الملفات المخفيه حيرتنى

ابوخضر · 18 يونيو 2009

السلام عليكم ورحمه الله وبركاته
والله يخوان بهذلنى الجهاز الملفات كل ماظهرها من خيارات المجلدات ترجع تختفى
وكل ماكتب الامر regedit يكتب فشل بدء المكون الحالى لتعذر العثور على dll
والملفات الموقته ماحصلهم مع العلم انى مفرمت الجهاز ونفس المشكله

ابـــو عــبــد الــلــه · 18 يونيو 2009

وعليكم السلام

حمل هذا الآداة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم
أتمنى منك الصبر حتى يتم تحليل التقرير

ابوخضر · 18 يونيو 2009

ابو ريما الله يوفقك على سرعه ردك وهذا التقرير
Logfile of HijackThis v1.99.1
Scan saved at 01:49:40 ص, on 18/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\nort.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\jggi.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\winnqqhi.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\winvalhu.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\winbrfjd.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\wncao.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\winajplhr.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\asag.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\ofpn.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\winysyr.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\winavhfxf.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\winvbrola.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\kdwt.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\wingpbnic.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\ogfkdk.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\winqoxjl.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\fyfco.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\jvkat.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\winuqotd.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\winlirwlb.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\mfliwu.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\fysm.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\fxoswd.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\mgge.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\wintrfaxo.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\winynakn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\winsdcoif.exe
C:\DOCUME~1\fahad\LOCALS~1\Temp\winuqrvb.exe
C:\Documents and Settings\fahad\سطح المكتب\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\ar-xa\msntb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

