8CB-4990-8435-F467510C924A}
2012-03-22 09:28 - 2012-03-22 09:27 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{386BF65E-F8CB-4990-8435-F467510C924A}
2012-03-22 03:11 - 2012-03-21 16:16 - 0027533 ____A C:\Users\Arshad-3\My Documents\Le Canada étant un pays qui est constitué de deux cultures majeures.docx
2012-03-22 03:11 - 2012-03-21 16:16 - 0027533 ____A C:\Users\Arshad-3\Documents\Le Canada étant un pays qui est constitué de deux cultures majeures.docx
2012-03-21 20:49 - 2011-12-06 20:47 - 0001298 ____A C:\Users\Arshad-3\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2012-03-21 20:49 - 2011-12-06 20:47 - 0001298 ____A C:\Users\Arshad-3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2012-03-21 13:56 - 2012-03-21 13:56 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{A434CB0E-0314-41D7-8162-AEC6854A0ECD}
2012-03-21 13:56 - 2012-03-21 13:56 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{73A15B3A-5DB7-44FA-AB7F-03C4F52F47F5}
2012-03-21 13:56 - 2012-03-21 13:56 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{A434CB0E-0314-41D7-8162-AEC6854A0ECD}
2012-03-21 13:56 - 2012-03-21 13:56 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{73A15B3A-5DB7-44FA-AB7F-03C4F52F47F5}
2012-03-21 13:56 - 2012-03-21 13:56 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{A434CB0E-0314-41D7-8162-AEC6854A0ECD}
2012-03-21 13:56 - 2012-03-21 13:56 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{73A15B3A-5DB7-44FA-AB7F-03C4F52F47F5}
2012-03-20 20:47 - 2012-03-20 20:47 - 0015930 ____A C:\Users\Arshad-3\My Documents\Multuculturalisme etudes canadiennes.docx
2012-03-20 20:47 - 2012-03-20 20:47 - 0015930 ____A C:\Users\Arshad-3\Documents\Multuculturalisme etudes canadiennes.docx
2012-03-20 06:37 - 2012-03-20 06:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{B44782FA-7B8C-4135-9CD5-13D2BE967272}
2012-03-20 06:37 - 2012-03-20 06:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{816F9980-53A8-4CFA-BD8B-C76743BAD828}
2012-03-20 06:37 - 2012-03-20 06:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{B44782FA-7B8C-4135-9CD5-13D2BE967272}
2012-03-20 06:37 - 2012-03-20 06:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{816F9980-53A8-4CFA-BD8B-C76743BAD828}
2012-03-20 06:37 - 2012-03-20 06:37 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{B44782FA-7B8C-4135-9CD5-13D2BE967272}
2012-03-20 06:37 - 2012-03-20 06:37 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{816F9980-53A8-4CFA-BD8B-C76743BAD828}
2012-03-19 18:05 - 2012-03-19 18:05 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{94A9034B-3904-4757-B6CC-A3EA78C74E88}
2012-03-19 18:05 - 2012-03-19 18:05 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{94A9034B-3904-4757-B6CC-A3EA78C74E88}
2012-03-19 18:05 - 2012-03-19 18:05 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{94A9034B-3904-4757-B6CC-A3EA78C74E88}
2012-03-19 15:18 - 2012-03-19 15:11 - 0016334 ____A C:\Users\Arshad-3\My Documents\CANADIAN GEOGRAPHY March 19 2012.docx
2012-03-19 15:18 - 2012-03-19 15:11 - 0016334 ____A C:\Users\Arshad-3\Documents\CANADIAN GEOGRAPHY March 19 2012.docx
2012-03-19 15:11 - 2012-03-19 15:11 - 0000162 ___AH C:\Users\Arshad-3\My Documents\~$NADIAN GEOGRAPHY March 19 2012.docx
2012-03-19 15:11 - 2012-03-19 15:11 - 0000162 ___AH C:\Users\Arshad-3\Documents\~$NADIAN GEOGRAPHY March 19 2012.docx
2012-03-19 15:02 - 2012-03-19 15:02 - 0144298 ____A C:\Users\Arshad-3\Downloads\194-644-1-PB.pdf
2012-03-19 13:59 - 2012-03-19 13:55 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{D2FD158E-66BF-41AB-97AB-E50DF01290BC}
2012-03-19 13:59 - 2012-03-19 13:55 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{D2FD158E-66BF-41AB-97AB-E50DF01290BC}
2012-03-19 13:59 - 2012-03-19 13:55 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{D2FD158E-66BF-41AB-97AB-E50DF01290BC}
2012-03-18 21:17 - 2011-12-01 00:05 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-18 20:20 - 2012-03-18 20:18 - 28175127 ____A (Apowersoft ) C:\Users\Arshad-3\Downloads\video-download-capture.exe
2012-03-17 17:50 - 2012-03-17 17:15 - 0000000 ____D C:\Users\Arshad-3\Downloads\my first wedding
2012-03-15 14:36 - 2012-03-15 14:35 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{73223C93-E1CA-4905-851F-3328DB43811E}
2012-03-15 14:36 - 2012-03-15 14:35 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{73223C93-E1CA-4905-851F-3328DB43811E}
2012-03-15 14:36 - 2012-03-15 14:35 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{73223C93-E1CA-4905-851F-3328DB43811E}
2012-03-15 14:35 - 2012-03-15 14:35 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{69DA86FB-B7AF-458B-9CAC-2B762AA5B033}
2012-03-15 14:35 - 2012-03-15 14:35 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{69DA86FB-B7AF-458B-9CAC-2B762AA5B033}
2012-03-15 14:35 - 2012-03-15 14:35 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{69DA86FB-B7AF-458B-9CAC-2B762AA5B033}
2012-03-15 10:12 - 2012-03-15 10:12 - 0000510 ____A C:\settings.ini
2012-03-15 09:06 - 2012-03-15 09:06 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{DC50EE11-D324-4088-B8A9-4F407A82C6C4}
2012-03-15 09:06 - 2012-03-15 09:06 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{DC50EE11-D324-4088-B8A9-4F407A82C6C4}
2012-03-15 09:06 - 2012-03-15 09:06 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{DC50EE11-D324-4088-B8A9-4F407A82C6C4}
2012-03-14 13:31 - 2009-07-13 23:45 - 0490568 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-13 17:07 - 2012-03-13 17:05 - 0012126 ____A C:\avi_log.txt
2012-03-13 17:07 - 2012-03-13 17:05 - 0000000 ____D C:\ConverterOutput
2012-03-13 17:05 - 2012-03-13 17:05 - 0000000 ____D C:\Program Files (x86)\Cucusoft
2012-03-13 17:04 - 2012-03-13 17:04 - 2146118 ____A C:\Users\Arshad-3\Downloads\16. Bull Run(Knight and Day Soundtrack) - John Powell.mp3
2012-03-13 17:04 - 2012-03-13 17:03 - 0000000 ____D C:\Users\Arshad-3\Application Data\GetRightToGo
2012-03-13 17:04 - 2012-03-13 17:03 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\GetRightToGo
2012-03-13 17:03 - 2012-03-13 17:03 - 0367272 ____A (RegNow.com) C:\Users\Arshad-3\Downloads\Download_avi-pro-regnow.exe
2012-03-12 18:28 - 2012-03-12 18:28 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{EABA94DD-1954-4E55-9B7E-AD528E245849}
2012-03-12 18:28 - 2012-03-12 18:28 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{BC529220-5076-49F1-9A3E-BCE538D95BDA}
2012-03-12 18:28 - 2012-03-12 18:28 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{EABA94DD-1954-4E55-9B7E-AD528E245849}
2012-03-12 18:28 - 2012-03-12 18:28 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{BC529220-5076-49F1-9A3E-BCE538D95BDA}
2012-03-12 18:28 - 2012-03-12 18:28 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{EABA94DD-1954-4E55-9B7E-AD528E245849}
2012-03-12 18:28 - 2012-03-12 18:28 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{BC529220-5076-49F1-9A3E-BCE538D95BDA}
2012-03-12 15:43 - 2012-03-12 15:43 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-03-12 15:42 - 2012-03-12 15:42 - 0019834 ____A C:\Users\Arshad-3\My Documents\GEOGRAPHY OF CANADA March 12 2012.docx
2012-03-12 15:42 - 2012-03-12 15:42 - 0019834 ____A C:\Users\Arshad-3\Documents\GEOGRAPHY OF CANADA March 12 2012.docx
2012-03-12 15:42 - 2012-03-12 15:38 - 22012750 ____A C:\Users\Arshad-3\Downloads\vlc-2.0.0-win32.exe
2012-03-12 15:40 - 2012-03-12 15:40 - 0260720 ____A (Premium) C:\Users\Arshad-3\Downloads\DownloadSetup.exe
2012-03-11 19:02 - 2012-03-11 19:02 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{03506D91-7680-4670-98D1-4D915B0817ED}
2012-03-11 19:02 - 2012-03-11 19:02 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{03506D91-7680-4670-98D1-4D915B0817ED}
2012-03-11 19:02 - 2012-03-11 19:02 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{03506D91-7680-4670-98D1-4D915B0817ED}
2012-03-11 19:02 - 2012-03-11 19:01 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{5D81458A-B354-46AE-A314-6281D8DC4E9C}
2012-03-11 19:02 - 2012-03-11 19:01 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{5D81458A-B354-46AE-A314-6281D8DC4E9C}
2012-03-11 19:02 - 2012-03-11 19:01 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{5D81458A-B354-46AE-A314-6281D8DC4E9C}
2012-03-11 15:15 - 2012-03-11 15:14 - 0000000 ____D C:\Users\Arshad-3\Downloads\Knight and Day (2010) R5 XviD-MAXSPEED
2012-03-11 00:03 - 2012-03-11 00:03 - 0131394 ____A C:\Users\Arshad-3\Downloads\missionimpossible4_poster_7.jpg
2012-03-10 23:52 - 2012-03-10 23:52 - 1264964 ____A C:\Users\Arshad-3\Downloads\mission-impossible-4-foreign-poster-yellow.jpg
2012-03-10 21:16 - 2012-03-10 21:16 - 0260720 ____A (Premium) C:\Users\Arshad-3\Downloads\Codec-C (3).exe
2012-03-10 18:58 - 2012-03-10 17:41 - 0016411 ____A C:\Users\Arshad-3\My Documents\Iago inference.docx
2012-03-10 18:58 - 2012-03-10 17:41 - 0016411 ____A C:\Users\Arshad-3\Documents\Iago inference.docx
2012-03-08 19:14 - 2012-03-08 19:14 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{BF34B66A-3F32-4F75-B470-7AFF19D718D1}
2012-03-08 19:14 - 2012-03-08 19:14 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{BF34B66A-3F32-4F75-B470-7AFF19D718D1}
2012-03-08 19:14 - 2012-03-08 19:14 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{BF34B66A-3F32-4F75-B470-7AFF19D718D1}
2012-03-08 19:14 - 2012-03-08 19:13 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{B4E948BE-5B3C-41B5-B28E-730D77ACB2AA}
2012-03-08 19:14 - 2012-03-08 19:13 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{B4E948BE-5B3C-41B5-B28E-730D77ACB2AA}
2012-03-08 19:14 - 2012-03-08 19:13 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{B4E948BE-5B3C-41B5-B28E-730D77ACB2AA}
2012-03-08 14:24 - 2012-03-08 14:09 - 2513529 ____A C:\Users\Arshad-3\Downloads\preview.mp3
2012-03-08 13:49 - 2012-03-08 13:48 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{3F2541EF-99EA-479C-81F2-A41D7E9EA35B}
2012-03-08 13:49 - 2012-03-08 13:48 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{3F2541EF-99EA-479C-81F2-A41D7E9EA35B}
2012-03-08 13:49 - 2012-03-08 13:48 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{3F2541EF-99EA-479C-81F2-A41D7E9EA35B}
2012-03-08 13:47 - 2009-07-14 00:08 - 0032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-08 11:43 - 2011-12-26 15:38 - 0000000 ____D C:\Program Files (x86)\Google
2012-03-08 11:39 - 2012-03-08 11:39 - 0733304 ____A (Google Inc.) C:\Users\Arshad-3\Downloads\ChromeSetup.exe
2012-03-08 10:04 - 2012-03-08 10:04 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{D3EA24F3-2A6B-477D-8A66-061253044E2C}
