Part of Slepp's ProjectsPastebinTURLImagebinFilebin
Feedback -- English French German Japanese
Create Upload Newest Tools Donate
Sign In | Create Account

Paste Actions

Download Raw
Embed
pBox URL
Post to Twitter
Remove Paste

Paste Details

Raw format, 1 year 2 weeks old, and 150 hits.

Advertising

Paste Description for samer cloud

Exposed to the theft of number involvement of the Internet
by back track Program

samer cloud
Friday, May 4th, 2012 at 6:22:26pm MDT 

  1. OTL logfile created on: 05/05/2012 03:06:52 ص - Run 1
  2. OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\MAX\Downloads\Programs
  3. 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
  4. Internet Explorer (Version = 9.0.8112.16421)
  5. Locale: 00000801 | Country: العراق | Language: ARI | Date Format: dd/MM/yyyy
  6.  
  7. 3.95 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 50.82% Memory free
  8. 7.90 Gb Paging File | 5.55 Gb Available in Paging File | 70.24% Paging File free
  9. Paging file location(s): ?:\pagefile.sys [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
  12. Drive C: | 96.10 Gb Total Space | 56.07 Gb Free Space | 58.34% Space Free | Partition Type: NTFS
  13. Drive D: | 125.00 Gb Total Space | 66.74 Gb Free Space | 53.39% Space Free | Partition Type: NTFS
  14. Drive E: | 125.00 Gb Total Space | 85.92 Gb Free Space | 68.74% Space Free | Partition Type: NTFS
  15. Drive F: | 125.00 Gb Total Space | 20.00 Gb Free Space | 16.00% Space Free | Partition Type: NTFS
  16. Drive G: | 124.97 Gb Total Space | 16.26 Gb Free Space | 13.01% Space Free | Partition Type: NTFS
  17. Drive J: | 297.43 Gb Total Space | 297.42 Gb Free Space | 100.00% Space Free | Partition Type: exFAT
  18.  
  19. Computer Name: MAX-PC | User Name: MAX | Logged in as Administrator.
  20. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
  21. Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
  22.  
  23. [color=#E56717]========== Processes (SafeList) ==========[/color]
  24.  
  25. PRC - [2012/05/05 02:52:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\MAX\Downloads\Programs\OTL.exe
  26. PRC - [2012/04/21 04:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  27. PRC - [2012/04/13 15:59:46 | 001,718,416 | ---- | M] (Comodo) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
  28. PRC - [2012/04/13 15:59:46 | 000,409,232 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
  29. PRC - [2012/04/07 04:33:42 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
  30. PRC - [2012/04/07 04:29:08 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RFW\RavMonD.exe
  31. PRC - [2012/03/27 01:38:46 | 000,542,040 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
  32. PRC - [2012/03/27 00:45:22 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
  33. PRC - [2012/03/27 00:45:18 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
  34. PRC - [2012/03/16 14:07:14 | 003,478,936 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
  35. PRC - [2012/03/07 03:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
  36. PRC - [2012/03/07 03:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
  37. PRC - [2011/11/21 00:24:52 | 000,696,320 | ---- | M] (VerbAce Research) -- C:\Program Files (x86)\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
  38. PRC - [2011/11/19 21:30:48 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
  39. PRC - [2011/11/19 21:30:48 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
  40. PRC - [2011/11/16 23:13:28 | 001,613,824 | ---- | M] (Mortal Universe) -- C:\Program Files (x86)\POP Peeper\POPPeeper.exe
  41. PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
  42. PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
  43. PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
  44. PRC - [2011/02/01 13:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
  45. PRC - [2011/02/01 13:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
  46. PRC - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
  47. PRC - [2011/01/12 18:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
  48. PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
  49. PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
  50. PRC - [2010/05/25 15:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
  51.  
  52.  
  53. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  54.  
  55. MOD - [2012/04/21 04:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
  56. MOD - [2012/04/13 15:59:46 | 001,100,448 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avcodec-53.dll
  57. MOD - [2012/04/13 15:59:46 | 000,190,112 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avformat-53.dll
  58. MOD - [2012/04/13 15:59:46 | 000,123,552 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\avutil-51.dll
  59. MOD - [2012/04/11 20:50:13 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\00cb077c2bf82c7fe54b6f93af4b6686\IAStorUtil.ni.dll
  60. MOD - [2012/04/11 16:11:02 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
  61. MOD - [2012/04/11 16:10:56 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
  62. MOD - [2012/03/31 04:25:59 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