AbOdy · 18 يونيو 2009

يعطيك العافية حبيبي ابوريما

لاهنت اخوي اعمل التالي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

ابوخضر · 18 يونيو 2009

سلمت اخوى هذا التقرير
ComboFix 09-06-17.04 - fahad 06/18/2009 13:45.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.502.176 [GMT 3:00]
Running from: c:\documents and settings\fahad\سطح المكتب\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.
2009-06-17 14:08 . 2009-06-17 14:08 -------- d-----w- c:\program files\GetData
2009-06-17 14:07 . 2009-06-17 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-17 05:17 . 2009-06-17 05:17 -------- d-----w- c:\documents and settings\fahad\Application Data\Malwarebytes
2009-06-17 05:17 . 2009-05-26 10:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 05:17 . 2009-06-17 05:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 05:17 . 2009-06-17 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-17 05:17 . 2009-05-26 10:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 13:26 . 2009-06-16 13:26 -------- d-----w- c:\program files\SopCast
2009-06-14 06:10 . 2009-06-14 06:10 -------- d-----w- c:\program files\MSECache
2009-06-11 17:00 . 2009-06-11 17:00 -------- d-sh--w- C:\FOUND.000
2009-06-11 11:04 . 2009-06-11 11:04 -------- d--h--w- c:\windows\PIF
2009-06-10 11:09 . 2009-06-10 11:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-06-10 10:14 . 2009-06-10 10:14 -------- d-----w- c:\documents and settings\fahad\Application Data\ESET
2009-06-10 10:14 . 2009-06-10 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-06-10 10:03 . 2009-06-10 10:03 -------- d-----w- c:\documents and settings\fahad\Local Settings\Application Data\ESET
2009-06-10 10:02 . 2009-06-10 10:02 -------- d-----w- c:\program files\ESET
2009-06-10 10:02 . 2009-06-10 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-08 01:31 . 2009-06-08 01:31 -------- d-----w- c:\windows\Ela-Salaty
2009-06-08 01:31 . 2009-06-08 01:31 -------- d-----w- c:\program files\Ela-Salaty
2009-06-07 07:35 . 2009-06-07 07:35 -------- d-----w- c:\program files\Windows Defender
2009-06-07 02:13 . 2008-04-14 21:29 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-07 02:00 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-06-07 02:00 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-07 02:00 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-06-07 02:00 . 2008-05-01 14:34 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-06-07 00:25 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-07 00:21 . 2008-10-03 10:03 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-06-07 00:21 . 2008-10-15 16:35 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-06-07 00:21 . 2008-09-04 17:15 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-06-07 00:20 . 2008-04-21 21:14 215040 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-06-07 00:20 . 2008-06-14 17:31 271616 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-07 00:20 . 2008-06-14 17:31 271616 ------w- c:\windows\system32\dllcache\bthport.sys
2009-06-06 01:25 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-06 01:25 . 2008-10-16 11:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-06-05 09:52 . 2009-06-05 10:08 806912 ----a-w- c:\windows\iun6002.exe
2009-06-05 09:52 . 2009-06-05 09:52 -------- d-----w- c:\windows\system32\athan
2009-06-05 09:51 . 2009-06-05 09:51 -------- d-----w- c:\program files\Athan
2009-06-05 05:18 . 2009-06-05 05:18 -------- d-----w- c:\windows\Sun
2009-06-05 00:50 . 2009-06-05 00:50 -------- d-----w- c:\program files\CCleaner
2009-06-05 00:48 . 2009-06-05 00:49 -------- d-----w- c:\program files\Framing Studio
2009-06-05 00:48 . 2009-06-05 00:49 -------- d-----w- c:\program files\SwishMax
2009-06-05 00:48 . 2009-06-05 00:49 -------- d-----w- c:\program files\PhotoWatermark
2009-06-05 00:47 . 2009-06-05 00:47 -------- d-----w- c:\program files\All Video Sound Extractor
2009-06-05 00:46 . 2009-06-05 00:46 -------- d-----w- c:\documents and settings\fahad\Application Data\Nero
2009-06-05 00:44 . 2008-03-21 22:16 1347584 ----a-w- c:\documents and settings\All Users\Application Data\Nero\DrWeb\DRWEB32.DLL
2009-06-05 00:43 . 2006-03-17 11:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2009-06-05 00:43 . 2006-03-17 08:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2009-06-05 00:43 . 2006-03-17 08:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2009-06-05 00:43 . 2006-03-17 08:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2009-06-05 00:43 . 2006-03-17 08:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2009-06-05 00:43 . 2009-06-05 00:43 -------- d-----w- c:\program files\Nero
2009-06-05 00:43 . 2009-06-05 00:43 -------- d-----w- c:\program files\Common Files\Nero
2009-06-05 00:43 . 2009-06-05 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-05 00:24 . 2009-06-05 00:24 -------- d-----w- c:\program files\Golden Al-Wafi Translator
2009-06-05 00:24 . 2009-06-05 00:27 172032 ------w- c:\windows\Setup1.exe
2009-06-05 00:24 . 2009-06-05 00:27 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-05 00:17 . 2009-06-05 00:17 -------- d-----w- c:\documents and settings\fahad\Local Settings\Application Data\Adobe
2009-06-05 00:16 . 2009-06-05 00:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-05 00:14 . 2009-06-05 00:14 -------- d-----w- c:\program files\Java
2009-06-05 00:14 . 2009-06-05 00:14 -------- d-----w- c:\program files\Common Files\Java
2009-06-05 00:14 . 2009-06-05 00:14 -------- d-----w- c:\documents and settings\fahad\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2009-06-04 19:57 . 2009-06-04 19:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-04 19:44 . 2009-06-04 19:44 -------- d-----w- c:\windows\Hewlett-Packard
2009-06-04 19:44 . 2003-06-20 17:21 36864 ----a-w- c:\windows\system32\hpbmmjno.dll
2009-06-04 19:44 . 2003-06-16 21:52 74752 ----a-w- c:\windows\system32\jst.dll
2009-06-04 19:44 . 2004-03-25 22:30 40960 ----a-w- c:\windows\system32\d4channel.dll
2009-06-04 19:44 . 2003-07-02 18:15 61440 ----a-w- c:\windows\system32\PMLJNI.dll
2009-06-04 19:43 . 2009-06-04 19:43 -------- d--h--w- c:\program files\Zero G Registry
2009-06-04 19:43 . 2009-06-04 19:43 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-04 19:41 . 2008-04-13 21:09 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2009-06-04 19:41 . 2003-09-19 16:00 266240 ----a-r- c:\windows\system32\HPZc3212.dll
2009-06-04 19:41 . 2001-09-18 10:39 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2009-06-04 19:20 . 2009-06-04 19:20 -------- d-----w- c:\documents and settings\fahad\Tracing
2009-06-04 19:16 . 2009-06-04 19:16 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-04 19:16 . 2006-11-29 10:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-06-04 19:16 . 2009-06-04 19:16 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-04 19:15 . 2009-06-04 19:15 -------- d-----w- c:\program files\Microsoft
2009-06-04 19:15 . 2009-06-04 19:15 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-04 19:15 . 2009-06-04 19:15 -------- d-----w- c:\program files\Windows Live
2009-06-04 10:54 . 2009-06-04 10:54 -------- d-----w- c:\documents and settings\fahad\Application Data\COWON
2009-06-04 10:54 . 2009-06-04 10:54 -------- d-----w- c:\program files\Common Files\COWON
2009-06-04 10:54 . 2009-06-04 10:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-04 10:54 . 2009-06-04 10:54 -------- d-----w- c:\program files\JetAudio
2009-06-04 10:54 . 2009-06-04 10:54 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-04 09:58 . 2009-06-04 09:58 -------- d-----w- c:\documents and settings\fahad\Local Settings\Application Data\Google
2009-06-04 09:58 . 2009-06-04 09:58 -------- d-----w- c:\program files\Google
2009-06-04 09:40 . 2009-06-04 09:40 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-04 09:40 . 2009-06-15 05:08 91344 ----a-w- c:\documents and settings\fahad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 09:37 . 2009-06-04 09:37 -------- d-----w- c:\program files\MSN Toolbar
2009-06-04 09:36 . 2009-06-04 09:36 -------- d-----w- c:\program files\MSN Messenger
2009-06-04 09:33 . 2009-06-04 09:33 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-04 09:33 . 2009-06-04 09:33 -------- d-----w- c:\program files\Real
2009-06-04 09:33 . 2009-06-04 09:33 -------- d-----w- c:\program files\Common Files\Real
2009-06-04 09:25 . 2007-04-09 10:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-06-04 09:25 . 2009-06-04 09:25 -------- d-----w- c:\program files\Microsoft.NET
2009-06-04 09:24 . 2009-06-04 09:24 -------- d-----w- c:\windows\SHELLNEW
2009-06-04 09:11 . 2004-09-17 16:02 732928 ----a-r- c:\windows\system32\drivers\senfilt.sys
2009-06-04 09:11 . 2005-01-27 22:31 260352 ----a-r- c:\windows\system32\drivers\smwdm.sys
2009-06-04 09:11 . 2008-04-14 18:29 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-06-04 09:11 . 2008-04-13 21:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-06-04 09:11 . 2008-04-13 21:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-06-04 09:05 . 2008-04-14 21:29 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-04 09:00 . 2006-08-14 12:41 143360 ----a-r- c:\windows\system32\igfxres.dll
2009-06-04 09:00 . 2009-06-04 09:00 -------- d-----w- c:\windows\system32\x64
2009-06-04 09:00 . 2009-06-04 09:00 -------- d-----w- c:\windows\system32\DRVSTORE
2009-06-04 09:00 . 2006-08-14 14:24 192512 ----a-r- c:\windows\system32\igfxCoIn_v4670.dll
2009-06-04 09:00 . 2006-08-14 13:19 450560 ----a-r- c:\windows\system32\igldev32.dll
2009-06-04 09:00 . 2006-04-21 08:13 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-06-04 09:00 . 2006-08-14 13:16 2363392 ----a-r- c:\windows\system32\iglicd32.dll
2009-06-04 09:00 . 2006-08-14 12:41 23552 ----a-r- c:\windows\system32\igfxexps.dll
2009-06-04 09:00 . 2006-08-14 12:41 110592 ----a-r- c:\windows\system32\igfxext.exe
2009-06-04 09:00 . 2006-04-21 08:13 309760 ----a-r- c:\windows\system32\difx32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 07:29 . 2001-09-19 15:00 58586 ----a-w- c:\windows\system32\perfc001.dat
2009-06-07 07:29 . 2001-09-19 15:00 328222 ----a-w- c:\windows\system32\perfh001.dat
2009-06-05 08:58 . 2009-06-04 08:49 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-04 19:42 . 2009-06-04 19:42 -------- d-----w- c:\program files\HP
2009-06-04 09:12 . 2009-06-04 09:12 -------- d-----w- c:\program files\Analog Devices
2009-06-04 08:47 . 2009-06-04 08:47 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-07 15:32 . 2008-04-14 18:29 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:43 . 2008-05-07 02:08 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:42 . 2008-05-07 02:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 19:47 . 2008-04-14 18:07 1847040 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:52 . 2008-04-14 18:29 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
------- Sigcheck -------
[-] 2008-04-14 18:29 93184 EBF6CAD0C415F58C02240F10226F8717 c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
c:\documents and settings\fahad\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2007-3-5 5205504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)
"DisableTaskMgr"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SfcDisable"=dword:ffffff9d
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"d:\\برامج\\wafi3\\wafi3\\setup.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\hpbpsttp.exe"=
"c:\\WINDOWS\\Explorer.EXE"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingywasv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fwab.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkkhjh.exe"=
"c:\\Program Files\\Internet Explorer\\iexplore.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\agkh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincbwnd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\vteop.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\lqtift.exe"=
"c:\\WINDOWS\\system32\\NOTEPAD.EXE"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\jucheck.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winindugo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windnabm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrsxodd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhoamsf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfsjtid.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\sqhvq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmcxlow.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winumidg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxbwnh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxtqkkk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkvugm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winerpp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winojivb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windacx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xgwav.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhvhjur.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winahvpr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rnkcs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winarbgni.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jtmq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winabpgpb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ggqu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrogxlr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jxtou.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ijbc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\w1058324.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\srmb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mndlho.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nbsn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\heuhn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\aagf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbtlpa.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winygckx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winaant.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winltcio.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlbabdp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\idtqbm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\pbfxvc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxkconw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwrlnh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winllnq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nyneo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winncqokl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkvmvbc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\bfixa.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnvacmv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmcjv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxbvxe.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\sbjqt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\w4149d.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winycqir.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fuoa.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xivdpj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfadskq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvmrgee.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winunkowh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\uxlsid.