2012-03-08 10:04 - 2012-03-08 10:04 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{D3EA24F3-2A6B-477D-8A66-061253044E2C}
2012-03-08 10:04 - 2012-03-08 10:04 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{D3EA24F3-2A6B-477D-8A66-061253044E2C}
2012-03-08 08:31 - 2012-03-08 08:31 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{7B1A22B5-9999-4D38-B50E-5B74E677ABA4}
2012-03-08 08:31 - 2012-03-08 08:31 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{7B1A22B5-9999-4D38-B50E-5B74E677ABA4}
2012-03-08 08:31 - 2012-03-08 08:31 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{7B1A22B5-9999-4D38-B50E-5B74E677ABA4}
2012-03-07 13:03 - 2012-03-07 13:03 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{27C6C89C-0022-4250-BB2F-B4B329BCD890}
2012-03-07 13:03 - 2012-03-07 13:03 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{27C6C89C-0022-4250-BB2F-B4B329BCD890}
2012-03-07 13:03 - 2012-03-07 13:03 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{27C6C89C-0022-4250-BB2F-B4B329BCD890}
2012-03-07 13:03 - 2012-03-07 13:02 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{BC55F715-C00F-4CB5-B613-CC1518ABFD0E}
2012-03-07 13:03 - 2012-03-07 13:02 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{BC55F715-C00F-4CB5-B613-CC1518ABFD0E}
2012-03-07 13:03 - 2012-03-07 13:02 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{BC55F715-C00F-4CB5-B613-CC1518ABFD0E}
2012-03-06 01:53 - 2012-04-11 02:01 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-06 00:59 - 2012-04-11 02:01 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-06 00:59 - 2012-04-11 02:01 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-05 15:05 - 2012-03-05 15:05 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{D3B1F0CD-69F4-41DC-92C4-0A9988E1FD7A}
2012-03-05 15:05 - 2012-03-05 15:05 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{D3B1F0CD-69F4-41DC-92C4-0A9988E1FD7A}
2012-03-05 15:05 - 2012-03-05 15:05 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{D3B1F0CD-69F4-41DC-92C4-0A9988E1FD7A}
2012-03-04 15:17 - 2012-03-04 15:16 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{CCCB51D0-9110-4301-A7E6-C36A3EAE959B}
2012-03-04 15:17 - 2012-03-04 15:16 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{CCCB51D0-9110-4301-A7E6-C36A3EAE959B}
2012-03-04 15:17 - 2012-03-04 15:16 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{CCCB51D0-9110-4301-A7E6-C36A3EAE959B}
2012-03-04 15:16 - 2012-03-04 15:16 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{7483AD3E-E978-403B-90D9-9D901082F1E2}
2012-03-04 15:16 - 2012-03-04 15:16 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{7483AD3E-E978-403B-90D9-9D901082F1E2}
2012-03-04 15:16 - 2012-03-04 15:16 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{7483AD3E-E978-403B-90D9-9D901082F1E2}
2012-03-03 22:04 - 2011-11-19 11:05 - 0000000 ____D C:\Users\All Users\McAfee
2012-03-03 22:04 - 2011-11-19 11:05 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2012-03-03 22:04 - 2011-11-19 11:05 - 0000000 ____D C:\ProgramData\McAfee
2012-03-03 22:04 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-03-03 15:57 - 2012-03-03 15:57 - 0000000 ____D C:\Program Files (x86)\Microsoft Expression
2012-03-03 15:06 - 2012-03-03 15:05 - 25279344 ____A (Microsoft Corporation) C:\Users\Arshad-3\Downloads\Encoder_en.exe
2012-03-03 12:59 - 2012-03-03 12:59 - 0017774 ____A C:\Users\Arshad-3\Downloads\housing_sheppard-markham-rent_.kml
2012-03-03 10:37 - 2012-03-03 10:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{D439C11F-B996-4444-9123-A8314C22C897}
2012-03-03 10:37 - 2012-03-03 10:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{437E4D91-F2FB-437B-A51B-DF5D072B0B8B}
2012-03-03 10:37 - 2012-03-03 10:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{D439C11F-B996-4444-9123-A8314C22C897}
2012-03-03 10:37 - 2012-03-03 10:37 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{437E4D91-F2FB-437B-A51B-DF5D072B0B8B}
2012-03-03 10:37 - 2012-03-03 10:37 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{D439C11F-B996-4444-9123-A8314C22C897}
2012-03-03 10:37 - 2012-03-03 10:37 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{437E4D91-F2FB-437B-A51B-DF5D072B0B8B}
2012-03-02 22:20 - 2012-03-02 22:20 - 0000000 ____D C:\Users\Arshad-3\Application Data\Media Player Classic
2012-03-02 22:20 - 2012-03-02 22:20 - 0000000 ____D C:\Users\Arshad-3\AppData\Roaming\Media Player Classic
2012-03-02 22:19 - 2012-03-02 22:19 - 0000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2012-03-02 22:19 - 2012-03-02 22:13 - 0000000 ____D C:\Windows\SysWOW64\directx
2012-03-02 22:18 - 2012-03-02 22:14 - 0000000 ___HD C:\Windows\msdownld.tmp
2012-03-02 22:18 - 2011-11-19 11:02 - 0200396 ____A C:\Windows\DirectX.log
2012-03-02 22:13 - 2012-03-02 22:13 - 0292184 ____A (Microsoft Corporation) C:\Users\Arshad-3\Downloads\dxwebsetup.exe
2012-03-02 22:12 - 2012-03-02 22:11 - 9889896 ____A (CCCP Project ) C:\Users\Arshad-3\Downloads\Combined-Community-Codec-Pack-2011-11-11.exe
2012-03-02 22:06 - 2012-03-02 22:06 - 0000000 ____D C:\Program Files (x86)\ffdshow
2012-03-02 22:05 - 2012-03-02 22:04 - 4702843 ____A (ffdshow ) C:\Users\Arshad-3\Downloads\ffdshow_rev4342_20120228_clsid.exe
2012-03-02 22:02 - 2012-03-02 22:02 - 4026873 ____A C:\Users\Arshad-3\Downloads\DSFP.zip
2012-03-02 22:02 - 2012-03-02 22:02 - 0000000 ____D C:\Users\Arshad-3\Downloads\DSFP
2012-03-02 17:25 - 2012-03-02 17:07 - 0000000 ____D C:\Users\Arshad-3\Downloads\Lara Croft Tomb Raider 1-2 Duology 2001 2003 BluRay 720p x264 ac3 jbr
2012-03-02 16:24 - 2012-03-02 16:24 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{8B15040C-7E7F-4807-A113-AD2F99B197F0}
2012-03-02 16:24 - 2012-03-02 16:24 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{8B15040C-7E7F-4807-A113-AD2F99B197F0}
2012-03-02 16:24 - 2012-03-02 16:24 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{8B15040C-7E7F-4807-A113-AD2F99B197F0}
2012-03-02 16:24 - 2012-03-02 16:23 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{403B745F-4882-42B5-8DA4-E834BE7FF8CE}
2012-03-02 16:24 - 2012-03-02 16:23 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{403B745F-4882-42B5-8DA4-E834BE7FF8CE}
2012-03-02 16:24 - 2012-03-02 16:23 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{403B745F-4882-42B5-8DA4-E834BE7FF8CE}
2012-03-02 16:15 - 2012-03-02 16:15 - 0260160 ____A (Premium) C:\Users\Arshad-3\Downloads\Codec-C(1).exe
2012-03-02 15:37 - 2012-03-02 15:37 - 0000000 ____D C:\Program Files (x86)\Funmoods
2012-03-02 15:36 - 2012-03-02 15:36 - 0260160 ____A (Premium) C:\Users\Arshad-3\Downloads\Codec-C (2).exe
2012-03-01 18:27 - 2012-03-01 18:27 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{AC956393-A649-410C-80BC-99CB411C1B6B}
2012-03-01 18:27 - 2012-03-01 18:27 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{A90044FE-221E-480D-9494-F98D0E3EE8BF}
2012-03-01 18:27 - 2012-03-01 18:27 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{AC956393-A649-410C-80BC-99CB411C1B6B}
2012-03-01 18:27 - 2012-03-01 18:27 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{A90044FE-221E-480D-9494-F98D0E3EE8BF}
2012-03-01 18:27 - 2012-03-01 18:27 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{AC956393-A649-410C-80BC-99CB411C1B6B}
2012-03-01 18:27 - 2012-03-01 18:27 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{A90044FE-221E-480D-9494-F98D0E3EE8BF}
2012-03-01 14:00 - 2012-03-01 14:00 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{EC4D3DB1-B304-41FB-8FCB-3FF3E54281CA}
2012-03-01 14:00 - 2012-03-01 14:00 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{EC4D3DB1-B304-41FB-8FCB-3FF3E54281CA}
2012-03-01 14:00 - 2012-03-01 14:00 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{EC4D3DB1-B304-41FB-8FCB-3FF3E54281CA}
2012-03-01 01:46 - 2012-04-11 02:00 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-03-01 01:38 - 2012-04-11 02:00 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-03-01 01:33 - 2012-04-11 02:00 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-03-01 01:28 - 2012-04-11 02:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-03-01 00:37 - 2012-04-11 02:00 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-03-01 00:33 - 2012-04-11 02:00 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-03-01 00:29 - 2012-04-11 02:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 19:39 - 2012-03-22 17:21 - 0574200 ___AH (Bytescout) C:\Windows\System32\BytescoutScreenCapturing.dll
2012-02-29 19:39 - 2012-03-22 17:21 - 0421624 ___AH (Bytescout) C:\Windows\SysWOW64\BytescoutScreenCapturing.dll
2012-02-29 19:39 - 2012-03-22 17:21 - 0362232 ___AH (Bytescout) C:\Windows\System32\BytescoutScreenCapturingFilter.dll
2012-02-29 19:39 - 2012-03-22 17:21 - 0257784 ___AH (Bytescout) C:\Windows\SysWOW64\BytescoutScreenCapturingFilter.dll
2012-02-29 19:39 - 2012-03-22 17:21 - 0231672 ___AH (Bytescout) C:\Windows\System32\BytescoutVideoMixerFilter.dll
2012-02-29 19:39 - 2012-03-22 17:21 - 0175864 ___AH (Bytescout) C:\Windows\SysWOW64\BytescoutVideoMixerFilter.dll
2012-02-28 08:48 - 2012-02-28 08:47 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{BAA7757F-3347-47DA-8C98-51E15205B532}
2012-02-28 08:48 - 2012-02-28 08:47 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{BAA7757F-3347-47DA-8C98-51E15205B532}
2012-02-28 08:48 - 2012-02-28 08:47 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{BAA7757F-3347-47DA-8C98-51E15205B532}
2012-02-28 08:47 - 2012-02-28 08:44 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{2401F9FC-35F3-48DC-9A01-64AF42A7807C}
2012-02-28 08:47 - 2012-02-28 08:44 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{2401F9FC-35F3-48DC-9A01-64AF42A7807C}
2012-02-28 08:47 - 2012-02-28 08:44 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{2401F9FC-35F3-48DC-9A01-64AF42A7807C}
