.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:12:15 م, on 29/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3688A0D-AC67-4991-A9B0-149A27C8A2BC}: NameServer = 212.72.1.186 212.72.23.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
--
End of file - 9491 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 1224
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 29/11/2008 06:10:03 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 388 K
Mem Usage Peak : 480 K
Page Faults : 212
Pagefile Usage : 168 K
Pagefile Peak Usage : 1676 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 1528
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 29/11/2008 06:10:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5152 K
Mem Usage Peak : 5164 K
Page Faults : 10741
Pagefile Usage : 1796 K
Pagefile Peak Usage : 1796 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 1552
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5564 K
Mem Usage Peak : 14108 K
Page Faults : 6823
Pagefile Usage : 6672 K
Pagefile Peak Usage : 8540 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1596
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 03/08/2004 07:56:56 م
File Modified Date : 03/08/2004 07:56:56 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4212 K
Mem Usage Peak : 4244 K
Page Faults : 1465
Pagefile Usage : 2152 K
Pagefile Peak Usage : 2252 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1608
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 03/08/2004 07:56:52 م
File Modified Date : 03/08/2004 07:56:52 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1884 K
Mem Usage Peak : 4840 K
Page Faults : 10747
Pagefile Usage : 3928 K
Pagefile Peak Usage : 4088 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1756
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5144 K
Mem Usage Peak : 5216 K
Page Faults : 1590
Pagefile Usage : 2904 K
Pagefile Peak Usage : 23528 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1800
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:08 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4420 K
Mem Usage Peak : 4420 K
Page Faults : 1293
Pagefile Usage : 2024 K
Pagefile Peak Usage : 2052 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1840
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 23612 K
Mem Usage Peak : 24164 K
Page Faults : 21995
Pagefile Usage : 14616 K
Pagefile Peak Usage : 16252 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 2004
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:09 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4284 K
Mem Usage Peak : 4300 K
Page Faults : 1187
Pagefile Usage : 2304 K
Pagefile Peak Usage : 2352 K
File Attributes : A
==================================================
==================================================
Process Name : brsvc01a.exe
ProcessID : 560
Priority : Normal
Product Name : brother Industries Ltd brsvc01a
Version : 1, 0, 0, 3
Description : brsvc01a
Company : brother Industries Ltd
Window Title :
File Size : 57,344
File Created Date : 20/10/2008 08:48:32 ص
File Modified Date : 12/04/2002 09:00:00 ص
Filename : C:\WINDOWS\system32\brsvc01a.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:10:09 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1452 K
Mem Usage Peak : 1456 K
Page Faults : 395
Pagefile Usage : 452 K
Pagefile Peak Usage : 456 K
File Attributes : A
==================================================
==================================================
Process Name : brss01a.exe
ProcessID : 596
Priority : Normal
Product Name : brother Industries Ltd brss01a.exe
Version : 1.004
Description : brss01a.exe
Company : brother Industries Ltd
Window Title :
File Size : 45,056
File Created Date : 20/10/2008 08:48:31 ص
File Modified Date : 13/12/2001 09:01:00 ص
Filename : C:\WINDOWS\system32\brss01a.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:10:09 م
Visible Windows : 0
Hidden Windows : 2
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2196 K
Mem Usage Peak : 2196 K
Page Faults : 597
Pagefile Usage : 648 K
Pagefile Peak Usage : 648 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 604
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:09 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7456 K
Mem Usage Peak : 7576 K
Page Faults : 2322
Pagefile Usage : 5744 K
Pagefile Peak Usage : 5952 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 1304
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,032,192
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 29/11/2008 06:10:23 م
Visible Windows : 6
Hidden Windows : 25
User Name : USER\Administrator
Mem Usage : 32744 K
Mem Usage Peak : 34880 K
Page Faults : 38682
Pagefile Usage : 19464 K
Pagefile Peak Usage : 23768 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1392
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.357
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 201,992
File Created Date : 25/04/2008 02:21:30 م
File Modified Date : 25/04/2008 02:21:30 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:10:24 م
Visible Windows : 0
Hidden Windows : 6
User Name : USER\Administrator
Mem Usage : 5168 K
Mem Usage Peak : 20672 K
Page Faults : 20160
Pagefile Usage : 15976 K
Pagefile Peak Usage : 18744 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 1404
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.1.45
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 30/09/2008 07:57:50 م