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhxcl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqwre.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkyfrh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingbkyw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\iqstkx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmaecx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrmavc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nqmmqa.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winoodgfc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\uwgp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hauwj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wintskn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winuohx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmowl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfwtu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\lpvaty.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ayvwpp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rjdk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winorwwx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mgfvn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\itjlop.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winugcru.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmasji.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnbxxsm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingoqx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winctlgvd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rfddqn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rkbe.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winondtx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\tjujf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mrvny.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wintqitu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\puuuc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winackrow.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbanmre.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hkbj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winabdfas.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvvoau.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ltrlx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\aexefn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\vatc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\lvvyo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winliibbh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ydvwb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winolvq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvtjfo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\livb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmikqnb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfngy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlght.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hiqvy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxqhiop.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qian.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhpdq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wintrbhgi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkafrj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbwiwk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ncij.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\cxiax.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\reeg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jffqx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\lilln.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\phed.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\tgrxe.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\lrno.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkhhhc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbqan.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingvankf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kvoykb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlwgqv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqxvcx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqgppu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincssov.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winsapay.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\eulj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvofu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winyrdg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmsks.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\vrjh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winsevb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qqqhuh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\pjhbdy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\pfgv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwrpe.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingacnkr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wcdpfn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rivq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\afxkch.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xljy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rmjxw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mchmtb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqfmxt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingmdnf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvakse.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkpxfgt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winsryq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winyxyp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvofa.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winifmjjv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\bsuwlh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnwru.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windmei.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\byrapk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winoxfvd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ihdlj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ykamr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winoino.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlebnx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nvpxjc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfetvq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\vkfro.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjhey.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ytcqye.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qinxy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wpxw.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\WINDOWS\\TEMP\\ulsq.exe"=
"c:\\WINDOWS\\TEMP\\mocx.exe"=
"c:\\WINDOWS\\TEMP\\fiowe.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winojyto.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winybsttc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mblsr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\guoj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nyae.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wininyj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnhyvi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kttb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\smigd.exe"=
"c:\\Program Files\\Windows Defender\\MSASCui.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rwyy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\iqwar.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jidqs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqxqeqn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xmok.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\w2f9381.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\gsgj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqkgk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\w5ea57.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\itfh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\loqbq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winapgxt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwandd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\vgfjoh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ukvc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\roujyi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincehp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnexavg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\oslw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\bqpkcp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbiwwj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wsov.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\usjgkc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winslqngc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\efvs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\itqvqb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ajeems.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\eajxp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xfjvtn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmdhqeu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winoipus.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hfgpb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhcxffe.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\cxhfne.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wintvmpud.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winupkf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xldajv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ysick.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\sfvj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winasmyn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmejvt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xllnmv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\lxflpx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkbil.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winehqc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dvgdnr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xwoqn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winyjcmf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windetd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windmkg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winupqkxm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingtugc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnkmn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dfkw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincdnlip.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ktlvi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xtvx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpgxb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlmcb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\pgygut.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfksrb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windoiyov.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\cobrrv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\odif.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwtaco.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ybvppd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjjgxow.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnmpbaf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winscsnr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrfqcsl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpcus.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winocxla.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\alder.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\eggte.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winiyrqyq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windsmal.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jwnoig.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\oshj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ddtcfi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincxdnkw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kncaq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dtrc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\gkiuo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingvebix.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\cqfih.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwyne.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhgvu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dwtpbx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfxxjs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxedykt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\udwwxm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winsnths.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rwetqf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ibyf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kcnig.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincyvs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\sexdgl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\vsycse.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nickc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\cghomu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\bocxpw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\sohb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpehoy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\thwvg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winoobq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\djpsa.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jtjnr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkmps.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxrudm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ttbpv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xmgg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhyutt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhbaj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnxwgj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvhclb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wintslln.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winahtd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mxchjx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wtfdcm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winyaec.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrgjjl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmakevq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\truf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rdjy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\lbfw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhbem.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\awrhs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkwyn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrqsagi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fyiaxe.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winurca.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\yjtphj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xfudbk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winggmni.