4
"Silent Runners.vbs", revision 61,
Operating System: Windows 7
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Facebook Update" = ""C:\Users\BlabLoOo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver" ["Facebook Inc."]
"IDMan" = "C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]
"msnmsgr" = ""C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background" [MS]
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"StartCCC" = ""C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun" ["Advanced Micro Devices, Inc."]
"LFService" = "C:\Program Files (x86)\Lock Folder XP\LFService.exe -start" [null data]
"avast" = ""C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui" ["AVAST Software"]
"SunJavaUpdateSched" = ""C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDM integration (IDMIEHlprObj Class)"
\InProcServer32\(Default) = "C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll" ["Internet Download Manager, Tonec Inc."]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided)
-> {HKLM...CLSID} = "avast! WebRep"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll" ["AVAST Software"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "مساعد تسجيل الدخول إلى Windows Live"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = "URLRedirectionBHO"
-> {HKLM...CLSID} = "Office Document Cache Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL" [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Hotspot Shield Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll" ["AnchorFree Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShell.dll" ["AVAST Software"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Userinit" = "userinit.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{503739d0-4c5e-4cfd-b3ba-d881334f0df2}\(Default) = "VaultCredProvider"
-> {HKLM...CLSID} = "VaultCredProvider"
\InProcServer32\(Default) = "C:\Windows\System32\VaultCredProvider.dll" [file not found]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
-> {HKLM...CLSID} = "AP encoding/decoding Filters"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
-> {HKLM...CLSID} = "AP encoding/decoding Filters"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> text/xml\CLSID = "{807573E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<<!>> about\CLSID = "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML About Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
<<!>> cdl\CLSID = "{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
-> {HKLM...CLSID} = "CDL: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> dvd\CLSID = "{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
-> {HKLM...CLSID} = "DVD: Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\msvidctl.dll" [MS]
<<!>> file\CLSID = "{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "file:, local: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> ftp\CLSID = "{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "ftp: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> http\CLSID = "{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "http: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> https\CLSID = "{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "https: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> javascript\CLSID = "{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Javascript Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL" [MS]
<<!>> local\CLSID = "{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "file:, local: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> mailto\CLSID = "{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Mailto Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
<<!>> mk\CLSID = "{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "mk: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll" [MS]
<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL" [MS]
<<!>> res\CLSID = "{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Resource Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
<<!>> tv\CLSID = "{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
-> {HKLM...CLSID} = "TV: Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\msvidctl.dll" [MS]
<<!>> vbscript\CLSID = "{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Javascript Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShell.dll" ["AVAST Software"]
LFShlExt\(Default) = "{54170F36-B675-4678-8C69-0F4103DF6401}"
-> {HKLM...CLSID} = "LFShlExt Class"
\InProcServer32\(Default) = "C:\PROGRA~2\LOCKFO~1\LF37CO~1.DLL" [empty string]
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
00avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShell.dll" ["AVAST Software"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
LFShlExt\(Default) = "{54170F36-B675-4678-8C69-0F4103DF6401}"
-> {HKLM...CLSID} = "LFShlExt Class"
\InProcServer32\(Default) = "C:\PROGRA~2\LOCKFO~1\LF37CO~1.DLL" [empty string]
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShell.dll" ["AVAST Software"]
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext32.dll" ["Alexander Roshal"]
Default executables:
--------------------
HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"
<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoActiveDesktop" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\BlabLoOo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