File Modified Date : 30/09/2008 07:57:50 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:10:24 م
Visible Windows : 0
Hidden Windows : 2
User Name : USER\Administrator
Mem Usage : 316 K
Mem Usage Peak : 2864 K
Page Faults : 15250
Pagefile Usage : 988 K
Pagefile Peak Usage : 1012 K
File Attributes :
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 1416
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:10:24 م
Visible Windows : 0
Hidden Windows : 5
User Name : USER\Administrator
Mem Usage : 3268 K
Mem Usage Peak : 3272 K
Page Faults : 1070
Pagefile Usage : 980 K
Pagefile Peak Usage : 992 K
File Attributes : A
==================================================
==================================================
Process Name : msnmsgr.exe
ProcessID : 1424
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,674,352
File Created Date : 19/01/2007 08:55:14 ص
File Modified Date : 19/01/2007 08:55:14 ص
Filename : C:\Program Files\MSN Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:10:24 م
Visible Windows : 1
Hidden Windows : 29
User Name : USER\Administrator
Mem Usage : 6212 K
Mem Usage Peak : 25596 K
Page Faults : 12577
Pagefile Usage : 15556 K
Pagefile Peak Usage : 16068 K
File Attributes :
==================================================
==================================================
Process Name : avp.exe
ProcessID : 348
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.357
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 201,992
File Created Date : 25/04/2008 02:21:30 م
File Modified Date : 25/04/2008 02:21:30 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:12:24 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 37304 K
Mem Usage Peak : 115844 K
Page Faults : 433582
Pagefile Usage : 57596 K
Pagefile Peak Usage : 124692 K
File Attributes : A
==================================================
==================================================
Process Name : btwdins.exe
ProcessID : 364
Priority : Normal
Product Name : Bluetooth Software 4.0.1.1500
Version : 4.0.1.1500
Description : Bluetooth Support Server
Company : Broadcom Corporation.
Window Title :
File Size : 254,007
File Created Date : 29/03/2005 12:20:28 م
File Modified Date : 29/03/2005 12:20:28 م
Filename : C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:12:27 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2944 K
Mem Usage Peak : 3300 K
Page Faults : 1690
Pagefile Usage : 2084 K
Pagefile Peak Usage : 2276 K
File Attributes : A
==================================================
==================================================
Process Name : crypserv.exe
ProcessID : 384
Priority : High
Product Name : CrypKey Software Licensing System
Version : 5.4.0
Description : CrypKey NT Service
Company : Kenonic Controls Ltd.
Window Title :
File Size : 52,224
File Created Date : 13/09/2008 06:50:53 ص
File Modified Date : 29/06/2000 08:45:10 ص
Filename : C:\WINDOWS\system32\crypserv.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:12:27 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1904 K
Mem Usage Peak : 1904 K
Page Faults : 513
Pagefile Usage : 876 K
Pagefile Peak Usage : 876 K
File Attributes : A
==================================================
==================================================
Process Name : LSSrvc.exe
ProcessID : 460
Priority : Normal
Product Name : LightScribe
Version : 1.4.124.1
Description :
Company : Hewlett-Packard Company
Window Title :
File Size : 61,440
File Created Date : 19/10/2006 09:52:24 ص
File Modified Date : 19/10/2006 09:52:24 ص
Filename : C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:12:27 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2500 K
Mem Usage Peak : 2500 K
Page Faults : 654
Pagefile Usage : 800 K
Pagefile Peak Usage : 800 K
File Attributes : A
==================================================
==================================================
Process Name : MDM.EXE
ProcessID : 480
Priority : Normal
Product Name : Microsoft® Visual Studio .NET
Version : 7.00.9466
Description : Machine Debug Manager
Company : Microsoft Corporation
Window Title :
File Size : 322,120
File Created Date : 19/06/2003 08:25:00 م
File Modified Date : 19/06/2003 08:25:00 م
Filename : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Base Address : 0x00400000
Created On : 29/11/2008 06:12:27 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2828 K
Mem Usage Peak : 2840 K
Page Faults : 854
Pagefile Usage : 988 K
Pagefile Peak Usage : 1004 K
File Attributes : A
==================================================
==================================================
Process Name : sqlservr.exe
ProcessID : 680
Priority : Normal
Product Name : Microsoft SQL Server
Version : 2000.080.0194.00
Description : SQL Server Windows NT
Company : Microsoft Corporation
Window Title :
File Size : 7,442,493
File Created Date : 05/08/2000 09:50:20 م
File Modified Date : 05/08/2000 09:50:20 م
Filename : C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:12:28 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7540 K
Mem Usage Peak : 7540 K
Page Faults : 2083
Pagefile Usage : 17792 K
Pagefile Peak Usage : 17864 K
File Attributes : A
==================================================
==================================================
Process Name : SMAgent.exe
ProcessID : 800
Priority : Normal
Product Name : SoundMAX service agent
Version : 3, 2, 6, 0
Description : SoundMAX service agent component
Company : Analog Devices, Inc.
