ComboFix 09-07-29.03 - ABU-YARA 07/30/2009 4:46.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1256.966.1033.18.3581.2499 [GMT 3:00]
Running from: c:\users\ABU-YARA\Documents\Downloads\Programs\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\$recycle.bin\S-1-5-21-3579858319-3112515140-2782184802-500
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.
2009-07-30 01:51 . 2009-07-30 01:51 -------- d-----w- c:\users\ABU-YARA\AppData\Local\temp
2009-07-30 01:15 . 2009-07-30 01:15 -------- d-----w- c:\program files\Trend Micro
2009-07-28 16:27 . 2009-07-28 16:27 -------- d-----w- c:\users\ABU-YARA\AppData\Roaming\CyberLink
2009-07-26 19:41 . 2009-07-26 19:43 -------- d-----w- c:\windows\system32\ca-ES
2009-07-26 19:41 . 2009-07-26 19:43 -------- d-----w- c:\windows\system32\eu-ES
2009-07-26 19:41 . 2009-07-26 19:42 -------- d-----w- c:\windows\system32\vi-VN
2009-07-26 18:50 . 2009-07-26 18:50 -------- d-----w- c:\windows\system32\EventProviders
2009-07-26 18:48 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-07-26 18:46 . 2009-04-11 06:28 327168 ----a-w- c:\windows\system32\P2PGraph.dll
2009-07-26 18:45 . 2009-04-11 06:32 149480 ----a-w- c:\windows\system32\drivers\pci.sys
2009-07-26 18:44 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-26 18:44 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-26 18:44 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-26 18:44 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-26 18:44 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-26 18:44 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-26 18:44 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-26 18:44 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-26 18:44 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-26 18:44 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-26 18:44 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-25 18:37 . 2009-07-25 18:37 -------- d-----w- c:\programdata\WindowsSearch
2009-07-25 00:23 . 2009-07-30 01:09 731648 ----a-w- c:\programdata\Vc Nurb That Dent\show iso.exe
2009-07-25 00:23 . 2009-07-25 00:23 730112 ----a-w- c:\programdata\dvd view\izvgynbi.exe
2009-07-23 19:53 . 2009-07-27 20:10 8270752 ----a-w- c:\users\ABU-YARA\AppData\Roaming\DataSafeDotNet.exe
2009-07-22 14:10 . 2009-07-22 14:10 8704 ----a-w- c:\users\ABU-YARA\AppData\Roaming\Thinstall\intocartoonpro\1000000700002i\hh.exe
2009-07-22 12:29 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-22 12:29 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-22 12:29 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-22 12:29 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-22 12:29 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-22 12:29 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-11 16:20 . 2009-07-11 16:20 761856 ----a-w- c:\programdata\dvd view\vwkbmhhh.exe
2009-07-11 16:19 . 2009-07-25 00:22 577536 ----a-w- c:\programdata\dvd view\Bits less software.exe
2009-07-10 02:14 . 2009-07-10 02:14 -------- d-----w- c:\users\ABU-YARA\.webrenderer
2009-07-09 03:09 . 2009-07-09 03:09 -------- d-----w- c:\users\ABU-YARA\AppData\Local\Adobe
2009-07-09 02:52 . 2009-07-22 14:05 -------- d-----w- c:\users\ABU-YARA\AppData\Roaming\Thinstall
2009-07-09 02:52 . 2009-07-09 02:52 -------- d-----w- c:\users\ABU-YARA\AppData\Local\Thinstall
2009-07-01 20:59 . 2009-07-01 20:59 -------- d-----w- c:\users\ABU-YARA\AppData\Roaming\Reallusion
2009-07-01 20:59 . 2009-07-01 20:59 -------- d-----w- c:\users\ABU-YARA\AppData\Roaming\tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 01:52 . 2009-06-20 10:03 -------- d-----w- c:\users\ABU-YARA\AppData\Roaming\DMCache
2009-07-29 19:31 . 2009-04-27 09:37 2140 ----a-w- c:\windows\bthservsdp.dat
2009-07-27 20:11 . 2009-04-27 02:20 -------- d-----w- c:\program files\Dell DataSafe Online
2009-07-26 19:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-26 19:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-26 19:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-26 19:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-26 19:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-26 19:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-26 19:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-26 19:41 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-26 19:02 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-25 16:41 . 2009-06-22 10:45 27620 ----a-w- c:\users\ABU-YARA\AppData\Roaming\nvModes.dat
2009-07-25 00:23 . 2009-06-20 10:15 323584 ----a-w- c:\programdata\dvd view\else thunk bib global.exe
2009-07-25 00:23 . 2009-06-20 10:15 -------- d-----w- c:\programdata\Vc Nurb That Dent
2009-07-25 00:23 . 2009-06-20 10:14 -------- d-----w- c:\programdata\dvd view
2009-07-24 11:02 . 2009-04-27 01:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-24 11:02 . 2009-04-27 02:00 -------- d-----w- c:\program files\Creative
2009-07-24 10:56 . 2009-06-21 12:26 -------- d-----w- c:\program files\VideoLAN
2009-07-24 10:54 . 2009-06-21 18:50 -------- d-----w- c:\users\ABU-YARA\AppData\Roaming\dvdcss
2009-07-21 21:52 . 2009-07-29 17:52 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 17:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 17:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 17:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-11 16:19 . 2009-06-20 10:14 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-29 07:45 . 2009-06-21 17:38 7592 ----a-w- c:\users\ABU-YARA\AppData\Local\d3d9caps.dat
2009-06-25 23:35 . 2009-06-22 21:19 -------- d-----w- c:\programdata\Roxio
2009-06-23 17:15 . 2009-06-20 11:12 -------- d-----w- c:\programdata\Messenger Plus!