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\uviq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxrtesu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ukvij.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winefjsr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpawn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwewy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnxycq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xhosj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wineatj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winuwfdma.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpcjccr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winuqqa.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wintycmwo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winyspr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winiqklte.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhgbo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winurdgo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlafn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winirnjvx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winntmd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winaugca.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winysuwa.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnwuxm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwndqn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winntkvtp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxchlq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jodfjv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\atglr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingjxiq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\iwxgn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmfspcu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qwdvdc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpinh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\bgykyo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winuntgt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wafex.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbwtmg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jhrjqr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kref.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfhdl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wineyck.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnitasv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winaquy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winaqrvcd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winffyfl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\khgbrq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hydlxx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbtqde.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dyetkh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjfvc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winovqq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwimgc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winswlee.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxpbhcu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xelkbs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winunayf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\iutry.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\sapqo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ktxhq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winemyup.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhygrex.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kwhov.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wineuqj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\avty.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbqrlf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\usbuha.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\cyvhgf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\irkra.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\eovhu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrxykt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winysls.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winyxsxj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingycc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvdcp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwijwfy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmxwxke.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fnif.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\cfxs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\emjbxc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\bkim.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winscmnf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhglxl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wa954a.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqhig.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winodtr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kggk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\uxdd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winicnfrc.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingljris.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mdjsc.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkpvho.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwxek.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwnbyu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\royw.exe"=
"c:\\Program Files\\Windows Live\\Toolbar\\wltuser.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\gfppo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fdqq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windcdl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wnee.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qtatuw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\w4486f.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjjfl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wintbmyl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ijmyip.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvbxt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfajknp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ipral.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqpfinj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rpgt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\unnxm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windyqyo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winuhlwr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfiot.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winyysvnr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjaeuda.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winitawos.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\uqlp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windpgui.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mavks.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winripa.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winavwdv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winanmjp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dvbw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\lsgkb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winayyg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winerpef.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingfdyx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhxare.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvwqy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mfep.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvngjdl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ficg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincytbl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\iqgbb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\w136b736.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ojnhf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xkcnrk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkuhw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjrpwm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\tjljhh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqeffs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\stnsv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmyhf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnqyl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqoxgs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winaynb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winooec.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmoji.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfxtwq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxvwlml.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwelnx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincivnad.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingoblr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\oxkqo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrcsj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winiconk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winydiesb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpfjh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\edrpc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hihkcr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkpod.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winifqss.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kqlvkd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xxjvk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\juhoug.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winflsu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nnbjmh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wqicay.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winuqfdiq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlvtocu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winohgu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fbfure.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windjrsr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winawumor.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmbpbbl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winostru.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\getap.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmmlcn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlant.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winsbuty.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxkgyng.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\btkkjv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wtmpc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingjgyj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winyskywm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhyfgh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ixje.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxhacgq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingbgu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nahu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\eryd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincxoi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winsdsq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winibga.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwalj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkceio.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dlyyk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxoqtbd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winluhadk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fgods.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\pryi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpodg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winctod.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhyhqm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windluuji.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjmrl.exe"=
"c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\gdhuyl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dggh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincvioat.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winppxbx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windqve.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winknut.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxohhs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\gpccoh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wineckbkf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hbabb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbuvl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winimtw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxggmuh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\psxpt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\w47098.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnxfn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqtmx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winydtlqm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincyyj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhxwto.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wjrli.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\vacm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nwupd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\muij.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvpufi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winsansee.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqwui.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxcof.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mxqt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvips.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fwtyt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrjtlq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\aseu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjwjxrw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wintflcga.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\duqu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmxyg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\radpvf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\iwnto.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingbybn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\sdxy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvfuuc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwftndj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nsipv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\tjetx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\tmujf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfikof.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wewnr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winurqv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpnpep.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkjcb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnbcdsk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhofcfn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxrwqr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincghtto.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\heva.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winliwj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hqjh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlwax.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qbrecd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winawrkjh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\vnoc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\vdotdm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\teup.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbendpx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\uwfw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kpffv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlabr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnbhf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\oosbd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winyhbxe.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windwsv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\brcm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrricr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kfwk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xvptt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpjtc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\lynpgl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ydkgk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winoccy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nieo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hvssfo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\idkwf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\tkxje.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\icsm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rspc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jlfv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmmnun.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfkujol.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mduqy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wintjwv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlmapmk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhmsg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winefmqy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbgtqeu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\oudg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winywpl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dsburr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\riuh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbwjya.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winklwyt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\sdxrs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dpsgj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfhtujb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\iqfu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wvcgq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjicst.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windnux.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\cxfls.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmsdq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\gunno.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfqmm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingeaptr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnviqys.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhcor.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincwwspk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnunjf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xsvim.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\pcekiu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpxtsdv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winoqdc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\bdpgb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincsem.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qtqd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmmhlv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\tvsy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnqkrs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\bbqg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqhfwrt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\yqmlo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ngru.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjsgxb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wwnsgk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincpuvj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\vtfj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfkgd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winopgxd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winscmw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winoljxox.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hbdb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpvmsxe.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wmbd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjhxcnt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingedw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winuveb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windeckja.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\docmn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jpgeia.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmrhc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\caerna.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrntvs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\exvorn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mbars.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\bhjmk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ckare.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxwgsx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhlfnd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqyldg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\acxk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvkejly.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wintnge.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincnpsxq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winuvpg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qnolwf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\pkgjjn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrrol.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kvrwi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\iuwkn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjxxtl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wamxbh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrkbj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kpebcn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winueose.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfdsjoi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\icmtvf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnxip.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\pxmlkx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ebcx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhepnns.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlmivhs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kqsa.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\pceg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\vuognc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windsyrp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qcsv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\uvgu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qudwi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxvssq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windfxb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winloxp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windmkdm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\btmx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrwlqqf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winuuwaa.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wstuv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwaqw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winufcpea.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingawm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qmngsw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\uqxe.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winggyk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnwmfj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\eifd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winicia.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\oyip.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\slpju.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwtdy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbjhg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winebbbf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\lfry.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\uummf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqktw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winocukt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxvocda.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\urveo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winomng.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nrreid.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkxmypt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\weex.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ellepp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jjncap.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingjsc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\levbi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlsmq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winabxnxp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winovimel.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hiixy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\pfri.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hwsdxg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrleak.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winojcmd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\sxts.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\yicmbq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\iurmb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfvqd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fabt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winibon.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nlkxb.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\StatusClient\\StatusClient.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winedqv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\chwkw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wbrxm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winsapk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mewbbf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\w469c2.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingylr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winoennf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jvqs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winecbkku.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwbqce.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winemxlpb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmmjy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpahir.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winltlgt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\badjw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hvccgw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mafr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwcpjbs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmvohff.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\aapy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wjcb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hpniv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jswkw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnnqeqr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hddkm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqxqo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winapyvt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fxqmkk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvkds.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dktgq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ofxan.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winidqw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\tgnq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hubkd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winsntgj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqgnojy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ammbk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlajkth.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winiqgyin.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windfwag.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\vojg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winiqaq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincxxt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfwvp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbqdqje.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingfemgy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winstvm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winaavc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlpir.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\bmtab.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvkgk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wkaeur.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpkcs.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\krcwdk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winighecm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kddjmx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmgdc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\eatu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\oehdt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\smdmae.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fgxsyd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nkmst.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windtqvas.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ttqc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\knhsr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winiaip.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hscfkq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winumvn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmxlg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\eidp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmwskx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\gejg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fdnx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\knhaun.