Window Title :
File Size : 45,056
File Created Date : 13/09/2008 06:04:56 ص
File Modified Date : 20/09/2002 11:50:10 ص
Filename : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:12:34 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1744 K
Mem Usage Peak : 1744 K
Page Faults : 472
Pagefile Usage : 604 K
Pagefile Peak Usage : 604 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 2260
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 03/08/2004 07:56:48 م
File Modified Date : 03/08/2004 07:56:48 م
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:13:01 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3476 K
Mem Usage Peak : 3476 K
Page Faults : 928
Pagefile Usage : 1208 K
Pagefile Peak Usage : 1212 K
File Attributes : A
==================================================
==================================================
Process Name : OUTLOOK.EXE
ProcessID : 876
Priority : Normal
Product Name : Microsoft Office Outlook
Version : 12.0.4518.1014
Description : Microsoft Office Outlook
Company : Microsoft Corporation
Window Title : علبة البريد - Microsoft Outlook
File Size : 12,813,096
File Created Date : 27/10/2006 11:16:48 ص
File Modified Date : 27/10/2006 11:16:48 ص
Filename : C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Base Address : 0x30000000
Created On : 29/11/2008 06:16:53 م
Visible Windows : 1
Hidden Windows : 43
User Name : USER\Administrator
Mem Usage : 8412 K
Mem Usage Peak : 65836 K
Page Faults : 98341
Pagefile Usage : 70640 K
Pagefile Peak Usage : 74720 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 2432
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 637,984
File Created Date : 21/08/2008 11:16:40 م
File Modified Date : 21/08/2008 11:16:40 م
Filename : C:\Program Files\internet explorer\iexplore.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:18:11 م
Visible Windows : 1
Hidden Windows : 19
User Name : USER\Administrator
Mem Usage : 2528 K
Mem Usage Peak : 17316 K
Page Faults : 40538
Pagefile Usage : 16812 K
Pagefile Peak Usage : 18412 K
File Attributes :
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 1720
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 637,984
File Created Date : 21/08/2008 11:16:40 م
File Modified Date : 21/08/2008 11:16:40 م
Filename : C:\Program Files\internet explorer\iexplore.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:18:16 م
Visible Windows : 0
Hidden Windows : 45
User Name : USER\Administrator
Mem Usage : 101132 K
Mem Usage Peak : 102232 K
Page Faults : 111279
Pagefile Usage : 91500 K
Pagefile Peak Usage : 92676 K
File Attributes :
==================================================
==================================================
Process Name : WLLoginProxy.exe
ProcessID : 2784
Priority : Normal
Product Name : Microsoft® Windows Live Login Helper
Version : 4.100.313.1
Description : WLLoginProxy.exe
Company : Microsoft Corporation
Window Title :
File Size : 115,024
File Created Date : 31/08/2006 04:33:02 م
File Modified Date : 31/08/2006 04:33:02 م
Filename : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:18:42 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER\Administrator
Mem Usage : 7540 K
Mem Usage Peak : 7544 K
Page Faults : 2027
Pagefile Usage : 4872 K
Pagefile Peak Usage : 4920 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 300
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : 16% of ..._Media_Studio_7.5_Full.rar from rs487l3.rapidshare.com Completed
File Size : 637,984
File Created Date : 21/08/2008 11:16:40 م
File Modified Date : 21/08/2008 11:16:40 م
Filename : C:\Program Files\internet explorer\iexplore.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:22:46 م
Visible Windows : 1
Hidden Windows : 30
User Name : USER\Administrator
Mem Usage : 4976 K
Mem Usage Peak : 58700 K
Page Faults : 101507
Pagefile Usage : 56616 K
Pagefile Peak Usage : 57652 K
File Attributes :
==================================================
==================================================
Process Name : runn.exe
ProcessID : 792