ASHAshampoo_Burning_Studio_10BURNONARRIVAL\
"Provider" = "Ashampoo Burning Studio 10"
"InvokeProgID" = "Ashampoo.BurningStudio10"
"InvokeVerb" = "autoplay-burn"
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio10\shell\autoplay-burn\Command\(Default) = ""C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\burningstudio10.exe" -autoplay -selectdrive "%l"" ["Ashampoo"]
ASHAshampoo_Burning_Studio_10COPYONARRIVAL\
"Provider" = "Ashampoo Burning Studio 10"
"InvokeProgID" = "Ashampoo.BurningStudio10"
"InvokeVerb" = "autoplay-copy"
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio10\shell\autoplay-copy\Command\(Default) = ""C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\burningstudio10.exe" -autoplay -selectdrive "%l" -copy" ["Ashampoo"]
ASHAshampoo_Burning_Studio_10RIPONARRIVAL\
"Provider" = "Ashampoo Burning Studio 10"
"InvokeProgID" = "Ashampoo.BurningStudio10"
"InvokeVerb" = "autoplay-rip"
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio10\shell\autoplay-rip\Command\(Default) = ""C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\burningstudio10.exe" -autoplay -selectdrive "%l" -rip" ["Ashampoo"]
QMPPlayCDAudioOnArrival\
"Provider" = "QQPlayer"
"InvokeProgID" = "QQPlayer.disk"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\QQPlayer.disk\shell\open\command\(Default) = ""C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe" /disk "%1"" ["Tencent"]
QMPPlayDVDMovieOnArrival\
"Provider" = "QQPlayer"
"InvokeProgID" = "QQPlayer.disk"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\QQPlayer.disk\shell\open\command\(Default) = ""C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe" /disk "%1"" ["Tencent"]
QMPPlayMediaFilesOnArrival\
"Provider" = "QQPlayer"
"InvokeProgID" = "QQPlayer.dir"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\QQPlayer.dir\shell\open\command\(Default) = ""C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe" /dir "%1"" ["Tencent"]
QMPPlaySVCDMovieOnArrival\
"Provider" = "QQPlayer"
"InvokeProgID" = "QQPlayer.disk"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\QQPlayer.disk\shell\open\command\(Default) = ""C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe" /disk "%1"" ["Tencent"]
QMPPlayVCDMovieOnArrival\
"Provider" = "QQPlayer"
"InvokeProgID" = "QQPlayer.disk"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\QQPlayer.disk\shell\open\command\(Default) = ""C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe" /disk "%1"" ["Tencent"]
Startup items in "BlabLoOo" & "All Users" startup folders:
----------------------------------------------------------
C:\Users\BlabLoOo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"AntiCrash" -> shortcut to: "C:\Program Files (x86)\Dachshund Software\AntiCrash\AntiCrash.exe" [null data]
Windows Sidebar Gadgets:
------------------------
C:\Users\BlabLoOo\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCalendar.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCPU.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CWeather.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CaswSidebar.gadget"
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AMD External Events Utility, AMD External Events Utility, "C:\Windows\system32\atiesrxx.exe" [file not found]
Application Experience, AeLookupSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\aelupsvc.dll" [file not found]}
Application Information, Appinfo, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\appinfo.dll" [file not found]}
Audio Service, STacSV, "C:\Program Files\IDT\WDM\STacSV64.exe" ["IDT, Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\AVAST Software\Avast\AvastSvc.exe"" ["AVAST Software"]
avast! Firewall, avast! Firewall, ""C:\Program Files\AVAST Software\Avast\afwServ.exe"" ["AVAST Software"]
Background Intelligent Transfer Service, BITS, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\qmgr.dll" [file not found]}
Base Filtering Engine, BFE, "C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\System32\bfe.dll" [file not found]}
Bluetooth Support Service, bthserv, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\system32\bthserv.dll" [file not found]}
CNG Key Isolation, KeyIso, "C:\Windows\system32\lsass.exe" [file not found]
Computer Browser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [file not found]}
DCOM Server Process Launcher, DcomLaunch, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\rpcss.dll" [file not found]}
Desktop Window Manager Session Manager, UxSms, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\uxsms.dll" [file not found]}
Diagnostic Policy Service, DPS, "C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\system32\dps.dll" [file not found]}
Distributed Link Tracking Client, TrkWks, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\trkwks.dll" [file not found]}
DNS Client, Dnscache, "C:\Windows\system32\svchost.exe -k NetworkService" {"C:\Windows\System32\dnsrslvr.dll" [file not found]}
Extensible Authentication Protocol, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [file not found]}
Group Policy Client, gpsvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\gpsvc.dll" [file not found]}
Hotspot Shield Monitoring Service, HssWd, "C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS" [null data]
Hotspot Shield Routing Service, HssSrv, "C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe" ["AnchorFree Inc."]