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\lquwu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winubwq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\w429bc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kowfc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nqci.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winsmklg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winidfb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhrymuh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrpxbpo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nduf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnyphns.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpganxp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwaxxt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkavmre.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbuonl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mybwl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\munvk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpawokx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\vwtjvy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winobgeol.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\epmost.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wqqlii.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wnqffo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dcvxe.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmvon.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windoeod.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jlckbo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfurl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\windusldc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfwuyq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\vsjvy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\oxlfvd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\axosgl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwqbbpk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjusc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkpbdps.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winggjjp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\cbumq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winiefwr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincwoy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qvnb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\egna.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winokyrvo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwqvf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hdbj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbqbg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winuuxstd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfmhm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlejw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmffl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kushne.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wineewtx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\yoiu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winculf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnydd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlrfht.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjjxbqw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wineonsb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\yejy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ysesr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\afsgsn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dhqm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\syouyu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\afccxb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qglyy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpdbp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnpoprh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnnmn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\bbfoq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\swog.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hlxac.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqclohr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rfqg.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qadjl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\yqmmim.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\oqwsm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\aejhjl.exe"=
"c:\\Program Files\\JetAudio\\jetAudio.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrnmtxt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxlme.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\evtug.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winsaxknv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\drhkb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ryni.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrheoom.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlkgnve.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbnwk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winjmxlh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\uiow.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingalln.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xhlut.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwxylbi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qsnfut.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mkssun.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingofjed.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpdrmd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xsyjbx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hprrry.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rnmcvm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlxkkm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrpoxp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rdsdxq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmnxlca.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\typmw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winmbih.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winweavp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nort.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jggi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qqyjh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnqqhi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfwdngd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhmedu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfyup.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\eafywm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkwjtju.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbtljj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winonsyfi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winudavgp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\sgxkkn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\pcbm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winaslsob.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winlffdla.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wintynwqc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\yxpeln.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxuttv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\phrc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ikyv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winryucl.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hsdnwo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winaliyvm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\syqv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpxqom.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\udfq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\jwsuvu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hefd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfatq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winrqaugf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\chmeo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wingsgyt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\yjdivh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dgonh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\pmbonw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hvkj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\gxhi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kuctu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\xcxjaj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hoifn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winffrxy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winahcoi.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winxxeku.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\oible.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkfqn.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rifay.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nlrllv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qmqil.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fvpk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winfxopd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winaxbidb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\nynk.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbpgoe.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winyrmcgm.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kbnu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnkfe.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqpgqh.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\sdoc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dltvmc.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhqfy.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\enaxfw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\ubfjsw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincsik.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kbdb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwnrdb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\mafae.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\lxvtt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\hbvck.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winbfip.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winuwrxde.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winerbb.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpgon.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winexrw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwrwnj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\eysxu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fjkw.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\qimco.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpytwq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winwgkonf.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winaoxvco.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dgegr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winufjsx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\errq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpkrmt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\rfxxd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winpvrmu.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winuenmil.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winqmlfo.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wintbeyj.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\iwawt.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\fbtuoe.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvjls.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winltti.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winoeyx.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winephbp.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winvbrola.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winperq.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winoyvei.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winchxct.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winkaecds.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winnpfee.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\gkxgd.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winuswiv.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\quwql.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\winhvhr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\wincaqdvr.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\dyuva.exe"=
"c:\\DOCUME~1\\fahad\\LOCALS~1\\Temp\\kipat.exe"=
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [07/05/2008 05:09 ص 124928]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 07:19 م 13592]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\lpkphn.sys --> c:\windows\system32\drivers\lpkphn.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-06-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-06-18 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-06-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-18 13:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp470n5]
"ImagePath"="\??\c:\windows\system32\drivers\lpkphn.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b57w2k]
"ImagePath"="system32\DRIVERS\b57xp32.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="c:\windows\system32\qmgr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\docume~1\fahad\LOCALS~1\Temp\catchme.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot4]
"ImagePath"="system32\DRIVERS\Dot4.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot4Print]
"ImagePath"="system32\DRIVERS\Dot4Prt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dot4usb]
"ImagePath"="system32\DRIVERS\dot4usb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ialm]
"ImagePath"="system32\DRIVERS\igxpmp32.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="c:\windows\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="c:\windows\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
"ImagePath"="c:\windows\system32\HPZipm12.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SeaPort]
"ImagePath"="\"c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\senfilt]
"ImagePath"="system32\drivers\senfilt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smwdm]
"ImagePath"="system32\drivers\smwdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="c:\windows\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{9E289FB2-3851-40B3-903D-4DC2149C480F}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ulsata2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="c:\windows\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinDefend]
"ImagePath"="\"c:\program files\Windows Defender\MsMpEng.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{9B7A070D-F544-4D7E-BEE1-0EC028F6B547}]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1316)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-18 13:49
ComboFix-quarantined-files.txt 2009-06-18 10:49
Pre-Run: 16,497,328,128 bytes free
Post-Run: 17,427,709,952 bytes free
1763 --- E O F --- 2009-06-16 05:17