  63. MOD - [2012/03/08 00:46:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
  64. MOD - [2012/03/08 00:46:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
  65. MOD - [2012/03/08 00:46:20 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
  66. MOD - [2012/03/08 00:45:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
  67. MOD - [2012/03/08 00:45:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
  68. MOD - [2012/03/08 00:45:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
  69. MOD - [2012/03/08 00:45:33 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
  70. MOD - [2011/11/21 00:24:53 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\VerbAce Research\VerbAce-Pro\HookDll.dll
  71.  
  72.  
  73. [color=#E56717]========== Win32 Services (SafeList) ==========[/color]
  74.  
  75. SRV:[b]64bit:[/b] - [2012/03/07 03:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
  76. SRV:[b]64bit:[/b] - [2011/08/18 02:12:52 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
  77. SRV:[b]64bit:[/b] - [2011/01/25 01:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
  78. SRV:[b]64bit:[/b] - [2010/11/30 13:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
  79. SRV:[b]64bit:[/b] - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
  80. SRV:[b]64bit:[/b] - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
  81. SRV - [2012/04/13 15:59:46 | 000,409,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
  82. SRV - [2012/04/07 04:33:42 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe -- (RsMgrSvc)
  83. SRV - [2012/04/07 04:29:08 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Rising\RFW\RavMonD.exe -- (RsRFWMon)
  84. SRV - [2012/03/31 04:25:59 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
  85. SRV - [2012/03/27 01:45:44 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
  86. SRV - [2012/03/27 01:38:46 | 000,542,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
  87. SRV - [2012/03/27 00:45:22 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
  88. SRV - [2012/03/27 00:45:18 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
  89. SRV - [2011/11/19 21:30:48 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
  90. SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
  91. SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
  92. SRV - [2011/02/01 13:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
  93. SRV - [2011/02/01 13:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
  94. SRV - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
  95. SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
  96. SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
  97. SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
  98. SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
  99.  
  100.  
  101. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  102.  
  103. DRV:[b]64bit:[/b] - [2012/04/07 04:29:12 | 000,039,576 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rfwarp.sys -- (RFWARP)
  104. DRV:[b]64bit:[/b] - [2012/04/07 04:29:10 | 000,019,608 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rfwndis.sys -- (RFWNDIS)
  105. DRV:[b]64bit:[/b] - [2012/03/27 00:45:18 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
  106. DRV:[b]64bit:[/b] - [2012/03/27 00:45:14 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
  107. DRV:[b]64bit:[/b] - [2012/03/16 03:37:55 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
  108. DRV:[b]64bit:[/b] - [2012/03/07 03:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
  109. DRV:[b]64bit:[/b] - [2012/03/07 03:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
  110. DRV:[b]64bit:[/b] - [2012/03/07 03:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
  111. DRV:[b]64bit:[/b] - [2012/03/07 03:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
  112. DRV:[b]64bit:[/b] - [2012/03/07 03:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
  113. DRV:[b]64bit:[/b] - [2012/03/07 03:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
  114. DRV:[b]64bit:[/b] - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
  115. DRV:[b]64bit:[/b] - [2012/02/08 04:13:32 | 000,149,640 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
  116. DRV:[b]64bit:[/b] - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
  117. DRV:[b]64bit:[/b] - [2011/10/08 00:18:46 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
  118. DRV:[b]64bit:[/b] - [2011/09/03 01:29:54 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
  119. DRV:[b]64bit:[/b] - [2011/09/03 01:29:52 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
  120. DRV:[b]64bit:[/b] - [2011/08/18 05:40:56 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
  121. DRV:[b]64bit:[/b] - [2011/08/18 01:34:48 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
  122. DRV:[b]64bit:[/b] - [2011/08/09 12:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
  123. DRV:[b]64bit:[/b] - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
  124. DRV:[b]64bit:[/b] - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