Hotspot Shield Service, hshld, "C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe" [null data]
IKE and AuthIP IPsec Keying Modules, IKEEXT, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\ikeext.dll" [file not found]}
IP Helper, iphlpsvc, "C:\Windows\System32\svchost.exe -k NetSvcs" {"C:\Windows\System32\iphlpsvc.dll" [file not found]}
Multimedia Class Scheduler, MMCSS, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\mmcss.dll" [file not found]}
Network Connections, Netman, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\netman.dll" [file not found]}
Network Location Awareness, NlaSvc, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\System32\nlasvc.dll" [file not found]}
Network Store Interface Service, nsi, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\nsisvc.dll" [file not found]}
Offline Files, CscService, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\cscsvc.dll" [file not found]}
Plug and Play, PlugPlay, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\umpnpmgr.dll" [file not found]}
Power, Power, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\umpo.dll" [file not found]}
Print Spooler, Spooler, "C:\Windows\System32\spoolsv.exe" [file not found]
Program Compatibility Assistant Service, PcaSvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\pcasvc.dll" [file not found]}
Remote Procedure Call (RPC), RpcSs, "C:\Windows\system32\svchost.exe -k rpcss" {"C:\Windows\system32\rpcss.dll" [file not found]}
RPC Endpoint Mapper, RpcEptMapper, "C:\Windows\system32\svchost.exe -k RPCSS" {"C:\Windows\System32\RpcEpMap.dll" [file not found]}
Security Accounts Manager, SamSs, "C:\Windows\system32\lsass.exe" [file not found]
Security Center, wscsvc, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wscsvc.dll" [file not found]}
Server, LanmanServer, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\srvsvc.dll" [file not found]}
SSDP Discovery, SSDPSRV, "C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\Windows\System32\ssdpsrv.dll" [file not found]}
Superfetch, SysMain, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\sysmain.dll" [file not found]}
Task Scheduler, Schedule, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\schedsvc.dll" [file not found]}
TCP/IP NetBIOS Helper, lmhosts, "C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\lmhsvc.dll" [file not found]}
Themes, Themes, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\system32\themeservice.dll" [file not found]}
User Profile Service, ProfSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\profsvc.dll" [file not found]}
Windows Audio, AudioSrv, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\Audiosrv.dll" [file not found]}
Windows Audio Endpoint Builder, AudioEndpointBuilder, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\Audiosrv.dll" [file not found]}
Windows Defender, WinDefend, "C:\Windows\System32\svchost.exe -k secsvcs" {"C:\Program Files (x86)\Windows Defender\mpsvc.dll" [file not found]}
Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [file not found]}
Windows Error Reporting Service, WerSvc, "C:\Windows\System32\svchost.exe -k WerSvcGroup" {"C:\Windows\System32\WerSvc.dll" [file not found]}
Windows Event Log, eventlog, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wevtsvc.dll" [file not found]}
Windows Firewall, MpsSvc, "C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\system32\mpssvc.dll" [file not found]}
Windows Font Cache Service, FontCache, "C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\Windows\system32\FntCache.dll" [file not found]}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [file not found]}
Windows Management Instrumentation, Winmgmt, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\wbem\WMIsvc.dll" [file not found]}
Windows Update, wuauserv, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\wuaueng.dll" [file not found]}
WLAN AutoConfig, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [file not found]}
Workstation, LanmanWorkstation, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\System32\wkssvc.dll" [file not found]}
Keyboard Driver Filters:
------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<<!>> "UpperFilters" = <<!>> "kbdclass" [file not found]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Local Port\Driver = "localspl.dll" [file not found]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [file not found]
Standard TCP/IP Port\Driver = "tcpmon.dll" [file not found]
USB Monitor\Driver = "usbmon.dll" [file not found]
WSD Port\Driver = "WSDMon.dll" [file not found]
---------- (launch time: 2012-03-07 20:59:09)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 29 seconds, including 3 seconds for message boxes)
5
====== سجل أخطاء النظام ======
Computer Name: BlabLoOo-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\DR4.
Record Number: 615
Source Name: Disk
Time Written: 20120226185438.882753-000
Event Type: Error
User:
Computer Name: BlabLoOo-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\DR4.
Record Number: 613
Source Name: Disk
Time Written: 20120226185438.367952-000
Event Type: Error
User:
Computer Name: BlabLoOo-PC
Event Code: 3
Message: A command sent to the adapter has timed out. The adapter did not respond.