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 29/11/2008 03:11:32 م
File Modified Date : 31/01/2008 09:24:25 م
Filename : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 29/11/2008 07:11:32 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER\Administrator
Mem Usage : 2052 K
Mem Usage Peak : 2068 K
Page Faults : 611
Pagefile Usage : 680 K
Pagefile Peak Usage : 760 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 2956
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 29/11/2008 07:11:36 م
Visible Windows : 0
Hidden Windows : 1
User Name : USER\Administrator
Mem Usage : 2780 K
Mem Usage Peak : 2844 K
Page Faults : 801
Pagefile Usage : 2060 K
Pagefile Peak Usage : 2136 K
File Attributes : A
==================================================
==================================================
Process Name : ntvdm.exe
ProcessID : 3576
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : NTVDM.EXE
Company : Microsoft Corporation
Window Title :
File Size : 419,840
File Created Date : 03/08/2004 07:56:56 م
File Modified Date : 03/08/2004 07:56:56 م
Filename : C:\WINDOWS\system32\ntvdm.exe
Base Address : 0x0F000000
Created On : 29/11/2008 07:11:39 م
Visible Windows : 0
Hidden Windows : 4
User Name : USER\Administrator
Mem Usage : 1088 K
Mem Usage Peak : 5088 K
Page Faults : 1832
Pagefile Usage : 2296 K
Pagefile Peak Usage : 2320 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 280
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 637,984
File Created Date : 21/08/2008 11:16:40 م
File Modified Date : 21/08/2008 11:16:40 م
Filename : C:\Program Files\internet explorer\iexplore.exe
Base Address : 0x00400000
Created On : 29/11/2008 07:11:59 م
Visible Windows : 0
Hidden Windows : 32
User Name : USER\Administrator
Mem Usage : 30004 K
Mem Usage Peak : 30072 K
Page Faults : 13377
Pagefile Usage : 22400 K
Pagefile Peak Usage : 22560 K
File Attributes :
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 1232
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 13/09/2008 05:47:21 ص
File Modified Date : 04/08/2004 04:00:00 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 29/11/2008 07:12:10 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5524 K
Mem Usage Peak : 5524 K
Page Faults : 1437
Pagefile Usage : 2960 K
Pagefile Peak Usage : 2960 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 1252
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 29/11/2008 03:11:32 م
File Modified Date : 14/07/2005 03:46:34 ص
Filename : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 29/11/2008 07:12:15 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER\Administrator
Mem Usage : 2092 K
Mem Usage Peak : 2144 K
Page Faults : 939
Pagefile Usage : 936 K
Pagefile Peak Usage : 992 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
sprestrt
sprestrt
Restores registry to restart GUI-mode part of setup
Microsoft Corporation
5.01.2600.0000
c:\windows\system32\sprestrt.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
explorer.exe
explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
8.00.0000.0357
c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0001.0045
c:\program files\common files\real\update_ob\realsched.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
msnmsgr
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Messenger
Microsoft Corporation
8.01.0178.0000
c:\program files\msn messenger\msnmsgr.exe
Task Scheduler
At1.job
C:\WINDOWS\system32\SSVICHOSST.exe
File not found: C:\WINDOWS\system32\SSVICHOSST.exe
At2.job
C:\WINDOWS\system32\SSVICHOSST.exe
File not found: C:\WINDOWS\system32\SSVICHOSST.exe
User_Feed_Synchronization-{9449197F-7ADF-4AC2-9D9E-40DE2236059A}.job
C:\WINDOWS\system32\msfeedssync.exe sync
Microsoft Feeds Synchronization
Microsoft Corporation
8.00.6001.18241
c:\windows\system32\msfeedssync.exe
User_Feed_Synchronization-{BCF5D7E8-E78A-453F-A1CE-B9E55388D971}.job
C:\WINDOWS\system32\msfeedssync.exe sync
Microsoft Feeds Synchronization
Microsoft Corporation
8.00.6001.18241
c:\windows\system32\msfeedssync.exe
.
.
