Jump to content

Yehia

Honorary Members
 View Profile  See their activity

  • Posts

    26

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Yehia
    Thanks Gammo i contacted the admin i hope to get a + answer ( i hope so ) thanks for the advice i will be up-dating you about news.
  2. Yehia
    Geekstogo bleeping computer malware removal then i becamse frasturated and stopped searching
  3. Yehia
    Thanks for the advice you know . i have talked with Exile before about my passion about security techs and security filed it's self he told me that he got trained at malwareremoval.com i went there and made apply no place tried many other places .. still no place availalble . too bad i really want to learn these stuff not for my sake but for others sake .. i wanna help people out .. if you have any idea/ advice about this let me know plz .
  4. Yehia
    Actually when i installed that .BAT file . nothing really changed .! =) except my adobe photoshop because i cracked it LMAO !! xD but now it's working properly got another serial
  5. Yehia
    but it's not that important right ?
  6. Yehia
    sorry but what is DNS client service ? i mean if i disabled it ? what will be the benefit ?
  7. Yehia
    Thanks Dude so i just run that .BAT file and that's it right ?
  8. Yehia
    =) but i have one last question about MVPS hosts program i can't really find a download link so i need guide from you my windows is windows 7 prof 64bit .. can you please supply a direct link ?
  9. Yehia
    Actually Sir, You did more than enough to get my computer clean Thanks for your support =)) I know everything you supplied down there except one thing which is the filehippo up=date checker DUDE THAT'S STICK it's a very very nice THANKS FOR LETTING ME KNOW ! You can close this thread if you want right now . i will be PMING you in the future if i stumbled with anything else Thanks again !
  10. Yehia
    OTL logfile created on: 8/28/2010 11:58:37 PM - Run 3 OTL by OldTimer - Version 3.2.10.0 Folder = D:\Software\Security and HJT\OTL 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 63.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 49.06 Gb Total Space | 20.23 Gb Free Space | 41.24% Space Free | Partition Type: NTFS Drive D: | 136.73 Gb Total Space | 44.34 Gb Free Space | 32.43% Space Free | Partition Type: NTFS Drive E: | 112.29 Gb Total Space | 71.80 Gb Free Space | 63.94% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YEHIA-PC Current User Name: Yehia Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/08/16 01:41:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Software\Security and HJT\OTL\OTL.exe PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2010/08/09 00:08:20 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe PRC - [2010/07/24 04:25:46 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010/07/24 04:25:46 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2010/06/10 16:47:08 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010/05/31 14:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe PRC - [2010/04/16 22:12:38 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe PRC - [2009/12/08 13:46:32 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (SafeList) ========== MOD - [2010/08/16 01:41:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Software\Security and HJT\OTL\OTL.exe MOD - [2010/08/09 00:08:39 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll MOD - [2010/08/09 00:08:20 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp71.dll MOD - [2010/08/09 00:08:20 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll MOD - [2009/07/14 04:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/14 04:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll MOD - [2007/03/26 21:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\patrolpro.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Disabled | Stopped] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB) SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) SRV:64bit: - [2010/08/12 14:18:40 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:64bit: - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2010/08/09 13:03:36 | 000,099,048 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV:64bit: - [2009/07/14 04:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:64bit: - [2009/07/14 04:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc) SRV:64bit: - [2009/07/14 04:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc) SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 04:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010/08/22 04:08:39 | 000,219,128 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2010/06/10 16:47:08 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/12/08 13:46:32 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/08/09 13:03:32 | 000,143,464 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV:64bit: - [2010/08/04 01:44:03 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/08/03 02:28:07 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2010/07/29 13:31:26 | 000,168,544 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2010/07/29 13:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2010/07/29 13:31:26 | 000,126,320 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2009/07/14 04:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/14 04:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 04:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus) DRV:64bit: - [2009/07/14 04:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt) DRV:64bit: - [2009/07/14 04:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc) DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap) DRV:64bit: - [2009/07/14 02:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID) DRV:64bit: - [2009/07/14 02:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:64bit: - [2009/07/14 00:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/06/10 23:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 23:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2046078132-3244827229-1833254173-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=dtb IE - HKU\S-1-5-21-2046078132-3244827229-1833254173-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-2046078132-3244827229-1833254173-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2046078132-3244827229-1833254173-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 05 C4 10 A1 08 CB 01 [binary data] IE - HKU\S-1-5-21-2046078132-3244827229-1833254173-1001\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2046078132-3244827229-1833254173-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the Web" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=dtb" FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}:2.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.8 FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/30 02:54:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/09 00:08:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/18 19:46:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/20 12:30:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/08/26 03:40:18 | 000,000,000 | ---D | M] [2010/06/10 17:03:16 | 000,000,000 | ---D | M] -- C:\Users\Yehia\AppData\Roaming\Mozilla\Extensions [2010/08/28 02:50:42 | 000,000,000 | ---D | M] -- C:\Users\Yehia\AppData\Roaming\Mozilla\Firefox\Profiles\rjakvi6n.default\extensions [2010/08/22 22:13:42 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Yehia\AppData\Roaming\Mozilla\Firefox\Profiles\rjakvi6n.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010/06/10 17:09:14 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Yehia\AppData\Roaming\Mozilla\Firefox\Profiles\rjakvi6n.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010/06/10 17:06:01 | 000,000,000 | ---D | M] -- C:\Users\Yehia\AppData\Roaming\Mozilla\Firefox\Profiles\rjakvi6n.default\extensions\youtube2mp3@mondayx.de [2009/06/08 10:00:54 | 000,002,428 | ---- | M] () -- C:\Users\Yehia\AppData\Roaming\Mozilla\Firefox\Profiles\rjakvi6n.default\searchplugins\babylon.xml [2010/08/06 18:35:55 | 000,001,742 | ---- | M] () -- C:\Users\Yehia\AppData\Roaming\Mozilla\Firefox\Profiles\rjakvi6n.default\searchplugins\search-the-web.xml [2010/08/28 02:50:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/06/10 19:05:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/07/20 04:26:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2008/11/19 16:32:26 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmozax.dll [2010/07/13 02:34:03 | 000,002,204 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml O1 HOSTS File: ([2010/08/22 22:32:31 | 000,417,356 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 14401 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKU\S-1-5-21-2046078132-3244827229-1833254173-1001\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2046078132-3244827229-1833254173-1001\..\Toolbar\WebBrowser: (Babylon Plug In) - {A057A204-BACC-4D26-9E83-2DB586E27190} - C:\Program Files (x86)\BabylonXtra\BabylonXtra.dll ( ) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2046078132-3244827229-1833254173-1001..\Run: [sandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2046078132-3244827229-1833254173-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010/08/28 16:12:12 | 009,333,808 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Yehia\Desktop\SUPERAntiSpyware.exe [2010/08/28 12:45:44 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\Adobe [2010/08/27 02:38:17 | 000,000,000 | ---D | C] -- C:\Users\Yehia\Desktop\commision list [2010/08/26 04:05:15 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\ESET [2010/08/26 03:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2010/08/26 03:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/08/22 21:47:45 | 000,000,000 | R--D | C] -- C:\Sandbox [2010/08/22 21:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie [2010/08/22 00:18:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime [2010/08/21 02:08:58 | 000,000,000 | ---D | C] -- C:\Users\Yehia\Documents\My Chat Logs [2010/08/20 01:49:43 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\InternetCalls [2010/08/20 01:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InternetCalls.com [2010/08/19 20:02:19 | 000,000,000 | ---D | C] -- C:\Users\Yehia\Desktop\Adam Drawings [2010/08/18 19:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010/08/09 00:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2010/08/09 00:08:20 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2010/08/09 00:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2010/08/08 23:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real [2010/08/08 23:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2010/08/08 23:59:15 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\Real [2010/08/06 16:22:26 