ابـــو عــبــد الــلــه · 18 يونيو 2009

عطل استعادة النظام حسب الشرح التالي

ثم

ادخل هذه الصفحة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وحمل برنامج المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
التقرير noor_mcafee
وارفعه على هذا الموقع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وارفق رابط التحميل بمشاركتك القادمة

ابوخضر · 19 يونيو 2009

ابو ريما قال:
عطل استعادة النظام حسب الشرح التالي

ثم

ادخل هذه الصفحة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وحمل برنامج المكافي
شغلها بدبل كلك واتركها حتى تنتهي صفحة الدوس من الفحص والتنظيف
ثم توجه الى القرص c ،، وقم
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
التقرير noor_mcafee
وارفعه على هذا الموقع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وارفق رابط التحميل بمشاركتك القادمة

اخوى الرابط ماهو شغال

شيخ النمور · 19 يونيو 2009

بسم الله الرحمن الرحيم ..

طاب مسائكم or طاب صباحكم .. بالمسرات والخيرات ..

بعد الحمد والصلاة والسلام على رسول الله محمد عليه الصلاة والسلام ( صلوا عليه ) ..

فإن المشاكل التي ذكرتها بالعنوان .. (( اختفاء خيارات المجلد+وجود ملف داخل ملف+إغلاق الريجيستر )) ..

كخبرة لي في الصيانة ..

فإن هذه المشاكل التي ذكرتها أصبحت شديدة الإنتشار بين حواسيب الناس ..
لا أدري لماذا ..

يسببها فايرس واحد .. أو ربما أكثر من نوع ..

لكن السبب في انتقالها ..
عادة مايكون عن طريق فلاش ميموري أو فلوبي دسك أو سيدي .. أو أي وسيط تخزين بشكل عام ..

وتكون العدوة عادة هي أصلاً بسببك ..
خصوصاً وأن الفايرس واسمه Brontok يتبع أسلوب التخفي وهو وضع ملف بداخل أي ملف ويكون بنفس إسم الملف .. ليوهم الشخص من أنه ملف عادي .. ولكنه في الأصل تطبيق .. ( ولتتأكد من ذلك .. فقم بعرض خصائص ذاك الملف .. وسيخربك من أنه تطبيق ..) فيأتي الشخص ويقوم بفتحه .. فيأتيه مستكشف وندوز .. !!
فيبدأ الفايرس بالإنتشار .. :Unhappy:

أيضاً هناك نوع آخر منه .. لا أذكر اسمه .. المهم من أنه عندما يصاب جهازك بهذا الفايرس فإنه يقوم بفتح صفحة إنترنت خضراء ..
فيها اسم الفايرس .. وكلام شرير .. بالإضافة إلى بعض الأضرار ..