2012-02-28 02:34 - 2012-04-11 02:01 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 02:02 - 2012-04-11 02:01 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 01:56 - 2012-04-11 02:01 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-28 01:50 - 2012-04-11 02:01 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 01:49 - 2012-04-11 02:01 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 01:48 - 2012-04-11 02:01 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-28 01:48 - 2012-04-11 02:01 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 01:47 - 2012-04-11 02:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 01:45 - 2012-04-11 02:01 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-28 01:43 - 2012-04-11 02:01 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 01:43 - 2012-04-11 02:01 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 01:42 - 2012-04-11 02:01 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-28 01:39 - 2012-04-11 02:01 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 20:52 - 2012-04-11 02:01 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 20:27 - 2012-04-11 02:01 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 20:18 - 2012-04-11 02:01 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 20:12 - 2012-04-11 02:01 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 20:11 - 2012-04-11 02:01 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 20:11 - 2012-04-11 02:01 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 20:09 - 2012-04-11 02:01 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 20:08 - 2012-04-11 02:01 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 20:06 - 2012-04-11 02:01 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 20:04 - 2012-04-11 02:01 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 20:03 - 2012-04-11 02:01 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 20:03 - 2012-04-11 02:01 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 19:59 - 2012-04-11 02:01 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-26 16:47 - 2012-03-02 22:06 - 0079360 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-02-26 16:45 - 2012-03-02 22:06 - 0048128 ____A C:\Windows\SysWOW64\ff_acm.acm
2012-02-26 10:42 - 2012-02-26 10:42 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{47B88B26-11D1-436E-8763-6C045CF984B6}
2012-02-26 10:42 - 2012-02-26 10:42 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{31B23F3A-E31C-45A5-ABD4-24A379692A93}
2012-02-26 10:42 - 2012-02-26 10:42 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{47B88B26-11D1-436E-8763-6C045CF984B6}
2012-02-26 10:42 - 2012-02-26 10:42 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{31B23F3A-E31C-45A5-ABD4-24A379692A93}
2012-02-26 10:42 - 2012-02-26 10:42 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{47B88B26-11D1-436E-8763-6C045CF984B6}
2012-02-26 10:42 - 2012-02-26 10:42 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{31B23F3A-E31C-45A5-ABD4-24A379692A93}
2012-02-24 18:24 - 2012-02-24 18:23 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{74C1C2E8-B568-4853-8D17-FACD7F73BE5D}
2012-02-24 18:24 - 2012-02-24 18:23 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{74C1C2E8-B568-4853-8D17-FACD7F73BE5D}
2012-02-24 18:24 - 2012-02-24 18:23 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{74C1C2E8-B568-4853-8D17-FACD7F73BE5D}
2012-02-24 18:23 - 2012-02-24 18:23 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{2ED84361-64BC-4259-9BEC-E0793340CD13}
2012-02-24 18:23 - 2012-02-24 18:23 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{2ED84361-64BC-4259-9BEC-E0793340CD13}
2012-02-24 18:23 - 2012-02-24 18:23 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{2ED84361-64BC-4259-9BEC-E0793340CD13}
2012-02-23 09:18 - 2010-11-20 22:27 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 21:18 - 2012-02-22 21:18 - 0013672 ____A C:\Users\Arshad-3\My Documents\ATM 2799.docx
2012-02-22 21:18 - 2012-02-22 21:18 - 0013672 ____A C:\Users\Arshad-3\Documents\ATM 2799.docx
2012-02-22 13:09 - 2012-02-22 13:09 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{9FA5BEC1-840B-4C90-A6C7-B8BC917AA142}
2012-02-22 13:09 - 2012-02-22 13:09 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{9FA5BEC1-840B-4C90-A6C7-B8BC917AA142}
2012-02-22 13:09 - 2012-02-22 13:09 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{9FA5BEC1-840B-4C90-A6C7-B8BC917AA142}
2012-02-22 13:09 - 2012-02-22 13:08 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{B43ADD58-6FD4-4F7D-A3A5-DF22B8C999A6}
2012-02-22 13:09 - 2012-02-22 13:08 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{B43ADD58-6FD4-4F7D-A3A5-DF22B8C999A6}
2012-02-22 13:09 - 2012-02-22 13:08 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{B43ADD58-6FD4-4F7D-A3A5-DF22B8C999A6}
2012-02-22 13:08 - 2012-02-21 19:44 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Windows Live
2012-02-22 13:08 - 2012-02-21 19:44 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\Windows Live
2012-02-22 13:08 - 2012-02-21 19:44 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\Windows Live
2012-02-21 19:44 - 2012-02-21 19:43 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\{C6053066-FFF5-46F1-A8CB-FC774BC550F6}
2012-02-21 19:44 - 2012-02-21 19:43 - 0000000 ____D C:\Users\Arshad-3\Local Settings\{C6053066-FFF5-46F1-A8CB-FC774BC550F6}
2012-02-21 19:44 - 2012-02-21 19:43 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\{C6053066-FFF5-46F1-A8CB-FC774BC550F6}
2012-02-19 11:01 - 2011-12-18 00:41 - 3590182 ____A C:\Users\Arshad-3\Desktop\mnela.bmp
2012-02-19 02:23 - 2012-02-19 02:23 - 0000000 ____D C:\Users\All Users\Application Data\100
2012-02-19 02:23 - 2012-02-19 02:23 - 0000000 ____D C:\Users\All Users\100
2012-02-19 02:23 - 2012-02-19 02:23 - 0000000 ____D C:\ProgramData\100
2012-02-19 02:22 - 2012-02-19 02:22 - 0256056 ____A (Premium) C:\Users\Arshad-3\Downloads\Codec-C (1).exe
2012-02-17 11:29 - 2011-11-24 16:11 - 0000402 __ASH C:\Users\Arshad-3\My Documents\desktop.ini
2012-02-17 11:29 - 2011-11-24 16:11 - 0000174 ___SH C:\Users\Arshad-3\Start Menu\Programs\Startup\desktop.ini
2012-02-17 11:29 - 2011-11-24 16:11 - 0000174 ___SH C:\Users\Arshad-3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-17 11:28 - 2011-11-19 11:01 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-17 01:38 - 2012-03-13 17:06 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-17 00:34 - 2012-03-13 17:06 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 23:58 - 2012-03-13 17:06 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 23:57 - 2012-03-13 17:06 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-13 23:39 - 2012-02-13 23:39 - 0169157 ____A C:\Users\Arshad-3\Downloads\322513_10150788149644968_106357469967_12502609_1324487927_o.jpg
2012-02-13 22:28 - 2012-02-08 23:58 - 0027686 ____A C:\Users\Arshad-3\My Documents\The world has known many challenges and at other times has seen some great times.docx
2012-02-13 22:28 - 2012-02-08 23:58 - 0027686 ____A C:\Users\Arshad-3\Documents\The world has known many challenges and at other times has seen some great times.docx
2012-02-13 16:45 - 2012-02-13 16:45 - 53139639 ____A C:\Users\Arshad-3\My Documents\Lecture.wma
2012-02-13 16:45 - 2012-02-13 16:45 - 53139639 ____A C:\Users\Arshad-3\Documents\Lecture.wma
2012-02-13 12:29 - 2011-11-25 10:00 - 0000000 ____D C:\Users\All Users\PCDr
2012-02-13 12:29 - 2011-11-25 10:00 - 0000000 ____D C:\Users\All Users\Application Data\PCDr
2012-02-13 12:29 - 2011-11-25 10:00 - 0000000 ____D C:\ProgramData\PCDr
2012-02-11 23:36 - 2012-02-11 23:36 - 0044029 ____A C:\Users\Arshad-3\Downloads\where-is-this-beach-745232.jpg
2012-02-10 17:22 - 2012-02-10 17:22 - 1483909 ____A C:\Users\Arshad-3\Downloads\ELECTRONIC TICKET AND INVOICE.zip
2012-02-10 17:18 - 2012-02-10 17:18 - 1343411 ____A C:\Users\Arshad-3\Downloads\MAHMOOD ARSHAD MR.pdf
2012-02-10 17:12 - 2011-12-11 19:28 - 0000000 ____D C:\Users\Arshad-3\My Documents\My Received Files
2012-02-10 17:12 - 2011-12-11 19:28 - 0000000 ____D C:\Users\Arshad-3\Documents\My Received Files
2012-02-10 16:15 - 2011-11-30 13:48 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Microsoft Help
2012-02-10 16:15 - 2011-11-30 13:48 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\Microsoft Help
2012-02-10 16:15 - 2011-11-30 13:48 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\Microsoft Help
2012-02-10 01:36 - 2012-03-13 17:07 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-10 00:38 - 2012-03-13 17:07 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:00 - 2012-02-09 21:00 - 0317491 ____A C:\Users\Arshad-3\My Documents\Death of the Emperor Akbar.pdf
2012-02-09 21:00 - 2012-02-09 21:00 - 0317491 ____A C:\Users\Arshad-3\Documents\Death of the Emperor Akbar.pdf
2012-02-09 11:46 - 2012-02-09 11:46 - 1015969 ____A C:\Users\Arshad-3\Downloads\25203020.pdf
2012-02-07 16:53 - 2012-02-07 16:53 - 0000000 ____D C:\Users\Arshad-3\My Documents\Fax
2012-02-07 16:53 - 2012-02-07 16:53 - 0000000 ____D C:\Users\Arshad-3\Documents\Fax
2012-02-06 23:45 - 2012-02-06 23:45 - 0039936 ____A C:\Users\Arshad-3\Downloads\Resume Template 2.doc
2012-02-06 16:46 - 2012-02-06 16:46 - 0019471 ____A C:\Users\Arshad-3\My Documents\Geography.docx
2012-02-06 16:46 - 2012-02-06 16:46 - 0019471 ____A C:\Users\Arshad-3\Documents\Geography.docx
2012-02-05 19:15 - 2012-02-05 19:15 - 0011098 ____A C:\Users\Arshad-3\Downloads\ekonomi_en.zip
2012-02-02 23:59 - 2012-01-29 22:59 - 0051887 ____A C:\Users\Arshad-3\My Documents\flights.docx
2012-02-02 23:59 - 2012-01-29 22:59 - 0051887 ____A C:\Users\Arshad-3\Documents\flights.docx
2012-02-02 23:34 - 2012-03-13 17:07 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-01 21:25 - 2012-02-01 21:25 - 0000162 ___AH C:\Users\Arshad-3\My Documents\~$lights.docx
2012-02-01 21:25 - 2012-02-01 21:25 - 0000162 ___AH C:\Users\Arshad-3\Documents\~$lights.docx
2012-02-01 00:51 - 2012-02-01 00:51 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Premiumplay Codec-C
2012-02-01 00:51 - 2012-02-01 00:51 - 0000000 ____D C:\Users\Arshad-3\Local Settings\Application Data\Premiumplay Codec-C
2012-02-01 00:51 - 2012-02-01 00:51 - 0000000 ____D C:\Users\Arshad-3\AppData\Local\Premiumplay Codec-C
2012-02-01 00:51 - 2012-02-01 00:51 - 0000000 ____D C:\Program Files (x86)\Premiumplay Codec-C
2012-02-01 00:50 - 2011-12-01 00:05 - 0000000 ____D C:\Users\All Users\Premium
2012-02-01 00:50 - 2011-12-01 00:05 - 0000000 ____D C:\Users\All Users\Application Data\Premium
2012-02-01 00:50 - 2011-12-01 00:05 - 0000000 ____D C:\ProgramData\Premium
2012-02-01 00:49 - 2012-02-01 00:49 - 0255544 ____A (Premium) C:\Users\Arshad-3\Downloads\Codec-C.exe
2012-01-31 21:12 - 2012-01-31 21:12 - 0330437 ____A C:\Users\Arshad-3\My Documents\Manual Passport Application.pdf
2012-01-31 21:12 - 2012-01-31 21:12 - 0330437 ____A C:\Users\Arshad-3\Documents\Manual Passport Application.pdf
2012-01-30 02:56 - 2012-01-13 00:10 - 0000000 ____D C:\Users\Arshad-3\dwhelper
2012-01-26 11:29 - 2012-01-26 10:34 - 0016724 ____A C:\Users\Arshad-3\My Documents\Early 1900 Etudes Canadiennes.docx
2012-01-26 11:29 - 2012-01-26 10:34 - 0016724 ____A C:\Users\Arshad-3\Documents\Early 1900 Etudes Canadiennes.docx