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\Notepad++ [2010/08/06 16:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2010/08/05 01:35:25 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\Criterion Games [2010/08/05 01:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2010/08/05 01:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2010/08/04 15:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster [2010/08/04 15:22:54 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\WinPatrol [2010/08/04 15:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios [2010/08/04 01:59:42 | 000,000,000 | ---D | C] -- C:\Users\Yehia\Desktop\Games [2010/08/04 01:59:09 | 000,000,000 | ---D | C] -- C:\Users\Yehia\Desktop\Programs [2010/08/04 01:43:19 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\DAEMON Tools Lite [2010/08/04 01:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010/08/03 02:28:23 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\Hamachi [2010/08/03 02:28:07 | 000,033,344 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys [2010/08/03 02:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hamachi [2010/08/02 02:04:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/08/02 02:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/08/01 15:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2010/08/01 15:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2010/08/01 15:18:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010/07/31 14:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010/07/31 14:05:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2010/07/30 15:47:03 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\Windows Live Writer [2010/07/30 15:47:03 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\Windows Live Writer [2010/07/30 02:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010/07/30 02:03:33 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\Windows Live [2010/07/29 13:31:26 | 000,168,544 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\eamonm.sys [2010/07/29 13:31:26 | 000,141,264 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\ehdrv.sys [2010/07/29 13:31:26 | 000,126,320 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\epfwwfpr.sys [2010/07/20 04:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010/07/20 04:26:54 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaws.exe [2010/07/20 04:26:54 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaw.exe [2010/07/20 04:26:54 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\java.exe [2010/07/13 02:36:05 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\BabylonXtra [2010/07/13 02:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonXtra [2010/07/13 02:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\BabAPi [2010/07/13 02:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\EmailNotifier [2010/07/12 04:42:39 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\Ventrilo [2010/07/12 04:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo [2010/07/12 04:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2010/07/09 13:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2010/07/07 03:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2010/07/07 03:01:35 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\uTorrent [2010/07/06 15:51:51 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\pLan [2010/07/06 03:35:34 | 000,000,000 | ---D | C] -- C:\Users\Yehia\Documents\Cross Fire [2010/07/06 03:35:32 | 000,000,000 | ---D | C] -- C:\CFLog [2010/07/06 03:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010/07/06 03:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010/07/06 01:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Z8Games [2010/07/04 21:06:42 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\TechSmith [2010/06/22 22:30:48 | 000,411,480 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll [2010/06/19 00:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010/06/18 15:35:43 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\KeyLemon [2010/06/18 02:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Subagames [2010/06/18 01:33:59 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\PMB Files [2010/06/18 01:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2010/06/18 01:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2010/06/17 02:14:35 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\ElevatedDiagnostics [2010/06/15 13:24:15 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\vlc [2010/06/14 13:49:42 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\FileZilla [2010/06/14 13:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2010/06/14 13:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010/06/14 13:47:43 | 000,000,000 | ---D | C] -- C:\Fraps [2010/06/13 15:21:24 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010/06/11 17:35:59 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\Google [2010/06/11 14:28:46 | 000,000,000 | ---D | C] -- C:\Users\Yehia\Documents\Camtasia Studio [2010/06/11 03:13:16 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010/06/11 02:19:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010/06/11 02:14:57 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010/06/10 19:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/06/10 19:05:25 | 000,423,656 | ---- | C] (Oracle) -- C:\Windows\SysWow64\deployJava1.dll [2010/06/10 19:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Messenger_Plus_Live [2010/06/10 18:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2010/06/10 18:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010/06/10 18:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010/06/10 18:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2010/06/10 18:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2010/06/10 18:34:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2010/06/10 18:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010/06/10 18:11:55 | 000,000,000 | ---D | C] -- C:\Lyrics [2010/06/10 18:07:50 | 000,000,000 | ---D | C] -- C:\Users\Yehia\Documents\My Received Files [2010/06/10 18:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus! [2010/06/10 17:58:59 | 000,000,000 | ---D | C] -- C:\Users\Yehia\Documents\NFS Most Wanted [2010/06/10 17:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Messenger Plus! Live [2010/06/10 17:51:46 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\skypePM [2010/06/10 17:51:42 | 000,000,000 | ---D | C] -- C:\Users\Yehia\Tracing [2010/06/10 17:51:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010/06/10 17:50:22 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\Skype [2010/06/10 17:47:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010/06/10 17:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010/06/10 17:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010/06/10 17:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010/06/10 17:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010/06/10 17:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010/06/10 17:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2010/06/10 17:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010/06/10 17:25:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Flash [2010/06/10 17:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared [2010/06/10 17:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith [2010/06/10 17:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2010/06/10 17:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2010/06/10 17:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010/06/10 17:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2010/06/10 17:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minilyrics [2010/06/10 17:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2010/06/10 17:17:00 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\TeamViewer [2010/06/10 17:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2010/06/10 17:16:14 | 000,000,000 | ---D | C] -- C:\Users\Yehia\temp [2010/06/10 17:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2010/06/10 17:06:23 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\Macromedia [2010/06/10 17:06:23 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\Adobe [2010/06/10 17:04:41 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010/06/10 17:04:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010/06/10 17:03:12 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\Mozilla [2010/06/10 17:03:12 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\Mozilla [2010/06/10 17:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010/06/10 16:46:57 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\PunkBuster [2010/06/10 16:41:02 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\Malwarebytes [2010/06/10 16:40:57 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/06/10 16:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/06/10 16:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010/06/10 16:25:29 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\WinRAR [2010/06/10 16:25:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2010/06/10 16:23:53 | 000,000,000 | R--D | C] -- C:\Users\Yehia\Searches [2010/06/10 16:23:53 | 000,000,000 | -H-D | C] -- C:\Users\Yehia\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2010/06/10 16:23:45 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\Identities [2010/06/10 16:23:43 | 000,000,000 | R--D | C] -- C:\Users\Yehia\Contacts [2010/06/10 16:23:41 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\VirtualStore [2010/06/10 16:23:31 | 000,000,000 | --SD | C] -- C:\Users\Yehia\AppData\Roaming\Microsoft [2010/06/10 16:23:31 | 000,000,000 | R--D | C] -- C:\Users\Yehia\Videos [2010/06/10 16:23:31 | 000,000,000 | R--D | C] -- C:\Users\Yehia\Saved Games [2010/06/10 16:23:31 | 000,000,000 | R--D | C] -- C:\Users\Yehia\Pictures [2010/06/10 16:23:31 | 000,000,000 | R--D | C] -- C:\Users\Yehia\Music [2010/06/10 16:23:31 | 000,000,000 | R--D | C] -- C:\Users\Yehia\Links [2010/06/10 16:23:31 | 000,000,000 | R--D | C] -- C:\Users\Yehia\Favorites [2010/06/10 16:23:31 | 000,000,000 | R--D | C] -- C:\Users\Yehia\Downloads [2010/06/10 16:23:31 | 000,000,000 | R--D | C] -- C:\Users\Yehia\My Documents [2010/06/10 16:23:31 | 000,000,000 | R--D | C] -- C:\Users\Yehia\Desktop [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\AppData\Local\Temporary Internet Files [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\Templates [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\Start Menu [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\SendTo [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\Recent [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\PrintHood [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\NetHood [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\Documents\My Videos [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\Documents\My Pictures [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\Documents\My Music [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\My Documents [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\Local Settings [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\AppData\Local\History [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\Cookies [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\Application Data [2010/06/10 16:23:31 | 000,000,000 | -HSD | C] -- C:\Users\Yehia\AppData\Local\Application Data [2010/06/10 16:23:31 | 000,000,000 | -H-D | C] -- C:\Users\Yehia\AppData [2010/06/10 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\Temp [2010/06/10 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Local\Microsoft [2010/06/10 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\Yehia\AppData\Roaming\Media Center Programs [2010/06/03 04:56:33 | 000,000,000 | -HSD | C] -- C:\Boot [2010/06/03 03:57:37 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010/06/02 18:11:56 | 000,000,000 | ---D | C] -- C:\TokensBackup [2010/06/02 18:03:01 | 000,000,000 | -HSD | C] -- C:\Recovery ========== Files - Modified Within 90 Days ========== [2010/08/28 23:58:43 | 007,602,176 | -HS- | M] () -- C:\Users\Yehia\NTUSER.DAT [2010/08/28 23:51:08 | 000,009,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/08/28 23:51:08 | 000,009,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/08/28 23:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2046078132-3244827229-1833254173-1001UA.job [2010/08/28 16:25:26 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/08/28 16:25:26 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/08/28 16:25:26 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/08/28 16:21:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/08/28 16:20:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/08/28 16:20:53 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010/08/28 16:20:04 | 008,678,547 | -H-- | M] () -- C:\Users\Yehia\AppData\Local\IconCache.db [2010/08/28 14:47:31 | 000,002,178 | ---- | M] () -- C:\Windows\Sandboxie.ini [2010/08/27 00:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2046078132-3244827229-1833254173-1001Core.job [2010/08/26 21:05:29 | 450,506,858 | ---- | M] () -- C:\Users\Yehia\Desktop\capture-1.camrec [2010/08/26 21:03:18 | 000,005,120 | ---- | M] () -- C:\Users\Yehia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/26 20:35:52 | 009,333,808 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Yehia\Desktop\SUPERAntiSpyware.exe [2010/08/26 04:03:46 | 004,826,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/08/25 18:21:27 | 000,000,896 | ---- | M] () -- C:\Users\Yehia\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk [2010/08/22 22:32:31 | 000,417,356 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010/08/22 04:23:22 | 000,219,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010/08/22 04:08:39 | 000,219,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010/08/19 19:39:08 | 000,070,680 | ---- | M] () -- C:\Users\Yehia\Desktop\13659_353041500380_302056140380_10013794_1223771_n.jpg [2010/08/15 00:44:47 | 000,000,917 | ---- | M] () -- C:\Users\Yehia\Desktop\Ventrilo.lnk [2010/08/14 18:01:33 | 000,000,151 | ---- | M] () -- C:\Windows\SysWow64\imon1.dat [2010/08/12 20:36:59 | 000,417,149 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100822-223230.backup [2010/08/09 00:08:20 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2010/08/06 15:19:30 | 000,097,493 | ---- | M] () -- C:\Users\Yehia\Desktop\37409_405126057745_701712745_4982628_8046730_n.jpg [2010/08/04 01:59:37 | 000,000,355 | ---- | M] () -- C:\Users\Yehia\Desktop\Computer - Shortcut.lnk [2010/08/04 01:44:03 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010/08/03 02:28:07 | 000,033,344 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys [2010/08/01 16:32:43 | 000,416,107 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100812-203659.backup [2010/07/29 13:31:26 | 000,168,544 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\eamonm.sys [2010/07/29 13:31:26 | 000,141,264 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\ehdrv.sys [2010/07/29 13:31:26 | 000,126,320 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\epfwwfpr.sys [2010/07/12 04:42:22 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2010/07/06 03:10:19 | 000,411,926 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100801-163243.backup [2010/06/22 22:30:48 | 000,411,480 | ---- | M] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll [2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\Windows\SysWow64\javaws.exe [2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\SysWow64\javaw.exe [2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\SysWow64\java.exe [2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\Windows\SysWow64\deployJava1.dll [2010/06/20 16:19:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010/06/19 02:57:18 | 000,000,132 | ---- | M] () -- C:\Users\Yehia\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010/06/16 03:11:23 | 000,000,132 | ---- | M] () -- C:\Users\Yehia\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010/06/12 15:42:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/06/11 03:13:04 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010/06/11 