Record Number: 597
Source Name: BTHUSB
Time Written: 20120226184941.220410-000
Event Type: Warning
User:
Computer Name: 37L4247E29-32
Event Code: 219
Message: The driver \Driver\tunnel failed to load for the device ROOT\*ISATAP\0000.
Record Number: 309
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20120226163127.195185-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: 37L4247E29-32
Event Code: 3
Message: A command sent to the adapter has timed out. The adapter did not respond.
Record Number: 295
Source Name: BTHUSB
Time Written: 20120226163112.406359-000
Event Type: Warning
User:
===== سجل أخطاء البرامج =====
Computer Name: BlabLoOo-PC
Event Code: 6001
Message: The winlogon notification subscriber <GPClient> failed a notification event.
Record Number: 118
Source Name: Microsoft-Windows-Winlogon
Time Written: 20120226174707.000000-000
Event Type: Warning
User:
Computer Name: BlabLoOo-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
Record Number: 102
Source Name: Microsoft-Windows-Search
Time Written: 20120226174636.000000-000
Event Type: Warning
User:
Computer Name: 37L4247E29-32
Event Code: 257
Message: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -546.
Record Number: 8
Source Name: Microsoft-Windows-CAPI2
Time Written: 20120226162851.787712-000
Event Type: Error
User:
Computer Name: 37L4247E29-32
Event Code: 412
Message: Catalog Database (376) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.
Record Number: 6
Source Name: ESENT
Time Written: 20120226162851.000000-000
Event Type: Error
User:
Computer Name: 37L4247E29-32
Event Code: 412
Message: Catalog Database (376) Catalog Database: Unable to read the header of logfile C:\Windows\system32\CatRoot2\edb.log. Error -546.
Record Number: 5
Source Name: ESENT
Time Written: 20120226162851.000000-000
Event Type: Error
User:
===== السجل الأمني =====
Computer Name: 37L4247E29-32
Event Code: 4735
Message: A security-enabled local group was changed.
Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin
Changed Attributes:
SAM Account Name: -
SID History: -
Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120226162818.138453-000
Event Type: Audit Success
User:
Computer Name: 37L4247E29-32
Event Code: 4731
Message: A security-enabled local group was created.
Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7
New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin
Attributes:
SAM Account Name: Backup Operators
SID History: -
Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120226162818.138453-000
Event Type: Audit Success
User:
Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.
Number of Elements: 0
Policy ID: 0x3055a
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120226162817.670453-000
Event Type: Audit Success
User:
Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 0
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x4
Process Name:
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120226162815.408449-000
Event Type: Audit Success
User:
Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.
This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120226162815.283648-000
Event Type: Audit Success
User:
===== تقرير انهيار البرامج =====
==================================================
Process File : TrustedInstaller.exe
Event Name : CbsPackageServicingFailure2
Event Time : 12/04/33 12:12:09 م
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Windows\servicing\TrustedInstaller.exe
Report File Size : 2,212
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7601.17592_ad33aed08e3e963537e69ce01e5c4ad645a3257_09fc3310\Report.wer
==================================================
==================================================
Process File : TrustedInstaller.exe
Event Name : CbsPackageServicingFailure2
Event Time : 13/04/33 08:08:26 ص
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Windows\servicing\TrustedInstaller.exe
Report File Size : 2,212
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7601.17592_ad33aed08e3e963537e69ce01e5c4ad645a3257_13882377\Report.wer
==================================================
==================================================
Process File : zyzoom.exe
Event Name : Stopped responding and was closed
Event Time : 14/04/33 08:58:59 م
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Zyzoom_Forum_Tools\zyzoom.exe
Report File Size : 3,382
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_zyzoom.exe_76a46a3fec9aa766b65f91a57329e9d2fe97ef_108d8729\Report.wer
==================================================
==================================================
Process File : WerFault.exe
Event Name : Shut down unexpectedly
Event Time : 12/04/33 11:59:36 م
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Windows\System32\WerFault.exe
Report File Size : 3,908
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\Kernel_0_0_cab_0b998313\Report.wer
==================================================
==================================================
Process File : svchost.exe
Event Name : Windows Update installation problem
Event Time : 12/04/33 12:12:58 م
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Windows\System32\svchost.exe