----------- End Report ---------------
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:12:15 م, on 29/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3688A0D-AC67-4991-A9B0-149A27C8A2BC}: NameServer = 212.72.1.186 212.72.23.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
--
End of file - 9491 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 1224
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 29/11/2008 06:10:03 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 388 K
Mem Usage Peak : 480 K
Page Faults : 212
Pagefile Usage : 168 K
Pagefile Peak Usage : 1676 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 1528
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 29/11/2008 06:10:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5152 K
Mem Usage Peak : 5164 K
Page Faults : 10741
Pagefile Usage : 1796 K
Pagefile Peak Usage : 1796 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 1552
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5564 K
Mem Usage Peak : 14108 K
Page Faults : 6823
Pagefile Usage : 6672 K
Pagefile Peak Usage : 8540 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1596
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 03/08/2004 07:56:56 م
File Modified Date : 03/08/2004 07:56:56 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4212 K
Mem Usage Peak : 4244 K
Page Faults : 1465
Pagefile Usage : 2152 K
Pagefile Peak Usage : 2252 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1608
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 03/08/2004 07:56:52 م
File Modified Date : 03/08/2004 07:56:52 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:07 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1884 K
Mem Usage Peak : 4840 K
Page Faults : 10747
Pagefile Usage : 3928 K
Pagefile Peak Usage : 4088 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1756
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5144 K
Mem Usage Peak : 5216 K
Page Faults : 1590
Pagefile Usage : 2904 K
Pagefile Peak Usage : 23528 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1800
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:08 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4420 K
Mem Usage Peak : 4420 K
Page Faults : 1293
Pagefile Usage : 2024 K
Pagefile Peak Usage : 2052 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1840
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 23612 K
Mem Usage Peak : 24164 K
Page Faults : 21995
Pagefile Usage : 14616 K
Pagefile Peak Usage : 16252 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 2004
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:09 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4284 K
Mem Usage Peak : 4300 K
Page Faults : 1187
Pagefile Usage : 2304 K
Pagefile Peak Usage : 2352 K
File Attributes : A
==================================================
==================================================
Process Name : brsvc01a.exe
ProcessID : 560
Priority : Normal
Product Name : brother Industries Ltd brsvc01a
Version : 1, 0, 0, 3
Description : brsvc01a
Company : brother Industries Ltd
Window Title :
File Size : 57,344
File Created Date : 20/10/2008 08:48:32 ص
File Modified Date : 12/04/2002 09:00:00 ص
Filename : C:\WINDOWS\system32\brsvc01a.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:10:09 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1452 K
Mem Usage Peak : 1456 K
Page Faults : 395
Pagefile Usage : 452 K
Pagefile Peak Usage : 456 K
File Attributes : A
==================================================
==================================================
Process Name : brss01a.exe
ProcessID : 596
Priority : Normal
Product Name : brother Industries Ltd brss01a.exe
Version : 1.004
Description : brss01a.exe
Company : brother Industries Ltd
Window Title :
File Size : 45,056
File Created Date : 20/10/2008 08:48:31 ص
File Modified Date : 13/12/2001 09:01:00 ص
Filename : C:\WINDOWS\system32\brss01a.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:10:09 م
Visible Windows : 0
Hidden Windows : 2
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2196 K
Mem Usage Peak : 2196 K
Page Faults : 597
Pagefile Usage : 648 K
Pagefile Peak Usage : 648 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 604
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 03/08/2004 07:56:58 م
File Modified Date : 03/08/2004 07:56:58 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:10:09 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7456 K
Mem Usage Peak : 7576 K
Page Faults : 2322
Pagefile Usage : 5744 K
Pagefile Peak Usage : 5952 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 1304
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,032,192
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 29/11/2008 06:10:23 م
Visible Windows : 6
Hidden Windows : 25
User Name : USER\Administrator
Mem Usage : 32744 K
Mem Usage Peak : 34880 K
Page Faults : 38682
Pagefile Usage : 19464 K
Pagefile Peak Usage : 23768 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1392
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.357
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 201,992
File Created Date : 25/04/2008 02:21:30 م
File Modified Date : 25/04/2008 02:21:30 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:10:24 م
Visible Windows : 0
Hidden Windows : 6
User Name : USER\Administrator
Mem Usage : 5168 K
Mem Usage Peak : 20672 K
Page Faults : 20160
Pagefile Usage : 15976 K
Pagefile Peak Usage : 18744 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 1404
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.1.45