  125. DRV:[b]64bit:[/b] - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
  126. DRV:[b]64bit:[/b] - [2011/02/22 13:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
  127. DRV:[b]64bit:[/b] - [2011/02/22 13:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
  128. DRV:[b]64bit:[/b] - [2011/02/22 13:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
  129. DRV:[b]64bit:[/b] - [2011/02/16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
  130. DRV:[b]64bit:[/b] - [2011/02/15 13:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
  131. DRV:[b]64bit:[/b] - [2011/01/25 01:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
  132. DRV:[b]64bit:[/b] - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
  133. DRV:[b]64bit:[/b] - [2010/11/21 06:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
  134. DRV:[b]64bit:[/b] - [2010/11/21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
  135. DRV:[b]64bit:[/b] - [2010/11/21 06:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
  136. DRV:[b]64bit:[/b] - [2010/11/21 06:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
  137. DRV:[b]64bit:[/b] - [2010/11/21 06:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
  138. DRV:[b]64bit:[/b] - [2010/11/21 06:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
  139. DRV:[b]64bit:[/b] - [2010/11/21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
  140. DRV:[b]64bit:[/b] - [2010/11/21 06:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
  141. DRV:[b]64bit:[/b] - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
  142. DRV:[b]64bit:[/b] - [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
  143. DRV:[b]64bit:[/b] - [2010/01/07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187)
  144. DRV:[b]64bit:[/b] - [2009/10/14 07:37:24 | 000,061,432 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SIVX64.sys -- (SIVDRIVER)
  145. DRV:[b]64bit:[/b] - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
  146. DRV:[b]64bit:[/b] - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
  147. DRV:[b]64bit:[/b] - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
  148. DRV:[b]64bit:[/b] - [2009/07/14 03:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
  149. DRV:[b]64bit:[/b] - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
  150. DRV:[b]64bit:[/b] - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
  151. DRV:[b]64bit:[/b] - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
  152. DRV:[b]64bit:[/b] - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
  153. DRV:[b]64bit:[/b] - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
  154. DRV - [2012/01/10 06:21:02 | 000,258,392 | ---- | M] (360.cn) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\mdcore.sys -- (mdcore)
  155. DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
  156.  
  157.  
  158. [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
  159.  
  160.  
  161. [color=#E56717]========== Internet Explorer ==========[/color]
  162.  
  163. IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  164. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  165. IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  166. IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  167.  
  168. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
  169. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabic.arabia.msn.com/?ocid=iehp
  170. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ar-IQ
  171. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F 91 8D 1A 3B 27 CD 01  [binary data]
  172. IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  173. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  174.  
  175. [color=#E56717]========== FireFox ==========[/color]
  176.  
  177. FF - prefs.js..browser.startup.homepage: "http://www.google.iq/"
  178. FF - user.js - File not found
  179.  
  180. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
  181. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
  182. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
  183. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  184. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
  185. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  186. FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
  187. FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
  188. FF - HKLM\Software\MozillaPlugins\@ei.RadioRage_4j.com/Plugin: C:\Program Files (x86)\RadioRage_4jEI\Installr\1.bin\NP4jEISB.dll (RadioRage)
  189. FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
  190. FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
  191. FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  192. FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
  193. FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  194. FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
  195. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
  196. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
  197. FF - HKLM\Software\MozillaPlugins\@verbace.com/FF: C:\Program Files (x86)\VerbAce Research\VerbAce-Pro\NPAPI_PI.dll (VerbAce Research)
  198. FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
