.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:04 م, on 05/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\ATC\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\ATC\LOCALS~1\Temp\bntoz\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\dse235rgd0.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zyz1] c:\zyz_auto_killer\run2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Documents and Settings\ATC\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\ATC\Application Data\CyberScrub\Privacy Suite"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: سرعة تشغيل Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5526 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 716
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 17/06/1425 09:56:30 م
File Modified Date : 17/06/1425 09:56:30 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 09/01/1430 10:50:45 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 388 K
Mem Usage Peak : 676 K
Page Faults : 292
Pagefile Usage : 172 K
Pagefile Peak Usage : 1640 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 764
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 17/06/1425 09:56:08 م
File Modified Date : 17/06/1425 09:56:08 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 09/01/1430 10:50:47 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 6308 K
Mem Usage Peak : 6588 K
Page Faults : 4886
Pagefile Usage : 7908 K
Pagefile Peak Usage : 7916 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 788
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 501,248
File Created Date : 17/06/1425 09:56:36 م
File Modified Date : 17/06/1425 09:56:36 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 09/01/1430 10:50:48 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 9744 K
Mem Usage Peak : 25460 K
Page Faults : 38553
Pagefile Usage : 12492 K
Pagefile Peak Usage : 18176 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 832
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 17/06/1425 09:56:30 م
File Modified Date : 17/06/1425 09:56:30 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 09/01/1430 10:50:50 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4516 K
Mem Usage Peak : 4568 K
Page Faults : 1542
Pagefile Usage : 2196 K
Pagefile Peak Usage : 2460 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 844
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 17/06/1425 09:56:18 م
File Modified Date : 17/06/1425 09:56:18 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 09/01/1430 10:50:50 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 6264 K
Mem Usage Peak : 6272 K
Page Faults : 1721
Pagefile Usage : 4056 K
Pagefile Peak Usage : 4088 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1000
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 17/06/1425 09:56:32 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 09/01/1430 10:50:51 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5356 K
Mem Usage Peak : 5384 K
Page Faults : 1443
Pagefile Usage : 3416 K
Pagefile Peak Usage : 23600 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1068
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 17/06/1425 09:56:32 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 09/01/1430 10:50:52 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4544 K
Mem Usage Peak : 4544 K
Page Faults : 1262
Pagefile Usage : 1928 K
Pagefile Peak Usage : 1956 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1108
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 17/06/1425 09:56:32 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 09/01/1430 10:50:52 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 25400 K
Mem Usage Peak : 39452 K
Page Faults : 17352
Pagefile Usage : 16044 K
Pagefile Peak Usage : 29612 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1192
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 17/06/1425 09:56:32 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 09/01/1430 10:50:52 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4656 K
Mem Usage Peak : 4656 K
Page Faults : 1219
Pagefile Usage : 1876 K
Pagefile Peak Usage : 1876 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1432
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 04/05/1426 11:53:32 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 09/01/1430 10:50:54 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5932 K
Mem Usage Peak : 5960 K
Page Faults : 3095
Pagefile Usage : 4088 K
Pagefile Peak Usage : 4212 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 1564
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 1,030,656
File Created Date : 17/06/1425 09:56:12 م
File Modified Date : 28/05/1428 01:22:11 م
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 09/01/1430 10:50:55 م
Visible Windows : 2
Hidden Windows : 18
User Name : MHM-9B9D20E75FB\ATC
Mem Usage : 30448 K
Mem Usage Peak : 32200 K
Page Faults : 15407
Pagefile Usage : 20660 K
Pagefile Peak Usage : 24480 K
File Attributes : A
==================================================
==================================================
Process Name : guard.exe
ProcessID : 1636
Priority : Normal
Product Name : AVG Anti-Spyware
Version : 7, 5, 1, 22
Description : AVG Anti-Spyware guard
Company : GRISOFT s.r.o.
Window Title :
File Size : 312,880
File Created Date : 14/05/1428 12:31:10 م
File Modified Date : 14/05/1428 12:31:10 م
Filename : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Base Address : 0x00400000
Created On : 09/01/1430 10:50:55 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 20440 K
Mem Usage Peak : 49700 K
Page Faults : 69067
Pagefile Usage : 45888 K
Pagefile Peak Usage : 57424 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1684
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.454
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 206,088
File Created Date : 26/07/1429 05:20:28 م
File Modified Date : 26/07/1429 05:20:28 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
Base Address : 0x00400000
Created On : 09/01/1430 10:50:56 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 48072 K
Mem Usage Peak : 123456 K
Page Faults : 120292
Pagefile Usage : 41792 K
Pagefile Peak Usage : 123656 K
File Attributes : A
==================================================
==================================================
Process Name : sm56hlpr.exe
ProcessID : 1804
Priority : Normal
Product Name : Motorola SM56 Tray Application
Version : 6.09.07
Description : Motorola SM56 Win32 Utility
Company : Motorola Inc.