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 30/09/2008 07:57:50 م
File Modified Date : 30/09/2008 07:57:50 م
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:10:24 م
Visible Windows : 0
Hidden Windows : 2
User Name : USER\Administrator
Mem Usage : 316 K
Mem Usage Peak : 2864 K
Page Faults : 15250
Pagefile Usage : 988 K
Pagefile Peak Usage : 1012 K
File Attributes :
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 1416
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:10:24 م
Visible Windows : 0
Hidden Windows : 5
User Name : USER\Administrator
Mem Usage : 3268 K
Mem Usage Peak : 3272 K
Page Faults : 1070
Pagefile Usage : 980 K
Pagefile Peak Usage : 992 K
File Attributes : A
==================================================
==================================================
Process Name : msnmsgr.exe
ProcessID : 1424
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,674,352
File Created Date : 19/01/2007 08:55:14 ص
File Modified Date : 19/01/2007 08:55:14 ص
Filename : C:\Program Files\MSN Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:10:24 م
Visible Windows : 1
Hidden Windows : 29
User Name : USER\Administrator
Mem Usage : 6212 K
Mem Usage Peak : 25596 K
Page Faults : 12577
Pagefile Usage : 15556 K
Pagefile Peak Usage : 16068 K
File Attributes :
==================================================
==================================================
Process Name : avp.exe
ProcessID : 348
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.357
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 201,992
File Created Date : 25/04/2008 02:21:30 م
File Modified Date : 25/04/2008 02:21:30 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:12:24 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 37304 K
Mem Usage Peak : 115844 K
Page Faults : 433582
Pagefile Usage : 57596 K
Pagefile Peak Usage : 124692 K
File Attributes : A
==================================================
==================================================
Process Name : btwdins.exe
ProcessID : 364
Priority : Normal
Product Name : Bluetooth Software 4.0.1.1500
Version : 4.0.1.1500
Description : Bluetooth Support Server
Company : Broadcom Corporation.
Window Title :
File Size : 254,007
File Created Date : 29/03/2005 12:20:28 م
File Modified Date : 29/03/2005 12:20:28 م
Filename : C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:12:27 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2944 K
Mem Usage Peak : 3300 K
Page Faults : 1690
Pagefile Usage : 2084 K
Pagefile Peak Usage : 2276 K
File Attributes : A
==================================================
==================================================
Process Name : crypserv.exe
ProcessID : 384
Priority : High
Product Name : CrypKey Software Licensing System
Version : 5.4.0
Description : CrypKey NT Service
Company : Kenonic Controls Ltd.
Window Title :
File Size : 52,224
File Created Date : 13/09/2008 06:50:53 ص
File Modified Date : 29/06/2000 08:45:10 ص
Filename : C:\WINDOWS\system32\crypserv.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:12:27 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1904 K
Mem Usage Peak : 1904 K
Page Faults : 513
Pagefile Usage : 876 K
Pagefile Peak Usage : 876 K
File Attributes : A
==================================================
==================================================
Process Name : LSSrvc.exe
ProcessID : 460
Priority : Normal
Product Name : LightScribe
Version : 1.4.124.1
Description :
Company : Hewlett-Packard Company
Window Title :
File Size : 61,440
File Created Date : 19/10/2006 09:52:24 ص
File Modified Date : 19/10/2006 09:52:24 ص
Filename : C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:12:27 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2500 K
Mem Usage Peak : 2500 K
Page Faults : 654
Pagefile Usage : 800 K
Pagefile Peak Usage : 800 K
File Attributes : A
==================================================
==================================================
Process Name : MDM.EXE
ProcessID : 480
Priority : Normal
Product Name : Microsoft® Visual Studio .NET
Version : 7.00.9466
Description : Machine Debug Manager
Company : Microsoft Corporation
Window Title :
File Size : 322,120
File Created Date : 19/06/2003 08:25:00 م
File Modified Date : 19/06/2003 08:25:00 م
Filename : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Base Address : 0x00400000
Created On : 29/11/2008 06:12:27 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2828 K
Mem Usage Peak : 2840 K
Page Faults : 854
Pagefile Usage : 988 K
Pagefile Peak Usage : 1004 K
File Attributes : A
==================================================
==================================================
Process Name : sqlservr.exe
ProcessID : 680
Priority : Normal
Product Name : Microsoft SQL Server
Version : 2000.080.0194.00
Description : SQL Server Windows NT
Company : Microsoft Corporation
Window Title :
File Size : 7,442,493
File Created Date : 05/08/2000 09:50:20 م
File Modified Date : 05/08/2000 09:50:20 م
Filename : C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:12:28 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 7540 K
Mem Usage Peak : 7540 K
Page Faults : 2083
Pagefile Usage : 17792 K
Pagefile Peak Usage : 17864 K
File Attributes : A
==================================================
==================================================
Process Name : SMAgent.exe
ProcessID : 800
Priority : Normal
Product Name : SoundMAX service agent
Version : 3, 2, 6, 0
Description : SoundMAX service agent component
Company : Analog Devices, Inc.