  199.  
  200. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\verbacefirefox@verbace.com: C:\Program Files (x86)\VerbAce Research\VerbAce-Pro\FFExt.xpi [2011/10/11 00:25:31 | 000,049,754 | ---- | M] ()
  201. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/19 21:03:04 | 000,000,000 | ---D | M]
  202. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/04 13:21:06 | 000,000,000 | ---D | M]
  203. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
  204. FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\MAX\AppData\Roaming\IDM\idmmzcc5 [2012/04/20 18:38:30 | 000,000,000 | ---D | M]
  205. FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\MAX\AppData\Roaming\IDM\idmmzcc5 [2012/04/20 18:38:30 | 000,000,000 | ---D | M]
  206.  
  207. [2012/03/16 00:28:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MAX\AppData\Roaming\Mozilla\Extensions
  208. [2012/03/16 00:28:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MAX\AppData\Roaming\Mozilla\Extensions\express@postbox-inc.com
  209. [2012/04/02 17:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MAX\AppData\Roaming\Mozilla\Firefox\Profiles\vtfb3r7x.default\extensions
  210. [2012/04/02 17:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MAX\AppData\Roaming\Mozilla\Firefox\Profiles\vtfb3r7x.default\extensions\staged
  211. [2012/05/04 13:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
  212. [2012/04/21 04:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
  213. [2012/04/21 04:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
  214. [2012/04/21 04:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
  215.  
  216. [color=#E56717]========== Chrome  ==========[/color]
  217.  
  218. CHR - default_search_provider:  ()
  219. CHR - default_search_provider: search_url =
  220. CHR - default_search_provider: suggest_url =
  221.  
  222. O1 HOSTS File: ([2012/03/13 02:16:29 | 000,001,184 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
  223. O1 - Hosts: 127.0.0.1 tonec.com
  224. O1 - Hosts: 127.0.0.1 www.tonec.com
  225. O1 - Hosts: 127.0.0.1 registeridm.com
  226. O1 - Hosts: 127.0.0.1 www.registeridm.com
  227. O1 - Hosts: 127.0.0.1 secure.registeridm.com
  228. O1 - Hosts: 127.0.0.1 internetdownloadmanager.com
  229. O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com
  230. O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
  231. O1 - Hosts: 127.0.0.1 mirror.internetdownloadmanager.com
  232. O1 - Hosts: 127.0.0.1 mirror2.internetdownloadmanager.com
  233. O2:[b]64bit:[/b] - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
  234. O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
  235. O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
  236. O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
  237. O2:[b]64bit:[/b] - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
  238. O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
  239. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
  240. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
  241. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
  242. O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
  243. O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
  244. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
  245. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  246. O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
  247. O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
  248. O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
  249. O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
  250. O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
  251. O4:[b]64bit:[/b] - HKLM..\Run: [XeroxEndeavorBackgroundTask] C:\Windows\SysNative\xrWCbgnd.dll (Xerox Corporation)
  252. O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
  253. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
  254. O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
  255. O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
  256. O4 - HKLM..\Run: [RFWTRAY] C:\Program Files (x86)\Rising\RFW\RSTRAY.EXE (Beijing Rising Information Technology Co., Ltd.)
  257. O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
  258. O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
  259. O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
  260. O4 - HKCU..\Run: [FAST Defrag]  File not found
  261. O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
  262. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  263. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
  264. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 93
  265. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
  266. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  267. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
  268. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
  269. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
  270. O8:[b]64bit:[/b] - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
  271. O8:[b]64bit:[/b] - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
  272. O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