Report File Size : 2,090
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_e850df5e6bc1763e44c1bb17586e9115d812e3_038ce030\Report.wer
==================================================
==================================================
Process File : svchost.exe
Event Name : Windows Update installation problem
Event Time : 13/04/33 08:09:36 ص
User Name : All Users
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Windows\System32\svchost.exe
Report File Size : 2,090
Report File Path : C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_e850df5e6bc1763e44c1bb17586e9115d812e3_099d0d77\Report.wer
==================================================
==================================================
Process File : iexplore.exe
Event Name : Webpage display problem
Event Time : 13/04/33 08:32:22 ص
User Name : BlabLoOo
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report File Size : 2,016
Report File Path : C:\Users\BlabLoOo\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_510173a20b29abc48a32cefde827793d78ede9_07a5f150\Report.wer
==================================================
==================================================
Process File : iexplore.exe
Event Name : Webpage display problem
Event Time : 12/04/33 12:15:54 م
User Name : BlabLoOo
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report File Size : 2,016
Report File Path : C:\Users\BlabLoOo\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_510173a20b29abc48a32cefde827793d78ede9_0db78ed6\Report.wer
==================================================
==================================================
Process File : iexplore.exe
Event Name : Webpage display problem
Event Time : 13/04/33 08:50:25 م
User Name : BlabLoOo
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report File Size : 2,016
Report File Path : C:\Users\BlabLoOo\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_510173a20b29abc48a32cefde827793d78ede9_14204e84\Report.wer
==================================================
==================================================
Process File : iexplore.exe
Event Name : Webpage display problem
Event Time : 12/04/33 07:03:20 م
User Name : BlabLoOo
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report File Size : 2,016
Report File Path : C:\Users\BlabLoOo\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_510173a20b29abc48a32cefde827793d78ede9_14608f3b\Report.wer
==================================================
==================================================
Process File : iexplore.exe
Event Name : Webpage display problem
Event Time : 12/04/33 08:07:00 م
User Name : BlabLoOo
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report File Size : 2,016
Report File Path : C:\Users\BlabLoOo\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_510173a20b29abc48a32cefde827793d78ede9_14aad65a\Report.wer
==================================================
==================================================
Process File : iexplore.exe
Event Name : Webpage display problem
Event Time : 12/04/33 09:11:42 م
User Name : BlabLoOo
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report File Size : 2,016
Report File Path : C:\Users\BlabLoOo\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_510173a20b29abc48a32cefde827793d78ede9_14ee44d6\Report.wer
==================================================
==================================================
Process File : iexplore.exe
Event Name : Webpage display problem
Event Time : 12/04/33 11:51:31 م
User Name : BlabLoOo
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report File Size : 2,016
Report File Path : C:\Users\BlabLoOo\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_510173a20b29abc48a32cefde827793d78ede9_1798771f\Report.wer
==================================================
==================================================
Process File : iexplore.exe
Event Name : Webpage display problem
Event Time : 14/04/33 12:13:05 ص
User Name : BlabLoOo
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report File Size : 2,016
Report File Path : C:\Users\BlabLoOo\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_510173a20b29abc48a32cefde827793d78ede9_1d21c1a4\Report.wer
==================================================
==================================================
Process File : iexplore.exe
Event Name : Webpage display problem
Event Time : 11/04/33 08:14:19 م
User Name : BlabLoOo
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report File Size : 2,016
Report File Path : C:\Users\BlabLoOo\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_ab869f26d17219fd175556834ca3ab7f1e414e_17296020\Report.wer
==================================================
==================================================
Process File : iexplore.exe
Event Name : Webpage display problem
Event Time : 12/04/33 02:07:51 م
User Name : BlabLoOo
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report File Size : 2,016
Report File Path : C:\Users\BlabLoOo\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_ab869f26d17219fd175556834ca3ab7f1e414e_19ea1343\Report.wer
==================================================
==================================================