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 26%
Total physical RAM: 3990.17 MB
Available physical RAM: 2919.7 MB
Total Pagefile: 3988.37 MB
Available Pagefile: 2932.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:366.89 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:11.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:3.61 GB) (Free:1.62 GB) FAT32
5 Drive g: () (Removable) (Total:1.84 GB) (Free:1.52 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.02 GB) (Free:0.02 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 2048 KB
Disk 1 Online 1886 MB 0 B
Disk 2 Online 3700 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 19 GB 104 MB
Partition 3 Primary 446 GB 19 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 101 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 19 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 446 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1884 MB 67 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G FAT Removable 1884 MB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3699 MB 31 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F FAT32 Removable 3699 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-19 15:29

======================= End Of Log ==========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:31 PM

Posted 23 April 2012 - 07:14 PM

Hi

Please run the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
script removed


end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Now restart, let it boot normally and tell me how it went.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Edited by CatByte, 03 July 2012 - 08:53 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 ComputerDELL

ComputerDELL
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 PM

Posted 23 April 2012 - 07:29 PM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-24 06:26:56 R:1
Running from F:\

==============================================

ShockMgr service deleted successfully.
C:\Windows\System32\wudfrd.dll moved successfully.
HKLM-x32\\\.\.\.\\Run\\HKLM-x32\...\Run: [] [x] Value not found.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ShockMgr Deleted successfully.