Window Title :
File Size : 45,056
File Created Date : 13/09/2008 06:04:56 ص
File Modified Date : 20/09/2002 11:50:10 ص
Filename : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:12:34 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1744 K
Mem Usage Peak : 1744 K
Page Faults : 472
Pagefile Usage : 604 K
Pagefile Peak Usage : 604 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 2260
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 03/08/2004 07:56:48 م
File Modified Date : 03/08/2004 07:56:48 م
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:13:01 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3476 K
Mem Usage Peak : 3476 K
Page Faults : 928
Pagefile Usage : 1208 K
Pagefile Peak Usage : 1212 K
File Attributes : A
==================================================
==================================================
Process Name : OUTLOOK.EXE
ProcessID : 876
Priority : Normal
Product Name : Microsoft Office Outlook
Version : 12.0.4518.1014
Description : Microsoft Office Outlook
Company : Microsoft Corporation
Window Title : علبة البريد - Microsoft Outlook
File Size : 12,813,096
File Created Date : 27/10/2006 11:16:48 ص
File Modified Date : 27/10/2006 11:16:48 ص
Filename : C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Base Address : 0x30000000
Created On : 29/11/2008 06:16:53 م
Visible Windows : 1
Hidden Windows : 43
User Name : USER\Administrator
Mem Usage : 8412 K
Mem Usage Peak : 65836 K
Page Faults : 98341
Pagefile Usage : 70640 K
Pagefile Peak Usage : 74720 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 2432
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
- Windows Internet ExplorerFile Size : 637,984
File Created Date : 21/08/2008 11:16:40 م
File Modified Date : 21/08/2008 11:16:40 م
Filename : C:\Program Files\internet explorer\iexplore.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:18:11 م
Visible Windows : 1
Hidden Windows : 19
User Name : USER\Administrator
Mem Usage : 2528 K
Mem Usage Peak : 17316 K
Page Faults : 40538
Pagefile Usage : 16812 K
Pagefile Peak Usage : 18412 K
File Attributes :
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 1720
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 637,984
File Created Date : 21/08/2008 11:16:40 م
File Modified Date : 21/08/2008 11:16:40 م
Filename : C:\Program Files\internet explorer\iexplore.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:18:16 م
Visible Windows : 0
Hidden Windows : 45
User Name : USER\Administrator
Mem Usage : 101132 K
Mem Usage Peak : 102232 K
Page Faults : 111279
Pagefile Usage : 91500 K
Pagefile Peak Usage : 92676 K
File Attributes :
==================================================
==================================================
Process Name : WLLoginProxy.exe
ProcessID : 2784
Priority : Normal
Product Name : Microsoft® Windows Live Login Helper
Version : 4.100.313.1
Description : WLLoginProxy.exe
Company : Microsoft Corporation
Window Title :
File Size : 115,024
File Created Date : 31/08/2006 04:33:02 م
File Modified Date : 31/08/2006 04:33:02 م
Filename : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
Base Address : 0x01000000
Created On : 29/11/2008 06:18:42 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER\Administrator
Mem Usage : 7540 K
Mem Usage Peak : 7544 K
Page Faults : 2027
Pagefile Usage : 4872 K
Pagefile Peak Usage : 4920 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 300
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : 16% of ..._Media_Studio_7.5_Full.rar from rs487l3.rapidshare.com Completed
File Size : 637,984
File Created Date : 21/08/2008 11:16:40 م
File Modified Date : 21/08/2008 11:16:40 م
Filename : C:\Program Files\internet explorer\iexplore.exe
Base Address : 0x00400000
Created On : 29/11/2008 06:22:46 م
Visible Windows : 1
Hidden Windows : 30
User Name : USER\Administrator
Mem Usage : 4976 K
Mem Usage Peak : 58700 K
Page Faults : 101507
Pagefile Usage : 56616 K
Pagefile Peak Usage : 57652 K
File Attributes :
==================================================
==================================================
Process Name : runn.exe
ProcessID : 792
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 29/11/2008 03:11:32 م
File Modified Date : 31/01/2008 09:24:25 م