  273. O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
  274. O13[b]64bit:[/b] - gopher Prefix: missing
  275. O13 - gopher Prefix: missing
  276. O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (Reg Error: Key error.)
  277. O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll (Reg Error: Key error.)
  278. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
  279. O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
  280. O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
  281. O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
  282. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44A17363-BBC7-411B-8F71-EDF91BB91B50}: NameServer = 109.224.14.2 109.224.14.3
  283. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC6D3D18-63A9-434E-927C-13DB02FAA927}: DhcpNameServer = 109.224.14.2
  284. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC6D3D18-63A9-434E-927C-13DB02FAA927}: NameServer = 8.8.8.8,8.8.4.4
  285. O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
  286. O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
  287. O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
  288. O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
  289. O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
  290. O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
  291. O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
  292. O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
  293. O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
  294. O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  295. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  296. O32 - HKLM CDRom: AutoRun - 1
  297. O32 - AutoRun File - [2012/03/13 02:16:21 | 000,000,006 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
  298. O32 - AutoRun File - [2012/03/13 02:13:14 | 000,000,059 | ---- | M] () - C:\autoexec.plu -- [ NTFS ]
  299. O34 - HKLM BootExecute: (autocheck autochk *)
  300. O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
  301. O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
  302. O35 - HKLM\..comfile [open] -- "%1" %*
  303. O35 - HKLM\..exefile [open] -- "%1" %*
  304. O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
  305. O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
  306. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  307. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  308. O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
  309. O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  310. O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  311.  
  312. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  313.  
  314. [2012/05/04 13:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iCare Format Recovery
  315. [2012/05/04 13:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Memory Toolkit
  316. [2012/05/04 13:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
  317. [2012/05/04 00:17:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
  318. [2012/05/03 03:08:14 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Roaming\ICQ
  319. [2012/05/03 03:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQLite
  320. [2012/05/02 01:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
  321. [2012/05/01 21:37:49 | 000,000,000 | ---D | C] -- C:\Users\MAX\Desktop\2-5-2012
  322. [2012/05/01 12:45:00 | 000,000,000 | ---D | C] -- C:\Users\MAX\Desktop\اسماء الطلبة والرقم الامتحاني
  323. [2012/05/01 04:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
  324. [2012/04/30 04:32:00 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Roaming\Runscanner.net
  325. [2012/04/30 04:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
  326. [2012/04/29 04:54:51 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Roaming\VOS
  327. [2012/04/29 04:08:15 | 000,000,000 | ---D | C] -- C:\Users\MAX\Documents\WebCam Media
  328. [2012/04/29 04:07:08 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Local\ArcSoft
  329. [2012/04/29 04:06:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\ArcSoft
  330. [2012/04/29 04:05:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
  331. [2012/04/29 04:05:13 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Roaming\ArcSoft
  332. [2012/04/29 03:44:40 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Local\Roxio
  333. [2012/04/29 03:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
  334. [2012/04/29 03:43:54 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Roaming\Roxio Log Files
  335. [2012/04/26 15:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
  336. [2012/04/26 13:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis64
  337. [2012/04/26 13:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
  338. [2012/04/26 13:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
  339. [2012/04/26 13:53:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
  340. [2012/04/26 13:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)
  341. [2012/04/26 13:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
  342. [2012/04/26 13:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Graphics Suite X6