========= del /a/f/q c:\windows\tasks\at*.job =========


========= End of CMD: =========

C:\Users\All Users\v5HKJ6iG.exe moved successfully.
C:\Users\All Users\Application Data\v5HKJ6iG.exe not found.
C:\ProgramData\v5HKJ6iG.exe not found.

========= fsutil reparsepoint delete C:\Windows\system64 =========

'fsutil' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

C:\Users\Arshad-3\Downloads\Aimersoft.Dvd.Studio.Pack.2.4.serial.maker.zip moved successfully.
C:\Users\Arshad-3\Desktop\Aimersoft DVD Studio Pack.lnk moved successfully.
C:\Program Files (x86)\Aimersoft moved successfully.
C:\Users\Arshad-3\Downloads\Aimersoft DVD Studio Pack 2.4.0.0 KeyGen -TrT [h33t].torrent not found.
C:\Users\Arshad-3\Downloads\aimer-dvd-creator_full242.exe moved successfully.
C:\Windows\System32\dds_trash_log.cmd moved successfully.
C:\Users\Arshad-3\My Documents\DreamVideoSoft moved successfully.
C:\Users\Arshad-3\Documents\DreamVideoSoft not found.
C:\Users\Arshad-3\Downloads\dream-mkv-converter.exe moved successfully.
C:\Users\Arshad-3\Downloads\Xilisoft MKV Converter 6.0.12 build 0914 key [h33t].torrent not found.
C:\Users\Arshad-3\Downloads\Xilisoft_MKV_Converter_5.1.23_build-0424_Incl_serial_[Bit-Byte].5073181.TPB.torrent moved successfully.

========= bootrec /FixMbr =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bootrec /fixboot =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====




IT WORKED!

#6 ComputerDELL

ComputerDELL
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 PM

Posted 23 April 2012 - 07:44 PM

I'm just waiting for the Combo fix scan to finish!

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:31 PM

Posted 23 April 2012 - 07:44 PM

:thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 ComputerDELL

ComputerDELL
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 PM

Posted 23 April 2012 - 09:07 PM

HERE ARE THE RESULTS


ComboFix 12-04-23.03 - Arshad-3 24/04/2012 6:41.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3990.2272 [GMT -4:00]
Running from: c:\users\Arshad-3\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files (x86)\DealScout
c:\program files (x86)\DealScout\dealscout.crx
c:\program files (x86)\DealScout\installer.ico
c:\program files (x86)\DealScout\uninstall.exe
c:\programdata\100
c:\programdata\Roaming
c:\users\Arshad-3\AppData\Local\MossySkySA
c:\users\Arshad-3\AppData\Local\MossySkySA\bin\2.0.18.0\copyright.txt
c:\users\Arshad-3\AppData\Local\MossySkySA\bin\2.0.18.0\MossySkySACB.exe
c:\users\Arshad-3\AppData\Local\MossySkySA\bin\2.0.18.0\MossySkySAHook.dll
c:\users\Arshad-3\AppData\Local\MossySkySA\data\MossySkySA.dat
c:\users\Arshad-3\AppData\Local\MossySkySA\data\MossySkySA_kyf.dat
c:\users\Arshad-3\AppData\Local\MossySkySA\data\MossySkySAau.dat
c:\users\Arshad-3\AppData\Roaming\Microsoft\~DFK208abee6.tmp
c:\users\Arshad-3\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Arshad-3\AppData\Roaming\Microsoft\bass.dll
c:\users\Arshad-3\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Arshad-3\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Arshad-3\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Arshad-3\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Arshad-3\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Arshad-3\AppData\Roaming\Mozilla\Firefox\Profiles\wqr20n0v.default\weave\toFetch
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\SysWow64\settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 11:25 . 2012-04-24 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 11:14 . 2012-04-24 11:14 -------- d-----w- c:\programdata\McAfee Anti-Theft
2012-04-24 09:00 . 2012-04-24 09:34 -------- d-----w- C:\FRST
2012-04-24 08:26 . 2012-04-24 10:28 -------- d-----w- C:\Emergency
2012-04-23 19:53 . 2012-04-23 19:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-22 03:12 . 2012-04-22 03:12 -------- d-----we c:\windows\system64
2012-04-20 23:05 . 2012-04-20 23:05 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-20 22:10 . 2012-04-20 23:05 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-20 22:10 . 2012-04-20 22:10 -------- d-----w- c:\windows\system32\Macromed
2012-04-20 19:11 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5CEC811B-BE03-4B8E-B37A-31A6D7B04C3E}\mpengine.dll
2012-04-20 05:21 . 2012-04-20 05:21 -------- d-----w- c:\users\Arshad-3\AppData\Roaming\AVS4YOU
2012-04-20 05:19 . 2011-09-16 20:05 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2012-04-20 05:19 . 2012-04-20 05:20 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-04-20 05:19 . 2012-04-21 00:03 -------- d-----w- c:\program files (x86)\AVS4YOU
2012-04-20 05:19 . 2012-04-20 05:21 -------- d-----w- c:\programdata\AVS4YOU
2012-04-20 05:19 . 2011-08-22 20:33 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2012-04-20 05:19 . 2011-08-22 20:32 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-04-18 05:15 . 2012-04-18 05:15 -------- d-----w- c:\users\Arshad-3\AppData\Roaming\Xilisoft
2012-04-18 05:14 . 2012-04-18 05:14 -------- d-----w- c:\programdata\Xilisoft
2012-04-18 05:14 . 2012-04-18 05:14 -------- d-----w- c:\program files (x86)\Xilisoft
2012-04-16 00:59 . 2012-04-20 22:12 -------- d-----w- C:\divx
2012-04-12 02:27 . 2012-04-12 02:27 -------- d-----w- c:\users\Arshad-3\AppData\Roaming\Optimizer Pro
2012-04-12 02:20 . 2012-04-12 02:20 -------- d-----w- c:\program files (x86)\Optimizer Pro
2012-04-12 02:20 . 2012-04-20 22:15 -------- d-----w- c:\programdata\Codecv
2012-04-11 07:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 07:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 07:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 07:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 07:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 07:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 07:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-06 23:54 . 2012-04-06 23:55 -------- d-----w- c:\program files\Dell Support Center
2012-04-04 18:44 . 2012-04-04 18:44 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2012-04-01 01:47 . 2012-04-18 05:25 -------- d-----w- c:\users\Arshad-3\AppData\Roaming\Media Finder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-23 19:53 . 2011-11-19 15:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-20 23:05 . 2011-11-19 15:22 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 04:29 . 2012-03-07 04:29 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-01 00:39 . 2012-03-22 22:21 257784 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll
2012-03-01 00:39 . 2012-03-22 22:21 175864 ---ha-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll
2012-03-01 00:39 . 2012-03-22 22:21 421624 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll
2012-03-01 00:39 . 2012-03-22 22:21 362232 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
2012-03-01 00:39 . 2012-03-22 22:21 231672 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
2012-03-01 00:39 . 2012-03-22 22:21 574200 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll
2012-02-26 21:47 . 2012-03-03 03:06 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-02-26 21:45 . 2012-03-03 03:06 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 22:06 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 22:06 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 22:06 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 22:06 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-13 22:07 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 22:07 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-13 22:07 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "c:\program files (x86)\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1B13B212-EB8A-49CB-8C58-86FD4101E7E4}]
2012-04-11 19:14 140800 ----a-w- c:\programdata\Codecv\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-10-30 08:46 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f3902028-4a21-4793-8e05-793e183d51c2}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\midicairUSA\prxtbmidi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [2011-10-30 89008]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "c:\program files (x86)\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2011-10-20 338296]
"CrossRiderPlugin"="c:\program files (x86)\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Optimizer Pro"="c:\program files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-01-02 81912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-01-07 296056]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Arshad-3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 253088]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-03-08 166912]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 23:05]
.
2012-04-24 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-12-01 19:43]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26 20:38]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26 20:38]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1620107277-2827814893-1988640675-1000Core.job
- c:\users\Arshad-3\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 03:31]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1620107277-2827814893-1988640675-1000UA.job
- c:\users\Arshad-3\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 03:31]
.
2012-04-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
2012-04-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}]
2011-12-07 22:28 414720 ----a-w- c:\users\Arshad-3\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-04-14 6629480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-11 4500640]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=c43f51d20000000000004c8093127b2d
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Arshad-3\AppData\Roaming\Mozilla\Firefox\Profiles\wqr20n0v.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=1083&systemid=1&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=bf4
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=bf4
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=bf4&q=
FF - user.js: extensions.funmoods_i.id - c43f51d20000000000004c8093127b2d
FF - user.js: extensions.funmoods_i.instlDay - 15401
FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.215:37
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - bf4
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.id - c43f51d20000000000004c8093127b2d
FF - user.js: extensions.BabylonToolbar_i.hardId - c43f51d20000000000004c8093127b2d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15448
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:22
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\MF.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Aimersoft Audio Converter_is1 - c:\program files (x86)\Aimersoft\DVD Studio Pack\AudioConverter\unins000.exe
AddRemove-Aimersoft DVD Copy_is1 - c:\program files (x86)\Aimersoft\DVD Studio Pack\DVDCopy\unins000.exe
AddRemove-Aimersoft DVD Creator_is1 - c:\program files (x86)\Aimersoft\DVD Studio Pack\DVDCreator\unins000.exe
AddRemove-Aimersoft DVD Ripper_is1 - c:\program files (x86)\Aimersoft\DVD Studio Pack\DVDRipper\unins000.exe
AddRemove-Aimersoft DVD Studio Pack_is1 - c:\program files (x86)\Aimersoft\DVD Studio Pack\unins000.exe
AddRemove-Aimersoft Video Converter_is1 - c:\program files (x86)\Aimersoft\DVD Studio Pack\VideoConverter\unins000.exe
AddRemove-DealScout - c:\program files (x86)\DealScout\uninstall.exe
AddRemove-MossySkySA - c:\users\Arshad-3\AppData\Local\MossySkySA\bin\2.0.18.0\MossySkyUninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{28387537-E3F9-4ED7-860C-11E69AF4A8A0}"=hex:51,66,7a,6c,4c,1d,38,12,59,76,2b,
2c,cb,ad,b9,0b,f9,1a,52,a6,9f,aa,ec,b4
"{11111111-1111-1111-1111-110011041135}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
15,23,5f,7f,54,6e,07,52,40,14,5a,55,21
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1B13B212-EB8A-49CB-8C58-86FD4101E7E4}"=hex:51,66,7a,6c,4c,1d,38,12,7c,b1,00,
1f,b8,a5,a5,0c,f3,4e,c5,bd,44,5f,a3,f0
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}"=hex:51,66,7a,6c,4c,1d,38,12,c4,b3,f8,
71,26,0c,da,09,ef,fa,a0,a0,7b,93,40,e3
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A876E312-7D08-401A-B7A6-FAFC5DC2F292}"=hex:51,66,7a,6c,4c,1d,38,12,7c,e0,65,
ac,3a,33,74,05,c8,b0,b9,bc,58,9c,b6,86
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}"=hex:51,66,7a,6c,4c,1d,38,12,9b,27,69,
ba,f9,27,66,02,c8,6d,f2,ad,a3,5a,7f,81
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:73,68,f9,a4,00,21,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-24 07:44:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-24 11:44
.
Pre-Run: 393,265,803,264 bytes free
Post-Run: 393,593,593,856 bytes free
.
- - End Of File - - A05FE74F4F495771E38CF6D772C53C93