02:17:08 | 000,042,049 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010/06/11 02:17:08 | 000,042,049 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010/06/11 02:15:50 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010/06/11 02:15:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat [2010/06/10 18:57:34 | 000,057,560 | ---- | M] () -- C:\Users\Yehia\AppData\Local\GDIPFONTCACHEV1.DAT [2010/06/10 18:55:13 | 000,001,262 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100706-031019.backup [2010/06/10 17:51:46 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat [2010/06/10 17:21:16 | 000,001,893 | ---- | M] () -- C:\Users\Yehia\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk [2010/06/10 17:20:41 | 000,001,042 | ---- | M] () -- C:\Users\Yehia\Application Data\Microsoft\Internet Explorer\Quick Launch\Restart MiniLyrics.lnk [2010/06/10 17:03:13 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010/06/10 17:03:10 | 000,001,967 | ---- | M] () -- C:\Users\Yehia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/06/10 16:47:08 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010/06/10 16:30:13 | 000,001,441 | ---- | M] () -- C:\Users\Yehia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/06/10 16:27:54 | 000,524,288 | -HS- | M] () -- C:\Users\Yehia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010/06/10 16:27:54 | 000,524,288 | -HS- | M] () -- C:\Users\Yehia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010/06/10 16:27:54 | 000,065,536 | -HS- | M] () -- C:\Users\Yehia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010/06/10 16:23:31 | 000,000,020 | -HS- | M] () -- C:\Users\Yehia\ntuser.ini [2010/06/02 18:36:16 | 000,268,771 | RHS- | M] () -- C:\YHUKV [2010/06/02 18:36:16 | 000,000,020 | RHS- | M] () -- C:\win7.ld ========== Files Created - No Company Name ========== [2010/08/26 21:04:36 | 450,506,858 | ---- | C] () -- C:\Users\Yehia\Desktop\capture-1.camrec [2010/08/25 18:21:38 | 000,000,896 | ---- | C] () -- C:\Users\Yehia\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk [2010/08/22 21:44:28 | 000,002,178 | ---- | C] () -- C:\Windows\Sandboxie.ini [2010/08/19 19:39:08 | 000,070,680 | ---- | C] () -- C:\Users\Yehia\Desktop\13659_353041500380_302056140380_10013794_1223771_n.jpg [2010/08/06 15:19:28 | 000,097,493 | ---- | C] () -- C:\Users\Yehia\Desktop\37409_405126057745_701712745_4982628_8046730_n.jpg [2010/08/04 01:59:37 | 000,000,355 | ---- | C] () -- C:\Users\Yehia\Desktop\Computer - Shortcut.lnk [2010/08/04 01:44:03 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2010/08/01 16:57:37 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\imon1.dat [2010/07/12 04:42:22 | 000,000,917 | ---- | C] () -- C:\Users\Yehia\Desktop\Ventrilo.lnk [2010/07/12 04:42:19 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2010/06/20 16:19:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010/06/16 02:03:54 | 000,000,132 | ---- | C] () -- C:\Users\Yehia\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010/06/12 15:42:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/06/11 23:50:00 | 000,000,132 | ---- | C] () -- C:\Users\Yehia\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010/06/11 17:36:01 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2046078132-3244827229-1833254173-1001UA.job [2010/06/11 17:36:00 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2046078132-3244827229-1833254173-1001Core.job [2010/06/11 14:30:05 | 000,005,120 | ---- | C] () -- C:\Users\Yehia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/11 02:15:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/06/11 02:15:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2010/06/10 17:51:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010/06/10 17:21:16 | 000,001,893 | ---- | C] () -- C:\Users\Yehia\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk [2010/06/10 17:20:41 | 000,001,042 | ---- | C] () -- C:\Users\Yehia\Application Data\Microsoft\Internet Explorer\Quick Launch\Restart MiniLyrics.lnk [2010/06/10 17:03:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/06/10 17:03:10 | 000,001,967 | ---- | C] () -- C:\Users\Yehia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/06/10 16:47:25 | 000,219,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010/06/10 16:47:14 | 000,219,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010/06/10 16:47:08 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010/06/10 16:30:13 | 000,001,441 | ---- | C] () -- C:\Users\Yehia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/06/10 16:27:27 | 000,171,136 | RHS- | C] () -- C:\grldr [2010/06/10 16:23:31 | 000,524,288 | -HS- | C] () -- C:\Users\Yehia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010/06/10 16:23:31 | 000,524,288 | -HS- | C] () -- C:\Users\Yehia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010/06/10 16:23:31 | 000,262,144 | -HS- | C] () -- C:\Users\Yehia\ntuser.dat.LOG1 [2010/06/10 16:23:31 | 000,065,536 | -HS- | C] () -- C:\Users\Yehia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010/06/10 16:23:31 | 000,000,290 | ---- | C] () -- C:\Users\Yehia\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2010/06/10 16:23:31 | 000,000,272 | ---- | C] () -- C:\Users\Yehia\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2010/06/10 16:23:31 | 000,000,020 | -HS- | C] () -- C:\Users\Yehia\ntuser.ini [2010/06/10 16:23:31 | 000,000,000 | -HS- | C] () -- C:\Users\Yehia\ntuser.dat.LOG2 [2010/06/10 16:23:30 | 007,602,176 | -HS- | C] () -- C:\Users\Yehia\NTUSER.DAT [2010/06/03 04:56:34 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010/06/03 04:56:33 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2010/06/03 03:57:37 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys [2010/06/02 18:36:16 | 000,268,771 | RHS- | C] () -- C:\YHUKV [2010/06/02 18:35:53 | 000,000,020 | RHS- | C] () -- C:\win7.ld [2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010/07/13 02:36:06 | 000,000,000 | ---D | M] -- C:\Users\Yehia\AppData\Roaming\BabylonXtra [2010/08/04 01:49:01 | 000,000,000 | ---D | M] -- C:\Users\Yehia\AppData\Roaming\DAEMON Tools Lite [2010/08/07 13:52:08 | 000,000,000 | ---D | M] -- C:\Users\Yehia\AppData\Roaming\FileZilla [2010/08/20 01:59:43 | 000,000,000 | ---D | M] -- C:\Users\Yehia\AppData\Roaming\InternetCalls [2010/08/06 16:22:33 | 000,000,000 | ---D | M] -- C:\Users\Yehia\AppData\Roaming\Notepad++ [2010/06/10 17:18:52 | 000,000,000 | ---D | M] -- C:\Users\Yehia\AppData\Roaming\TeamViewer [2010/07/07 03:36:11 | 000,000,000 | ---D | M] -- C:\Users\Yehia\AppData\Roaming\uTorrent [2010/07/30 15:47:03 | 000,000,000 | ---D | M] -- C:\Users\Yehia\AppData\Roaming\Windows Live Writer [2010/08/04 15:22:55 | 000,000,000 | ---D | M] -- C:\Users\Yehia\AppData\Roaming\WinPatrol [2010/08/17 03:26:17 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009/07/14 04:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010/06/11 03:13:04 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009/08/02 09:59:51 | 000,171,136 | RHS- | M] () -- C:\grldr [2010/08/28 16:20:53 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010/08/28 16:20:56 | 4293,386,240 | -HS- | M] () -- C:\pagefile.sys [2010/06/02 18:36:16 | 000,000,020 | RHS- | M] () -- C:\win7.ld [2010/06/02 18:36:16 | 000,268,771 | RHS- | M] () -- C:\YHUKV < %systemroot%\Fonts\*.com > [2009/07/14 08:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009/07/14 08:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009/07/14 08:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009/07/14 08:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009/06/10 23:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009/07/14 07:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x > < %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x > [2010/06/10 16:30:13 | 000,000,221 | -HS- | M] () -- C:\Users\Yehia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini < %USERPROFILE%\Desktop\*.exe > [2010/08/26 20:35:52 | 009,333,808 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Yehia\Desktop\SUPERAntiSpyware.exe < %PROGRAMFILES%\Common Files\*.* > < %systemroot%\*.src > < %systemroot%\install\*.* > < %systemroot%\system32\DLL\*.* > < %systemroot%\system32\HelpFiles\*.* > < %systemroot%\system32\rundll\*.* > < %systemroot%\winn32\*.* > < %systemroot%\Java\*.* > < %systemroot%\system32\test\*.* > < %systemroot%\system32\Rundll32\*.* > < %systemroot%\AppPatch\Custom\*.* > < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x > < %PROGRAMFILES%\PC-Doctor\Downloads\*.* > < %PROGRAMFILES%\Internet Explorer\*.tmp > < %PROGRAMFILES%\Internet Explorer\*.dat > < %USERPROFILE%\My Documents\*.exe > < %USERPROFILE%\*.exe > < %systemroot%\ADDINS\*.* > [2009/06/11 00:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf < %systemroot%\assembly\*.bak2 > < %systemroot%\Config\*.* > < %systemroot%\REPAIR\*.bak2 > < %systemroot%\SECURITY\Database\*.sdb /x > < %systemroot%\SYSTEM\*.bak2 > < %systemroot%\Web\*.bak2 > < %systemroot%\Driver Cache\*.* > < %PROGRAMFILES%\Mozilla Firefox\0*.exe > < %ProgramFiles%\Microsoft Common\*.* > < %ProgramFiles%\TinyProxy. > < %USERPROFILE%\Favorites\*.url /x > [2010/08/26 04:04:27 | 000,000,402 | -HS- | M] () -- C:\Users\Yehia\Favorites\desktop.ini < %systemroot%\System32\Wbem\*.exe > [2009/07/14 04:14:24 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\mofcomp.exe [2009/07/14 04:14:45 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WinMgmt.exe [2009/07/14 04:14:46 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMIADAP.exe [2009/07/14 04:14:46 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WMIC.exe [2009/07/14 04:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < ipconfig /all > Invalid Switch: all < nslookup google.com > < nslookup yahoo.com > < ping -n 2 google.com > < ping -n 2 yahoo.com > < route print > ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report >
  11. Yehia
    hello mates recently my computer went a little bit slow and buggy am making sure it's clean MBAM LOG : http://pastebin.com/xpHh065j HJT LOG : http://pastebin.com/TVUBaFq8 i am ready for any tradional logs to be supplied
  12. Yehia
    rofl .. filled !! anywayz is there any chance that i can talk to u directly on msn ?
  13. Yehia
    uptill now its working just perfect .. thanks to you guys btw Exile my application is refused on malware removal because there is no vacant place.. recommend me other one i know they all are the same but tell me number two please
  14. Yehia
    EXILEEEEEEEEEEE YOU ARE THE MAN .,. THE BAT FILE IS WORKING PERFECTLYYYY I Didn't have to create a new account and all that CRAP .. ops sorry Anywayz seriously man if i can contact you directly that would be awesome .. :) thanks agian
  15. Yehia
    soo al i have to to is to create the account again and install it there and thats it ?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.