  343. [2012/04/25 02:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
  344. [2012/04/25 02:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
  345. [2012/04/25 02:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
  346. [2012/04/24 23:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
  347. [2012/04/24 13:49:51 | 000,053,512 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
  348. [2012/04/24 13:49:51 | 000,045,320 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
  349. [2012/04/24 01:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Readon
  350. [2012/04/24 00:42:19 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Local\Readon_Technology
  351. [2012/04/24 00:42:19 | 000,000,000 | ---D | C] -- C:\Users\MAX\Documents\Readon Player
  352. [2012/04/23 01:12:38 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facemoi
  353. [2012/04/23 01:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Facemoi
  354. [2012/04/22 17:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire
  355. [2012/04/22 17:55:32 | 000,074,824 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
  356. [2012/04/22 17:55:32 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
  357. [2012/04/22 17:55:32 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
  358. [2012/04/22 17:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire
  359. [2012/04/22 09:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
  360. [2012/04/20 21:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
  361. [2012/04/20 05:04:44 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Roaming\DYA_KFFSBRBKRNTFTUFLH
  362. [2012/04/20 05:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DYA_KFFSBRBKRNTFTUFLH
  363. [2012/04/20 04:33:44 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Roaming\GlarySoft
  364. [2012/04/19 17:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
  365. [2012/04/18 04:35:05 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Roaming\vlc
  366. [2012/04/18 04:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Online TV
  367. [2012/04/18 04:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Poseidon - Live RTV Player
  368. [2012/04/18 03:52:42 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Local\TVU Networks
  369. [2012/04/18 03:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
  370. [2012/04/18 03:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeSocial TV
  371. [2012/04/16 22:12:52 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Roaming\TeamViewer
  372. [2012/04/13 23:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALLConverter
  373. [2012/04/12 00:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU
  374. [2012/04/12 00:06:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RadioRage_4jEI
  375. [2012/04/10 14:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoom Pro 4
  376. [2012/04/08 13:24:46 | 000,000,000 | ---D | C] -- C:\Users\MAX\DoctorWeb
  377. [2012/04/07 04:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Personal Firewall
  378. [2012/04/07 04:30:06 | 000,039,576 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\rfwarp.sys
  379. [2012/04/07 04:30:04 | 000,019,608 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\rfwndis.sys
  380. [2012/04/07 04:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rising
  381. [2012/04/07 04:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Rising
  382. [2012/04/07 03:45:21 | 000,000,000 | ---D | C] -- C:\Users\MAX\SecurityScans
  383. [2012/04/06 18:01:32 | 000,000,000 | ---D | C] -- C:\Users\MAX\Desktop\صور البيت
  384. [2012/04/06 14:21:19 | 000,000,000 | ---D | C] -- C:\Users\MAX\AppData\Local\Privatefirewall
  385. [2012/04/06 14:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Privacyware
  386. [2012/04/05 13:34:44 | 000,000,000 | ---D | C] -- C:\Users\MAX\Desktop\المعرض الفني
  387. [1 C:\Users\MAX\Desktop\*.tmp files -> C:\Users\MAX\Desktop\*.tmp -> ]
  388.  
  389. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  390.  
  391. [2012/05/05 03:02:01 | 000,000,836 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  392. [2012/05/05 02:44:19 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  393. [2012/05/05 02:44:19 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  394. [2012/05/05 02:28:16 | 000,000,832 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  395. [2012/05/05 02:28:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
  396. [2012/05/05 02:28:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
  397. [2012/05/05 02:27:58 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
  398. [2012/05/04 19:41:33 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
  399. [2012/05/04 13:21:07 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
  400. [2012/05/04 02:10:51 | 000,053,512 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
  401. [2012/05/04 02:10:51 | 000,045,320 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
  402. [2012/05/03 18:07:31 | 043,159,623 | ---- | M] () -- C:\Users\MAX\Desktop\5.psd
  403. [2012/05/01 18:38:19 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\HSoftIx SG KeYs.lnk