Window Title :
File Size : 544,768
File Created Date : 09/11/1429 10:40:13 ص
File Modified Date : 17/11/1425 10:01:00 م
Filename : C:\WINDOWS\sm56hlpr.exe
Base Address : 0x00400000
Created On : 09/01/1430 10:50:59 م
Visible Windows : 0
Hidden Windows : 3
User Name : MHM-9B9D20E75FB\ATC
Mem Usage : 5204 K
Mem Usage Peak : 5204 K
Page Faults : 1500
Pagefile Usage : 2164 K
Pagefile Peak Usage : 3224 K
File Attributes : A
==================================================
==================================================
Process Name : rundll32.exe
ProcessID : 1812
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Run a DLL as an App
Company : Microsoft Corporation
Window Title :
File Size : 33,280
File Created Date : 17/06/1425 09:56:28 م
File Modified Date : 17/06/1425 09:56:28 م
Filename : C:\WINDOWS\system32\rundll32.exe
Base Address : 0x01000000
Created On : 09/01/1430 10:50:59 م
Visible Windows : 0
Hidden Windows : 2
User Name : MHM-9B9D20E75FB\ATC
Mem Usage : 4648 K
Mem Usage Peak : 4916 K
Page Faults : 1361
Pagefile Usage : 3248 K
Pagefile Peak Usage : 4332 K
File Attributes : A
==================================================
==================================================
Process Name : avp.exe
ProcessID : 1836
Priority : Normal
Product Name : Kaspersky Anti-Virus
Version : 8.0.0.454
Description : Kaspersky Anti-Virus
Company : Kaspersky Lab
Window Title :
File Size : 206,088
File Created Date : 26/07/1429 05:20:28 م
File Modified Date : 26/07/1429 05:20:28 م
Filename : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
Base Address : 0x00400000
Created On : 09/01/1430 10:50:59 م
Visible Windows : 0
Hidden Windows : 3
User Name : MHM-9B9D20E75FB\ATC
Mem Usage : 6172 K
Mem Usage Peak : 8208 K
Page Faults : 4556
Pagefile Usage : 3876 K
Pagefile Peak Usage : 4056 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1848
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 17/06/1425 09:56:32 م
File Modified Date : 17/06/1425 09:56:32 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 09/01/1430 10:50:59 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3584 K
Mem Usage Peak : 3584 K
Page Faults : 937
Pagefile Usage : 2384 K
Pagefile Peak Usage : 2384 K
File Attributes : A
==================================================
==================================================
Process Name : realsched.exe
ProcessID : 1844
Priority : Normal
Product Name : RealPlayer (32-bit)
Version : 0.1.0.4279
Description : RealNetworks Scheduler
Company : RealNetworks, Inc.
Window Title :
File Size : 185,896
File Created Date : 09/11/1429 10:13:50 ص
File Modified Date : 09/11/1429 10:13:50 ص
Filename : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Base Address : 0x00400000
Created On : 09/01/1430 10:50:59 م
Visible Windows : 0
Hidden Windows : 1
User Name : MHM-9B9D20E75FB\ATC
Mem Usage : 212 K
Mem Usage Peak : 3180 K
Page Faults : 5407
Pagefile Usage : 2212 K
Pagefile Peak Usage : 3280 K
File Attributes :
==================================================
==================================================
Process Name : nvsvc32.exe
ProcessID : 1892
Priority : Normal
Product Name : NVIDIA Driver Helper Service, Version 77.72
Version : 6.14.10.7772
Description : NVIDIA Driver Helper Service, Version 77.72
Company : NVIDIA Corporation
Window Title :
File Size : 127,043
File Created Date : 09/05/1426 09:20:00 ص
File Modified Date : 09/05/1426 09:20:00 ص
Filename : C:\WINDOWS\system32\nvsvc32.exe
Base Address : 0x00400000
Created On : 09/01/1430 10:50:59 م
Visible Windows : 0
Hidden Windows : 1
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3576 K
Mem Usage Peak : 4600 K
Page Faults : 2763
Pagefile Usage : 2112 K
Pagefile Peak Usage : 2504 K
File Attributes : A
==================================================
==================================================
Process Name : RUNDLL32.EXE
ProcessID : 1896
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Run a DLL as an App
Company : Microsoft Corporation
Window Title :
File Size : 33,280
File Created Date : 17/06/1425 09:56:28 م
File Modified Date : 17/06/1425 09:56:28 م
Filename : C:\WINDOWS\system32\RUNDLL32.EXE
Base Address : 0x01000000
Created On : 09/01/1430 10:50:59 م
Visible Windows : 0
Hidden Windows : 2
User Name : MHM-9B9D20E75FB\ATC
Mem Usage : 4304 K
Mem Usage Peak : 6036 K
Page Faults : 2697
Pagefile Usage : 3020 K
Pagefile Peak Usage : 8864 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 1920
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 15,360
File Created Date : 17/06/1425 09:56:08 م
File Modified Date : 17/06/1425 09:56:08 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 09/01/1430 10:51:00 م
Visible Windows : 0
Hidden Windows : 4
User Name : MHM-9B9D20E75FB\ATC
Mem Usage : 4400 K
Mem Usage Peak : 4588 K
Page Faults : 1360
Pagefile Usage : 1920 K
Pagefile Peak Usage : 2968 K
File Attributes : A
==================================================
==================================================
Process Name : WZQKPICK.EXE
ProcessID : 196
Priority : Normal
Product Name : WinZip
Version : 1.0 (32-bit)
Description : WinZip Executable
Company : WinZip Computing, S.L.