THANKS A MILLION| I DON'T KNOW WHAT I WOULD HAVE DONE WITHOUT YOU! THANK YOU SO MUCH!

#9 ComputerDELL

ComputerDELL
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 PM

Posted 23 April 2012 - 09:09 PM

THANK YOU SO MUCH!!! YOU'RE THE BEST! :wink:

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:31 PM

Posted 23 April 2012 - 09:13 PM

we do still have a little bit of work to do, so stay with me till we are done

please do the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs



NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 ComputerDELL

ComputerDELL
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 PM

Posted 23 April 2012 - 09:43 PM

OTL RESULT


OTL logfile created on: 24/04/2012 8:25:38 AM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\Arshad-3\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 66.93% Memory free
7.79 Gb Paging File | 5.49 Gb Available in Paging File | 70.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 366.55 Gb Free Space | 82.16% Space Free | Partition Type: NTFS
Drive E: | 1.84 Gb Total Space | 1.52 Gb Free Space | 82.41% Space Free | Partition Type: FAT

Computer Name: ARSHAD-3-PC | User Name: Arshad-3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/24 08:20:40 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Arshad-3\Downloads\OTL.exe
PRC - [2012/03/08 12:05:26 | 000,166,912 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2012/02/16 12:40:20 | 000,197,112 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
PRC - [2012/01/12 13:25:42 | 000,218,104 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2012/01/07 16:27:10 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/09 04:57:00 | 001,694,128 | ---- | M] (iMesh, Inc) -- C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2011/10/20 15:43:56 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2011/09/22 12:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/09/22 12:11:26 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/09/22 12:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/09/21 12:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/09/05 11:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/05/19 03:16:34 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/05/15 18:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
PRC - [2011/04/29 20:18:16 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2011/04/29 20:17:38 | 001,717,096 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
PRC - [2011/04/29 20:17:36 | 002,055,016 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
PRC - [2011/04/13 12:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/12 14:13:32 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d362f68d3bf954ba55a4494a659492af\System.WorkflowServices.ni.dll
MOD - [2012/04/11 11:41:11 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012/04/11 11:40:55 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll
MOD - [2012/04/11 11:40:39 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/11 11:40:31 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/11 11:40:28 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll
MOD - [2012/02/18 16:21:14 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\0113a0162fe157bb4f0130a60bbcad1a\System.ServiceModel.Web.ni.dll
MOD - [2012/02/18 16:21:08 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\fa1161af51ab42a61bfac9d02d469a06\System.Xml.Linq.ni.dll
MOD - [2012/02/18 16:18:45 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d939fca96c3645bb8806ea8ae43cc0ca\System.IdentityModel.ni.dll
MOD - [2012/02/18 16:18:44 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bc96c5c6e644452270ff7c3d066ff713\System.Runtime.Serialization.ni.dll
MOD - [2012/02/18 16:18:41 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\281b67b96a2dd473dad4d222da0ca514\SMDiagnostics.ni.dll
MOD - [2012/02/18 16:18:40 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\76fc6dd386159c79d311782d643c87f4\System.ServiceModel.ni.dll
MOD - [2012/02/18 16:17:52 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/17 12:36:00 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/17 12:35:00 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/17 12:34:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/17 12:34:42 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/17 12:34:38 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/11/26 04:26:05 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/22 12:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/04/29 20:18:16 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2011/04/29 20:17:38 | 001,717,096 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
MOD - [2011/04/29 20:17:36 | 002,055,016 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
MOD - [2011/04/29 20:13:50 | 002,225,664 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
MOD - [2011/04/29 20:13:50 | 002,225,664 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2011/04/29 20:13:48 | 007,938,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
MOD - [2011/04/29 20:13:48 | 007,938,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2010/11/25 00:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/06 18:16:02 | 000,208,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/12/06 18:15:46 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/11/18 17:36:42 | 000,161,168 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 18:01:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/08/08 09:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 23:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2011/07/27 22:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 22:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2011/06/03 14:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth®
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/20 19:05:42 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/08 12:05:26 | 000,166,912 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2011/09/22 12:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/09/05 11:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/04/13 21:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/19 13:06:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/19 13:06:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/11/14 23:50:14 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/08/08 09:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 09:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 21:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/07/20 09:39:58 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/19 20:54:06 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/07/19 17:13:42 | 000,282,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/05/19 03:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/05/19 03:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/17 11:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/05/17 11:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/04/22 22:24:38 | 001,438,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/11 15:29:20 | 000,071,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 13:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/24 11:43:40 | 000,029,288 | -H-- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2010/12/01 12:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 18:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 23:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/04/13 21:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 11:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/20 14:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/04/17 14:12:54 | 000,019,304 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE:64bit: - HKLM\..\SearchScopes\{2241EAD9-87E3-466E-A115-1636650A3FDC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {f3902028-4a21-4793-8e05-793e183d51c2} - C:\Program Files (x86)\midicairUSA\prxtbmidi.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{2241EAD9-87E3-466E-A115-1636650A3FDC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=c43f51d20000000000004c8093127b2d
IE - HKCU\..\URLSearchHook: {f3902028-4a21-4793-8e05-793e183d51c2} - C:\Program Files (x86)\midicairUSA\prxtbmidi.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=c43f51d20000000000004c8093127b2d
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{FA61A7FD-39E1-4945-A060-894551FD2D11}: "URL" = http://start.funmoods.com/results.php?f=4&a=bf4&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.imesh.com"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=1083&systemid=1&sr=0&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Arshad-3\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Arshad-3\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Arshad-3\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Arshad-3\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/12/01 01:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/18 01:58:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/07 16:27:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/26 09:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/01/15 12:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/18 22:17:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/31 21:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arshad-3\AppData\Roaming\Mozilla\Extensions
[2012/04/17 22:43:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arshad-3\AppData\Roaming\Mozilla\Firefox\Profiles\wqr20n0v.default\extensions
[2012/03/29 15:00:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Arshad-3\AppData\Roaming\Mozilla\Firefox\Profiles\wqr20n0v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/17 22:43:30 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Arshad-3\AppData\Roaming\Mozilla\Firefox\Profiles\wqr20n0v.default\extensions\4f85d80f28f55@4f85d80f28f56.info
[2012/04/03 14:57:17 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\Arshad-3\AppData\Roaming\Mozilla\Firefox\Profiles\wqr20n0v.default\extensions\crossriderapp435@crossrider.com
[2012/03/31 21:47:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Arshad-3\AppData\Roaming\Mozilla\Firefox\Profiles\wqr20n0v.default\extensions\ffxtlbr@babylon.com
[2012/03/02 16:43:18 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Arshad-3\AppData\Roaming\Mozilla\Firefox\Profiles\wqr20n0v.default\extensions\ffxtlbr@funmoods.com
[2012/03/02 16:37:08 | 000,001,797 | ---- | M] () -- C:\Users\Arshad-3\AppData\Roaming\Mozilla\Firefox\Profiles\wqr20n0v.default\searchplugins\funmoods.xml
[2012/04/23 15:53:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/23 15:53:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/18 01:22:29 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\ARSHAD-3\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
[2012/03/18 22:17:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/20 02:33:08 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/04/18 01:21:59 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/20 02:33:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/20 02:33:08 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/20 02:33:08 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/20 02:33:08 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Search (Enabled)
CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&a=bf4&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Arshad-3\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Arshad-3\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Codecv = C:\Users\Arshad-3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bccldkoinakjmmgebambiaggjobhikfg\1.0_0\
CHR - Extension: YouTube = C:\Users\Arshad-3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Arshad-3\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Funmoods = C:\Users\Arshad-3\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.5.1_0\
CHR - Extension: SiteAdvisor = C:\Users\Arshad-3\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Arshad-3\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Codec-V = C:\Users\Arshad-3\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.17.48_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Arshad-3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Arshad-3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/24 07:27:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120109233359.dll (McAfee, Inc.)
O2:64bit: - BHO: (Plugin for Media Finder) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Arshad-3\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll (Media Finder)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\BrowserConnection.dll (iMesh, Inc)
O2 - BHO: (Codecv Class) - {1B13B212-EB8A-49CB-8C58-86FD4101E7E4} - C:\ProgramData\Codecv\bhoclass.dll ()
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120115032106.dll (McAfee, Inc.)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll (iMesh, Inc)
O2 - BHO: (midicairUSA Toolbar) - {f3902028-4a21-4793-8e05-793e183d51c2} - C:\Program Files (x86)\midicairUSA\prxtbmidi.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (midicairUSA Toolbar) - {f3902028-4a21-4793-8e05-793e183d51c2} - C:\Program Files (x86)\midicairUSA\prxtbmidi.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [McPvTray_exe] C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07F283C9-E96C-47AB-9D18-26C750E8DB71}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\datamngr.dll (iMesh, Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/06 11:19:26 | 000,000,112 | RH-- | M] () - E:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/24 07:46:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/24 07:44:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/24 07:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Anti-Theft