  404. [2012/05/01 15:02:32 | 000,782,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
  405. [2012/05/01 15:02:32 | 000,655,052 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
  406. [2012/05/01 15:02:32 | 000,121,924 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
  407. [2012/04/30 23:58:08 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
  408. [2012/04/29 22:51:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
  409. [2012/04/26 15:11:28 | 005,030,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
  410. [2012/04/26 13:53:37 | 000,002,833 | ---- | M] () -- C:\Users\Public\Desktop\CorelDRAW X6 (64-Bit).lnk
  411. [2012/04/24 23:23:05 | 000,560,271 | ---- | M] () -- C:\Users\MAX\Desktop\زخرفة نباتية.jpg
  412. [2012/04/24 13:49:59 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
  413. [2012/04/22 17:55:34 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\ThreatFire.lnk
  414. [2012/04/22 00:04:34 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
  415. [2012/04/10 15:03:03 | 000,001,199 | ---- | M] () -- C:\Users\MAX\Desktop\Adobe Photoshop CS5.lnk
  416. [2012/04/10 14:53:27 | 000,004,306 | ---- | M] () -- C:\Windows\jmmsq24.ini
  417. [2012/04/10 14:53:27 | 000,001,440 | ---- | M] () -- C:\Windows\cvsqz-ms24.ini
  418. [2012/04/07 04:29:12 | 000,039,576 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\rfwarp.sys
  419. [2012/04/07 04:29:10 | 000,019,608 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\rfwndis.sys
  420. [2012/04/06 14:31:16 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
  421. [2012/04/06 07:36:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\cd.dat
  422. [1 C:\Users\MAX\Desktop\*.tmp files -> C:\Users\MAX\Desktop\*.tmp -> ]
  423.  
  424. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  425.  
  426. [2012/05/04 13:21:07 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
  427. [2012/05/03 18:07:29 | 043,159,623 | ---- | C] () -- C:\Users\MAX\Desktop\5.psd
  428. [2012/05/03 17:44:42 | 001,002,056 | ---- | C] () -- C:\Windows\SysNative\pwNative.exe
  429. [2012/05/03 17:44:42 | 000,019,936 | ---- | C] () -- C:\Windows\SysNative\pwdrvio.sys
  430. [2012/05/03 17:44:39 | 000,013,280 | ---- | C] () -- C:\Windows\SysNative\pwdspio.sys
  431. [2012/05/01 18:38:19 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\HSoftIx SG KeYs.lnk
  432. [2012/04/26 13:57:19 | 000,002,833 | ---- | C] () -- C:\Users\Public\Desktop\CorelDRAW X6 (64-Bit).lnk
  433. [2012/04/24 23:23:04 | 000,560,271 | ---- | C] () -- C:\Users\MAX\Desktop\زخرفة نباتية.jpg
  434. [2012/04/24 13:49:59 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
  435. [2012/04/22 17:55:34 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\ThreatFire.lnk
  436. [2012/04/10 14:53:27 | 000,004,306 | ---- | C] () -- C:\Windows\jmmsq24.ini
  437. [2012/04/10 14:53:27 | 000,001,440 | ---- | C] () -- C:\Windows\cvsqz-ms24.ini
  438. [2012/04/06 14:18:11 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
  439. [2012/04/06 07:36:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
  440. [2012/04/05 15:07:35 | 000,001,199 | ---- | C] () -- C:\Users\MAX\Desktop\Adobe Photoshop CS5.lnk
  441. [2012/04/05 15:06:57 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
  442. [2012/04/05 15:02:20 | 000,001,266 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
  443. [2012/04/05 15:00:15 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
  444. [2012/04/05 14:59:57 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
  445. [2012/04/05 14:48:57 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
  446. [2012/04/02 23:51:32 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
  447. [2012/04/02 23:51:32 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
  448. [2012/04/02 23:51:18 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
  449. [2012/03/13 13:58:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\6fabbc7614ab1fb03ea55ec5191ace1e_c
  450. [2012/03/10 01:17:30 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini
  451. [2012/03/09 04:09:23 | 000,050,536 | ---- | C] () -- C:\Windows\UTP.exe
  452. [2012/03/08 23:36:31 | 000,042,864 | ---- | C] () -- C:\Windows\_SETUPD_.EXE
  453. [2012/02/28 02:25:32 | 000,722,718 | ---- | C] () -- C:\Users\MAX\AppData\Roaming\unins000.exe
  454. [2012/02/28 02:25:32 | 000,012,756 | ---- | C] () -- C:\Users\MAX\AppData\Roaming\unins000.dat
  455. [2012/02/23 23:35:43 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
  456. [2012/01/27 14:08:20 | 000,007,597 | ---- | C] () -- C:\Users\MAX\AppData\Local\resmon.resmoncfg
  457. [2012/01/19 13:32:37 | 000,006,656 | ---- | C] () -- C:\Users\MAX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  458. [2011/11/19 21:31:09 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
  459. [2011/11/19 21:31:09 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
  460. [2011/10/15 14:21:06 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
  461. [2011/10/11 00:10:57 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI
  462. [2011/10/06 11:00:19 | 000,768,750 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