Process File : iexplore.exe
Event Name : Webpage display problem
Event Time : 14/04/33 01:22:33 ص
User Name : BlabLoOo
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report File Size : 2,016
Report File Path : C:\Users\BlabLoOo\AppData\Local\Microsoft\Windows\WER\ReportArchive\NonCritical_iexplore.exe_ab869f26d17219fd175556834ca3ab7f1e414e_1d615fa9\Report.wer
==================================================
==================================================
Process File : TrustedInstaller.exe
Event Name : CbsPackageServicingFailure2
Event Time : 12/04/33 12:12:09 م
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Windows\servicing\TrustedInstaller.exe
Report File Size : 2,212
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7601.17592_ad33aed08e3e963537e69ce01e5c4ad645a3257_09fc3310\Report.wer
==================================================
==================================================
Process File : TrustedInstaller.exe
Event Name : CbsPackageServicingFailure2
Event Time : 13/04/33 08:08:26 ص
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Windows\servicing\TrustedInstaller.exe
Report File Size : 2,212
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7601.17592_ad33aed08e3e963537e69ce01e5c4ad645a3257_13882377\Report.wer
==================================================
==================================================
Process File : zyzoom.exe
Event Name : Stopped responding and was closed
Event Time : 14/04/33 08:58:59 م
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Zyzoom_Forum_Tools\zyzoom.exe
Report File Size : 3,382
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_zyzoom.exe_76a46a3fec9aa766b65f91a57329e9d2fe97ef_108d8729\Report.wer
==================================================
==================================================
Process File : WerFault.exe
Event Name : Shut down unexpectedly
Event Time : 12/04/33 11:59:36 م
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Windows\System32\WerFault.exe
Report File Size : 3,908
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_0_0_cab_0b998313\Report.wer
==================================================
==================================================
Process File : svchost.exe
Event Name : Windows Update installation problem
Event Time : 12/04/33 12:12:58 م
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Windows\System32\svchost.exe
Report File Size : 2,090
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_e850df5e6bc1763e44c1bb17586e9115d812e3_038ce030\Report.wer
==================================================
==================================================
Process File : svchost.exe
Event Name : Windows Update installation problem
Event Time : 13/04/33 08:09:36 ص
User Name :
Exception Code :
Exception Offset :
Fault Module Name :
Fault Module Version:
Process Path : C:\Windows\System32\svchost.exe
Report File Size : 2,090
Report File Path : C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_e850df5e6bc1763e44c1bb17586e9115d812e3_099d0d77\Report.wer
==================================================
===== تقرير الشاشة الزرقاء =====
==================================================
Dump File : 030512-19968-01.dmp
Crash Time : 12/04/33 11:58:32 م
Bug Check String : APC_INDEX_MISMATCH
Bug Check Code : 0x00000001
Parameter 1 : 00000000`7719fa8a
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`0000ffff
Parameter 4 : fffff880`0b93fc60
Caused By Driver : nsiproxy.sys
Caused By Address : nsiproxy.sys+7e34c60
File Description :
Product Name :
Company :
File Version :
Processor : x64
Computer Name :
Full Path : C:\Windows\Minidump\030512-19968-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 320,302
==================================================
6
====== معلومات نظام التشغيل ======
X64 WIN_7 7600
====== قائمة البرامج المثبتة ======
Adobe Flash Player 11 Plugin
AntiCrash 3.6.1
Ashampoo Burning Studio 10 v.10.0.10
avast! Internet Security
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink YouCam
CyberLink YouCam
Debugging Tools for Windows
Facebook Video Calling 1.1.1.1
Hotspot Shield 2.24
HyperCam 2
IDT Audio
Intel(R) Display Audio Driver
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 27
Lock Folder XP
Messenger Plus! Live
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Arabic) 2010
Microsoft Office Excel MUI (Arabic) 2010
Microsoft Office Groove MUI (Arabic) 2010
Microsoft Office InfoPath MUI (Arabic) 2010
Microsoft Office OneNote MUI (Arabic) 2010
Microsoft Office Outlook MUI (Arabic) 2010
Microsoft Office PowerPoint MUI (Arabic) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proofing (Arabic) 2010
Microsoft Office Publisher MUI (Arabic) 2010
Microsoft Office Shared MUI (Arabic) 2010
Microsoft Office Word MUI (Arabic) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 9.0.1 (x86 ar)
MSVCRT
PX Profile Update
Realtek Ethernet Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Skype™ 5.3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Microsoft Outlook Social Connector (KB2583935)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
أداة التحميل Windows Live Upload Tool
مساعد تسجيل الدخول إلى Windows Live