[2012/04/24 06:38:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/24 06:38:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/24 06:38:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/24 06:38:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/24 06:38:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/24 06:32:57 | 004,472,597 | R--- | C] (Swearware) -- C:\Users\Arshad-3\Desktop\ComboFix.exe
[2012/04/24 06:32:10 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{C8026F0C-1D4F-4CA2-9050-228CB1C70CAB}
[2012/04/24 06:31:58 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{3BA219FE-C5E5-4093-8629-32CE56FF78E6}
[2012/04/24 05:00:52 | 000,000,000 | ---D | C] -- C:\FRST
[2012/04/24 04:26:48 | 000,000,000 | ---D | C] -- C:\Emergency
[2012/04/23 15:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/23 15:53:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/23 15:53:17 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/23 15:53:17 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/21 23:12:21 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/04/20 19:05:26 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/20 18:10:58 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/20 18:10:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/04/20 18:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft
[2012/04/20 01:21:32 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Roaming\AVS4YOU
[2012/04/20 01:20:46 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012/04/20 01:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012/04/20 01:19:16 | 011,137,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll
[2012/04/20 01:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012/04/20 01:19:03 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2012/04/20 01:19:03 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012/04/20 01:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/04/20 01:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012/04/19 23:26:37 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\Desktop\New folder
[2012/04/18 01:15:20 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Roaming\Xilisoft
[2012/04/18 01:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2012/04/18 01:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Xilisoft
[2012/04/18 01:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2012/04/15 20:59:05 | 000,000,000 | ---D | C] -- C:\divx
[2012/04/15 15:36:16 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{EEDCF7C1-EEB2-48F9-86B4-8EA2687DD249}
[2012/04/15 15:36:03 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{D812553B-67CF-442D-8FB7-6B46BD141108}
[2012/04/14 14:55:20 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{12D22109-DBDD-42DC-9561-3255FBFE5A15}
[2012/04/14 14:54:40 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{0B1D519B-5091-40EF-AC40-F844B6188601}
[2012/04/13 15:36:41 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{9EEA8F24-1C87-4B3E-A68F-99821C7BA4B9}
[2012/04/12 13:46:58 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{3DE058E4-14E5-45A4-BE19-A06FC26D0C62}
[2012/04/11 22:27:51 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Roaming\Optimizer Pro
[2012/04/11 22:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012/04/11 22:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012/04/11 22:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
[2012/04/11 22:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv
[2012/04/11 03:01:29 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/11 03:01:29 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/11 03:01:28 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/11 03:01:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/11 03:01:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/11 03:01:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/11 03:01:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/11 03:01:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/11 03:01:27 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/11 03:01:27 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 03:01:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/11 03:01:16 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/11 03:01:16 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/11 03:01:15 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/11 03:00:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/11 03:00:32 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/11 03:00:31 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/09 13:45:12 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\Desktop\Études Canadiennes - SOSC 1920
[2012/04/08 03:28:26 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{3E895924-FBAC-4D01-937C-BDFE3C007F9C}
[2012/04/06 19:55:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/04/06 19:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/04/05 10:55:51 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{FF201C32-8D3E-4A20-A10C-EF24E79C35C9}
[2012/04/04 17:35:46 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{C1A644DD-B225-4F5B-82BB-8A12618C1F41}
[2012/04/04 14:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery
[2012/04/04 14:40:48 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{0B5DA892-8BD8-43F1-8292-F3BDD635E229}
[2012/04/03 14:24:57 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{494276D9-5ADA-4720-A3B7-E6A82A6DCE69}
[2012/04/02 23:17:30 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\Documents\Outlook Files
[2012/04/02 16:00:36 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{D4192AFC-63D8-4C28-8FF4-3F4E0C7FFFC8}
[2012/04/01 14:12:19 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{7769ED1B-B416-4DAC-95E6-8C07FD7953D2}
[2012/03/31 21:47:58 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\Desktop\Download
[2012/03/31 21:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2012/03/31 21:47:43 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Roaming\Media Finder
[2012/03/31 12:24:20 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{7ACE8DE8-0711-4B9C-855C-AA89DC33801C}
[2012/03/30 19:23:25 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{A85F03FE-565E-4C38-8225-E3EEAF6A298A}
[2012/03/29 09:37:44 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{E7AA3202-CC90-4CD2-BED5-AD1E7B885BEB}
[2012/03/28 12:07:13 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{D91DCE70-C86B-4C58-BF81-F2EA652DDF07}
[2012/03/28 12:07:00 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{6022D1C7-5827-4D25-A9C1-C30D3B09F521}
[2012/03/28 09:31:14 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{B6FB9585-7C87-47F5-A71C-02CE8440C285}
[2012/03/28 09:31:02 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{1EB1046C-F682-48A1-935E-AEE265EA090C}
[2012/03/28 00:11:38 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{CBD9990C-CFA0-4244-9F7C-CAACEB9108FF}
[2012/03/28 00:11:22 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{E49859AD-E199-4673-AE42-3DF86F4EC446}
[2012/03/27 15:07:01 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{13163618-1989-4284-BE20-A7798599ECEC}
[2012/03/27 15:06:25 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{27D0254D-62E0-42E2-B5AD-419C1F7B58DE}
[2012/03/27 08:44:01 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{3A507A73-2D95-47B8-A4D5-4DE2B6F8A72F}
[2012/03/27 08:43:48 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{E33BAE92-59EF-4B33-B3D0-04A7208DD57D}
[2012/03/25 11:09:01 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{38F624AA-9CBE-4101-AFE3-F2E2DE044A4E}
[2012/03/25 11:08:49 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{A3965AB8-8BE4-4FC9-827F-6D1DB697500B}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/24 08:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/24 07:53:54 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/24 07:53:54 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/24 07:53:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/24 07:52:39 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/24 07:52:39 | 000,664,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/24 07:52:39 | 000,125,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/24 07:51:06 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/04/24 07:47:04 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1620107277-2827814893-1988640675-1000UA.job
[2012/04/24 07:46:46 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/24 07:46:46 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012/04/24 07:46:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/24 07:46:17 | 3137,994,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/24 07:27:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/24 07:26:29 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/24 06:33:08 | 004,472,597 | R--- | M] (Swearware) -- C:\Users\Arshad-3\Desktop\ComboFix.exe
[2012/04/24 06:28:16 | 000,000,478 | ---- | M] () -- C:\Users\Public\Desktop\Emergency Backup.lnk
[2012/04/23 15:53:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/23 15:53:09 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/23 15:53:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/23 15:53:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/23 15:47:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1620107277-2827814893-1988640675-1000Core.job
[2012/04/21 23:14:54 | 000,004,905 | ---- | M] () -- C:\Users\Arshad-3\Desktop\FUTURiTY.nfo
[2012/04/21 23:14:54 | 000,000,061 | ---- | M] () -- C:\Users\Arshad-3\Desktop\FILE_ID.DIZ
[2012/04/21 23:10:04 | 000,001,326 | ---- | M] () -- C:\Users\Public\Desktop\Video Download Capture.lnk
[2012/04/20 19:05:42 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/20 19:05:42 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/20 19:05:26 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/20 03:12:42 | 000,002,308 | ---- | M] () -- C:\Users\Arshad-3\Desktop\Free Video to DVD Converter.lnk
[2012/04/20 01:19:34 | 000,001,243 | ---- | M] () -- C:\Users\Arshad-3\Desktop\AVS Video Converter.lnk
[2012/04/18 01:22:20 | 000,000,524 | ---- | M] () -- C:\user.js
[2012/04/18 01:15:10 | 000,002,109 | ---- | M] () -- C:\Users\Arshad-3\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft MKV Converter.lnk
[2012/04/18 01:15:10 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft MKV Converter.lnk
[2012/04/13 16:16:18 | 001,339,939 | ---- | M] () -- C:\Users\Arshad-3\Desktop\Photo0049.jpg
[2012/04/08 03:27:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/06 16:36:23 | 000,054,272 | ---- | M] () -- C:\Users\Arshad-3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/30 12:44:28 | 000,764,746 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/24 06:38:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/24 06:38:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/24 06:38:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/24 06:38:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/24 06:38:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/24 06:28:16 | 000,000,478 | ---- | C] () -- C:\Users\Public\Desktop\Emergency Backup.lnk
[2012/04/20 18:11:00 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/20 03:12:42 | 000,002,308 | ---- | C] () -- C:\Users\Arshad-3\Desktop\Free Video to DVD Converter.lnk
[2012/04/20 01:19:34 | 000,001,243 | ---- | C] () -- C:\Users\Arshad-3\Desktop\AVS Video Converter.lnk
[2012/04/18 01:15:10 | 000,002,109 | ---- | C] () -- C:\Users\Arshad-3\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft MKV Converter.lnk
[2012/04/18 01:15:10 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft MKV Converter.lnk
[2012/04/13 13:14:32 | 001,339,939 | ---- | C] () -- C:\Users\Arshad-3\Desktop\Photo0049.jpg
[2012/04/06 19:55:06 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/06 19:55:06 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/04 14:44:18 | 000,000,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Digital Delivery.lnk
[2012/03/13 18:05:27 | 002,255,360 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2012/03/13 18:05:27 | 000,395,776 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2012/03/13 18:05:27 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2012/03/13 18:05:27 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2012/03/02 23:06:11 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/24 17:04:55 | 000,054,272 | ---- | C] () -- C:\Users\Arshad-3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/19 12:47:24 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/11/19 12:47:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/11/19 12:46:59 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/11/19 12:46:58 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/11/19 12:46:57 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/11/19 12:46:56 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/02/10 12:10:51 | 000,764,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/11/19 13:06:48 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/11/19 13:06:48 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/11/19 13:06:48 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/11/19 13:06:48 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/11/19 13:06:48 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/11/19 13:06:48 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/11/19 13:06:48 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000BPKT-75PK4T0
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: SD Card
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 20.00GB
Starting Offset: 109051904
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 446.00GB
Starting Offset: 21080571904
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: MS-DOS V4 Huge
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 2.00GB
Starting Offset: 69120
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >



NO TREATS WERE FOUND BY KASPERSKY

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:31 PM

Posted 24 April 2012 - 04:44 PM

Hi,

were you able to run TDSSKiller?

Please do the following:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=c43f51d20000000000004c8093127b2d
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=c43f51d20000000000004c8093127b2d
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    [2012/03/31 21:47:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Arshad-3\AppData\Roaming\Mozilla\Firefox\Profiles\wqr20n0v.default\extensions\ffxtlbr@babylon.com
    [2012/04/18 01:21:59 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
    O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    [2012/04/24 06:32:10 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{C8026F0C-1D4F-4CA2-9050-228CB1C70CAB}
    [2012/04/24 06:31:58 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{3BA219FE-C5E5-4093-8629-32CE56FF78E6}
    [2012/04/15 15:36:16 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{EEDCF7C1-EEB2-48F9-86B4-8EA2687DD249}
    [2012/04/15 15:36:03 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{D812553B-67CF-442D-8FB7-6B46BD141108}
    [2012/04/14 14:55:20 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{12D22109-DBDD-42DC-9561-3255FBFE5A15}
    [2012/04/14 14:54:40 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{0B1D519B-5091-40EF-AC40-F844B6188601}
    [2012/04/13 15:36:41 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{9EEA8F24-1C87-4B3E-A68F-99821C7BA4B9}
    [2012/04/12 13:46:58 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{3DE058E4-14E5-45A4-BE19-A06FC26D0C62}
    [2012/04/08 03:28:26 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{3E895924-FBAC-4D01-937C-BDFE3C007F9C}
    [2012/04/05 10:55:51 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{FF201C32-8D3E-4A20-A10C-EF24E79C35C9}
    [2012/04/04 17:35:46 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{C1A644DD-B225-4F5B-82BB-8A12618C1F41}
    [2012/04/04 14:40:48 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{0B5DA892-8BD8-43F1-8292-F3BDD635E229}
    [2012/04/03 14:24:57 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{494276D9-5ADA-4720-A3B7-E6A82A6DCE69}
    [2012/04/02 16:00:36 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{D4192AFC-63D8-4C28-8FF4-3F4E0C7FFFC8}
    [2012/04/01 14:12:19 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{7769ED1B-B416-4DAC-95E6-8C07FD7953D2}
    [2012/03/31 12:24:20 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{7ACE8DE8-0711-4B9C-855C-AA89DC33801C}
    [2012/03/30 19:23:25 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{A85F03FE-565E-4C38-8225-E3EEAF6A298A}
    [2012/03/29 09:37:44 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{E7AA3202-CC90-4CD2-BED5-AD1E7B885BEB}
    [2012/03/28 12:07:13 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{D91DCE70-C86B-4C58-BF81-F2EA652DDF07}
    [2012/03/28 12:07:00 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{6022D1C7-5827-4D25-A9C1-C30D3B09F521}
    [2012/03/28 09:31:14 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{B6FB9585-7C87-47F5-A71C-02CE8440C285}
    [2012/03/28 09:31:02 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{1EB1046C-F682-48A1-935E-AEE265EA090C}
    [2012/03/28 00:11:38 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{CBD9990C-CFA0-4244-9F7C-CAACEB9108FF}
    [2012/03/28 00:11:22 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{E49859AD-E199-4673-AE42-3DF86F4EC446}
    [2012/03/27 15:07:01 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{13163618-1989-4284-BE20-A7798599ECEC}
    [2012/03/27 15:06:25 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{27D0254D-62E0-42E2-B5AD-419C1F7B58DE}
    [2012/03/27 08:44:01 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{3A507A73-2D95-47B8-A4D5-4DE2B6F8A72F}
    [2012/03/27 08:43:48 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{E33BAE92-59EF-4B33-B3D0-04A7208DD57D}
    [2012/03/25 11:09:01 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{38F624AA-9CBE-4101-AFE3-F2E2DE044A4E}
    [2012/03/25 11:08:49 | 000,000,000 | ---D | C] -- C:\Users\Arshad-3\AppData\Local\{A3965AB8-8BE4-4FC9-827F-6D1DB697500B}
    [C:\Windows\system64] -> \systemroot\system32 -> Mount Point
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:31 PM

Posted 02 May 2012 - 07:56 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users