  463. [2011/10/06 03:19:43 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
  464. [2011/10/06 03:17:44 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
  465. [2011/10/06 02:39:05 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
  466. [2011/10/05 16:35:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
  467. [2011/08/09 12:30:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
  468. [2011/08/09 12:30:02 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
  469. [2011/08/09 12:23:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
  470. [2011/08/09 11:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
  471. [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
  472. [2011/01/07 17:40:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
  473. [2010/11/21 00:24:53 | 000,000,233 | -H-- | C] () -- C:\Windows\gvac.sys
  474.  
  475. [color=#E56717]========== LOP Check ==========[/color]
  476.  
  477. [2011/10/06 10:02:21 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\3v
  478. [2011/10/15 14:24:45 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\Ashampoo
  479. [2012/03/13 00:55:36 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\AVG
  480. [2012/03/31 03:47:02 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\avidemux
  481. [2011/10/08 01:01:25 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
  482. [2011/12/28 00:22:39 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\com.adobe.ExMan
  483. [2012/05/05 01:00:07 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\DMCache
  484. [2012/04/20 18:37:42 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\DRPSu
  485. [2012/04/20 05:04:44 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\DYA_KFFSBRBKRNTFTUFLH
  486. [2012/04/20 04:33:44 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\GlarySoft
  487. [2012/05/03 03:29:11 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\ICQ
  488. [2012/04/20 18:38:30 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\IDM
  489. [2011/10/08 03:09:45 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\IDT
  490. [2012/04/20 18:38:30 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\IrfanView
  491. [2012/04/03 05:52:07 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\moovida-1
  492. [2012/04/06 17:39:09 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\PCToolsFirewallPlus
  493. [2012/05/05 02:41:53 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\POP Peeper
  494. [2012/03/16 00:28:17 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\Postbox
  495. [2012/04/30 04:32:00 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\Runscanner.net
  496. [2012/04/03 00:47:37 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\shamela
  497. [2012/02/24 05:32:54 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\SkyMonk
  498. [2012/03/31 04:46:05 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\SPlayer
  499. [2011/10/07 23:56:16 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\Synaptics
  500. [2012/04/16 22:54:04 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\TeamViewer
  501. [2012/03/12 23:35:02 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\TestApp
  502. [2012/03/29 00:54:26 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\Thinstall
  503. [2012/02/27 03:49:58 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\Thunderbird
  504. [2011/10/05 23:13:01 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\URSoft
  505. [2012/04/29 04:54:51 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\VOS
  506. [2011/10/11 11:20:13 | 000,000,000 | ---D | M] -- C:\Users\MAX\AppData\Roaming\Wildfire
  507. [2012/04/10 03:08:38 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
  508.  
  509. [color=#E56717]========== Purity Check ==========[/color]
  510.  
  511.  
  512.  
  513. [color=#E56717]========== Alternate Data Streams ==========[/color]
  514.  
  515. @Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFRT4KG9FJDV4KXRB3TPBHVX8YWGFSVF7JB4VPJGV
  516. @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:1CE11B51
  517. @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
  518. @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6
  519. @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
  520.  
  521. < End of report >

advertising

Update the Post

Either update this post and resubmit it with changes, or make a new post.

You may also comment on this post.

update paste below
details of the post (optional)

Note: Only the paste content is required, though the following information can be useful to others.

Save name / title?

(space separated, optional)



Please note that information posted here will expire by default in one month. If you do not want it to expire, please set the expiry time above. If it is set to expire, web search engines will not be allowed to index it prior to it expiring. Items that are not marked to expire will be indexable by search engines. Be careful with your passwords. All illegal activities will be reported and any information will be handed over to the authorities, so be good.

fantasy-obligation