Filename : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 29/11/2008 07:11:32 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER\Administrator
Mem Usage : 2052 K
Mem Usage Peak : 2068 K
Page Faults : 611
Pagefile Usage : 680 K
Pagefile Peak Usage : 760 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 2956
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 03/08/2004 07:56:50 م
File Modified Date : 03/08/2004 07:56:50 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 29/11/2008 07:11:36 م
Visible Windows : 0
Hidden Windows : 1
User Name : USER\Administrator
Mem Usage : 2780 K
Mem Usage Peak : 2844 K
Page Faults : 801
Pagefile Usage : 2060 K
Pagefile Peak Usage : 2136 K
File Attributes : A
==================================================
==================================================
Process Name : ntvdm.exe
ProcessID : 3576
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : NTVDM.EXE
Company : Microsoft Corporation
Window Title :
File Size : 419,840
File Created Date : 03/08/2004 07:56:56 م
File Modified Date : 03/08/2004 07:56:56 م
Filename : C:\WINDOWS\system32\ntvdm.exe
Base Address : 0x0F000000
Created On : 29/11/2008 07:11:39 م
Visible Windows : 0
Hidden Windows : 4
User Name : USER\Administrator
Mem Usage : 1088 K
Mem Usage Peak : 5088 K
Page Faults : 1832
Pagefile Usage : 2296 K
Pagefile Peak Usage : 2320 K
File Attributes : A
==================================================
==================================================
Process Name : iexplore.exe
ProcessID : 280
Priority : Normal
Product Name : Windows® Internet Explorer
Version : 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
File Size : 637,984
File Created Date : 21/08/2008 11:16:40 م
File Modified Date : 21/08/2008 11:16:40 م
Filename : C:\Program Files\internet explorer\iexplore.exe
Base Address : 0x00400000
Created On : 29/11/2008 07:11:59 م
Visible Windows : 0
Hidden Windows : 32
User Name : USER\Administrator
Mem Usage : 30004 K
Mem Usage Peak : 30072 K
Page Faults : 13377
Pagefile Usage : 22400 K
Pagefile Peak Usage : 22560 K
File Attributes :
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 1232
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 13/09/2008 05:47:21 ص
File Modified Date : 04/08/2004 04:00:00 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 29/11/2008 07:12:10 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5524 K
Mem Usage Peak : 5524 K
Page Faults : 1437
Pagefile Usage : 2960 K
Pagefile Peak Usage : 2960 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 1252
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 29/11/2008 03:11:32 م
File Modified Date : 14/07/2005 03:46:34 ص
Filename : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 29/11/2008 07:12:15 م
Visible Windows : 0
Hidden Windows : 0
User Name : USER\Administrator
Mem Usage : 2092 K
Mem Usage Peak : 2144 K
Page Faults : 939
Pagefile Usage : 936 K
Pagefile Peak Usage : 992 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
sprestrt
sprestrt
Restores registry to restart GUI-mode part of setup
Microsoft Corporation
5.01.2600.0000
c:\windows\system32\sprestrt.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
explorer.exe
explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
8.00.0000.0357
c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0001.0045
c:\program files\common files\real\update_ob\realsched.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
msnmsgr
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Messenger
Microsoft Corporation
8.01.0178.0000
c:\program files\msn messenger\msnmsgr.exe
Task Scheduler
At1.job
C:\WINDOWS\system32\SSVICHOSST.exe
File not found: C:\WINDOWS\system32\SSVICHOSST.exe
At2.job
C:\WINDOWS\system32\SSVICHOSST.exe
File not found: C:\WINDOWS\system32\SSVICHOSST.exe
User_Feed_Synchronization-{9449197F-7ADF-4AC2-9D9E-40DE2236059A}.job
C:\WINDOWS\system32\msfeedssync.exe sync
Microsoft Feeds Synchronization
Microsoft Corporation
8.00.6001.18241
c:\windows\system32\msfeedssync.exe
User_Feed_Synchronization-{BCF5D7E8-E78A-453F-A1CE-B9E55388D971}.job
C:\WINDOWS\system32\msfeedssync.exe sync
Microsoft Feeds Synchronization
Microsoft Corporation
8.00.6001.18241
c:\windows\system32\msfeedssync.exe
.
.
----------- End Report ---------------