2009-06-23 11:20 . 2009-04-27 02:16 -------- d-----w- c:\program files\Roxio
2009-06-22 21:19 . 2009-06-22 21:19 -------- d-----w- c:\users\ABU-YARA\AppData\Roaming\Roxio
2009-06-21 18:41 . 2009-06-20 10:03 -------- d-----w- c:\users\ABU-YARA\AppData\Roaming\IDM
2009-06-20 17:52 . 2009-06-20 10:03 -------- d-----w- c:\program files\Internet Download Manager
2009-06-20 16:37 . 2009-06-20 16:37 -------- d-----w- c:\program files\ESET
2009-06-20 16:16 . 2009-06-20 16:16 181680 ----a-w- c:\users\ABU-YARA\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
2009-06-20 16:08 . 2009-06-20 16:07 -------- d-----w- c:\users\ABU-YARA\AppData\Roaming\Media Player Classic
2009-06-20 10:22 . 2009-06-20 10:22 -------- d-----w- c:\program files\XP Codec Pack
2009-06-20 10:21 . 2009-06-20 10:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-20 10:14 . 2009-06-20 10:14 -------- d-----w- c:\program files\Circle Developemet
2009-06-20 10:12 . 2009-04-27 02:15 -------- d-----w- c:\programdata\Dell
2009-06-20 10:11 . 2009-06-20 10:10 -------- d-----w- c:\program files\Windows Live
2009-06-20 10:10 . 2009-06-20 10:10 -------- d-----w- c:\program files\Microsoft
2009-06-20 10:10 . 2009-06-20 10:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-20 10:04 . 2009-06-20 10:04 198064 ----a-w- c:\users\ABU-YARA\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-06-20 10:02 . 2009-06-20 10:02 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-20 09:58 . 2009-06-20 09:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-20 08:35 . 2009-04-27 02:38 -------- d-----w- c:\programdata\NVIDIA
2009-06-20 08:33 . 2009-06-20 08:33 -------- d-----w- c:\users\ABU-YARA\AppData\Roaming\Dell
2009-06-20 08:33 . 2009-06-20 08:33 48600 ----a-w- c:\users\ABU-YARA\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-20 08:29 . 2009-06-20 08:29 -------- d-sh--we c:\programdata\Templates
2009-06-20 08:29 . 2009-06-20 08:29 -------- d-sh--we c:\programdata\Start Menu
2009-06-20 08:29 . 2009-06-20 08:29 -------- d-sh--we c:\programdata\Favorites
2009-06-20 08:29 . 2009-06-20 08:29 -------- d-sh--we c:\programdata\Documents
2009-06-20 08:29 . 2009-06-20 08:29 -------- d-sh--we c:\programdata\Desktop
2009-05-14 12:49 . 2009-05-14 12:49 38240 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2009-05-14 12:49 . 2009-05-14 12:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 12:49 . 2009-05-14 12:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 12:47 . 2009-05-14 12:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 12:41 . 2009-05-14 12:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-04-27 17:03 . 2009-04-27 16:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eq List"="c:\programdata\title dent dent.hwd8ag5" [X]
"That dent five else"="c:\programdata\rect bend open.2mtm5" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-06-20 2745776]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-25 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-25 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-29 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-4-27 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ef,e8,a4,b3,2a,0e,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{26CC8525-B2EA-47CA-9878-940620CBE56F}"= c:\program files\Dell\MediaDirect\MediaDirect.exe
ell MediaDirect
"{5554985B-BD4D-4F15-ACC5-E0A39AF6E85C}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{0A279419-4D0F-4FD1-8E14-D7AFEE193B62}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{5D257EED-16BD-44C4-8B49-9B1BDA3AB16C}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14/05/09 03:47 م 107256]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [27/04/09 12:35 م 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [18/12/08 08:05 ص 155648]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14/05/09 03:47 م 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [14/05/09 03:49 م 38240]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [27/04/09 08:27 م 179712]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [27/04/09 08:27 م 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [27/04/09 08:27 م 7424]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [05/11/08 02:16 ص 22904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} - hxxp://174.37.178.26:1999/ReadUid.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-07-30 04:51
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2180)
c:\program files\Internet Download Manager\IDMIECC.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\BtwNamespaceExt.dll
c:\windows\system32\BtwNeLib.dll
c:\windows\system32\btwapi.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btrez.dll
.
Completion time: 2009-07-30 4:54
ComboFix-quarantined-files.txt 2009-07-30 01:54
Pre-Run: 170,890,604,544 bytes free
Post-Run: 170,936,496,128 bytes free
234 --- E O F --- 2009-07-29 17:55
------------------------------------------------------------------------
تقرير الهايجك الجديدهو كالتالي :-
-----------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:04:33 ص, on 30/07/09
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Eq List] "C:\ProgramData\title dent dent.hwd8ag5"
O4 - HKCU\..\Run: [That dent five else] "C:\ProgramData\rect bend open.2mtm5"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) -
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7100 bytes
.png)
.png)