نحن هنا للفايرس الأول ..
وسيقوم بمهمة القضاء عليه برنامج .. بل ملف لا يحتاج للتثبيت .. لايتعدى حجمه 910 كيلوبايت ..

لكن مهمته تقتصر على حذف الملف الأساسي .. وإرجاع خصائص اختفاء خيارات المجلد .. ومنع الوصول إلى الريجيستر .. فقط ..!!

للتحميل من

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

..

طريقة تشغيل البرنامج على حسب ..
بعض الأحيان لابد من تشغيل البرنامج في الوضع الآمن ..
أو في التشغيل العادي ..
أو في الإثنين ..
وسيساعدك كثيراً أيضا مكافح الفايروسات الجيد .. في التخلص منه ..

لماذا على حسب ؟؟
أعتقد من أنه بسبب وضع الفايرس نفسه في قائمة برامج بدء التشغيل .. ليست المعروفة في مجلد إبدأ .. بل في أمر Msconfig في أيقونة تشغيل .. وذلك لنشر فروعه المتخفية في المجلدات ..
فلايستطيع البرنامج حذف الملف وهو يعمل ..!!

ولتتأكد من حذف الملف الأساسي .. اذهب إلى أي مجلد .. ثم إلى أدوات .. ثم انظر هل يوجد زر "خيارات المجلد" .. فإن كان موجود .. فأعد تشغيل الجهاز ثم انظر ثانية هل هو موجود ..
فإن كان موجود .. فمبارك عليك حذف الفايرس .. !Clap

وإن كان غير كذلك فعليك بالإصرااااااااااااااااار .. والتكرار ..<<< خلك نشبه له (BB)

بعد حذف الملف الأساسي .. تبقى الفروع .. ( وهو الفايرس المتخفي بشكل ملف ويكون بداخل ملف ويحمل اسم الملف الذي فتحته .. )
ومهمته .. هو عند ضغطك له .. يبدأ بالإنتشار .. وتكوين ملف أساسي .. وترجع القصة .. (B)

إذا يتوجب عليك حذفها للسلامة ..

كيف ؟؟

أولاً..: بالطريقة اليدوية .. وهي تذهب لأي ملف .. ثم إذا رأيت ملف داخله بنفس اسم الملف الذي فتحته .. فعليك بحذفه ..

هذه الطريقة فيها كلافة عليك .. خصوصاً إذا كان البرنامج ملازم معاك منذ فترة في قائمة بدء التشغيل .. فيبدأ بنشر نفسه عن أي ملف تقوم بقتحه .. وعليك بالكرف ..

ثانياً..: عن طريق مكافح الفايروسات الجيد .. وأنصح بشدة في Kaspersky Anti-Virus 6.0 ..
فهو قوي أمين في هذه المهمة ..

منقوول للامانة

( كلمة مرور الملف المضغوط " sameh " ) ..

MAAX · 19 يونيو 2009

حمل هذا الملف وقوم بتشغيله

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

واتبع التالي كما موجود بالصور

ثانيا / ولتنظيف الجهاز بالكامل من مخلفات الملفات المؤقته وتصفح الانترنت
حمل الملف هذا واتبع الارشادات

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثالثا / وبعد الانتهاء منم جميع ما سبق ,, اعمل تقرير هايجاك جديد
وارفقه بردك القادم

ابوخضر · 20 يونيو 2009

شكرا ياخوان
الاستاذ maax عملنا المطلوب وهذا التقرير
Logfile of HijackThis v1.99.1
Scan saved at 01:15:11 ص, on 20/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\fahad\سطح المكتب\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\ar-xa\msntb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - Startup: Ela-Salaty.lnk = C:\Program Files\Ela-Salaty\Salaty.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

MAAX · 20 يونيو 2009

حمل اداة الكاسبر التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

بعد التحميل ،، دبل كلك وسيتم استخراج ملف الاداة الى مجلد بسطح المكتب لحظات وتبدأ الاداة بالعمل

تابع الشرح لفحص الجهاز وتنظيفه وارفاق التقرير

ثم قم بضغط التقرير ورفعه هنا>>>>

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

الملفات المخفيه حيرتنى

ابوخضر

زيزوومي جديد

ابـــو عــبــد الــلــه

زيزوومى فضى

توقيع : ابـــو عــبــد الــلــه

ابوخضر

زيزوومي جديد

AbOdy

عضو شرف

توقيع : AbOdy

ابوخضر

زيزوومي جديد

ابـــو عــبــد الــلــه

زيزوومى فضى

توقيع : ابـــو عــبــد الــلــه

ابوخضر

زيزوومي جديد

شيخ النمور

زيزوومي جديد

توقيع : شيخ النمور

MAAX

عضوشرف

ابوخضر

زيزوومي جديد

MAAX

عضوشرف

NTLite Business 2025.8.10552 X64