Window Title :
File Size : 394,856
File Created Date : 01/02/1429 08:10:00 ص
File Modified Date : 01/02/1429 08:10:00 ص
Filename : C:\Program Files\WinZip\WZQKPICK.EXE
Base Address : 0x00400000
Created On : 09/01/1430 10:51:03 م
Visible Windows : 0
Hidden Windows : 1
User Name : MHM-9B9D20E75FB\ATC
Mem Usage : 4648 K
Mem Usage Peak : 4648 K
Page Faults : 1360
Pagefile Usage : 1808 K
Pagefile Peak Usage : 2864 K
File Attributes : AR
==================================================
==================================================
Process Name : reader_sl.exe
ProcessID : 216
Priority : Normal
Product Name : Adobe Acrobat
Version : 7.0.5.2005092300
Description : Adobe Acrobat SpeedLauncher
Company : Adobe Systems Incorporated
Window Title :
File Size : 29,696
File Created Date : 21/08/1426 04:05:26 ص
File Modified Date : 21/08/1426 04:05:26 ص
Filename : C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Base Address : 0x00400000
Created On : 09/01/1430 10:51:03 م
Visible Windows : 0
Hidden Windows : 1
User Name : MHM-9B9D20E75FB\ATC
Mem Usage : 3844 K
Mem Usage Peak : 3884 K
Page Faults : 1135
Pagefile Usage : 1784 K
Pagefile Peak Usage : 2784 K
File Attributes : A
==================================================
==================================================
Process Name : wuauclt.exe
ProcessID : 2320
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)
Description : Windows Update Automatic Updates
Company : Microsoft Corporation
Window Title :
File Size : 51,224
File Created Date : 08/11/1429 11:58:21 م
File Modified Date : 16/10/1429 11:09:44 ص
Filename : C:\WINDOWS\system32\wuauclt.exe
Base Address : 0x00400000
Created On : 09/01/1430 10:52:01 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 13360 K
Mem Usage Peak : 21788 K
Page Faults : 7788
Pagefile Usage : 8072 K
Pagefile Peak Usage : 16592 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 2496
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 08/11/1429 11:56:31 م
File Modified Date : 17/06/1425 09:56:36 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 09/01/1430 10:52:12 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 6936 K
Mem Usage Peak : 6964 K
Page Faults : 1937
Pagefile Usage : 2568 K
Pagefile Peak Usage : 3292 K
File Attributes : A
==================================================
==================================================
Process Name : wscntfy.exe
ProcessID : 2572
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Security Center Notification App
Company : Microsoft Corporation
Window Title :
File Size : 13,824
File Created Date : 17/06/1425 09:56:36 م
File Modified Date : 17/06/1425 09:56:36 م
Filename : C:\WINDOWS\system32\wscntfy.exe
Base Address : 0x01000000
Created On : 09/01/1430 10:52:18 م
Visible Windows : 0
Hidden Windows : 1
User Name : MHM-9B9D20E75FB\ATC
Mem Usage : 3432 K
Mem Usage Peak : 3432 K
Page Faults : 1030
Pagefile Usage : 1632 K
Pagefile Peak Usage : 2620 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 2728
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 09/01/1430 07:52:59 م
File Modified Date : 23/01/1429 10:24:25 م
Filename : C:\DOCUME~1\ATC\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 09/01/1430 10:53:00 م
Visible Windows : 0
Hidden Windows : 0
User Name : MHM-9B9D20E75FB\ATC
Mem Usage : 2376 K
Mem Usage Peak : 2380 K
Page Faults : 679
Pagefile Usage : 784 K
Pagefile Peak Usage : 856 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 2748
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 17/06/1425 09:56:06 م
File Modified Date : 17/06/1425 09:56:06 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 09/01/1430 10:53:00 م
Visible Windows : 0
Hidden Windows : 1
User Name : MHM-9B9D20E75FB\ATC
Mem Usage : 3376 K
Mem Usage Peak : 3444 K
Page Faults : 943
Pagefile Usage : 2184 K
Pagefile Peak Usage : 2260 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 2804
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 09/01/1430 07:52:59 م
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\ATC\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 09/01/1430 10:53:05 م
Visible Windows : 0
Hidden Windows : 0
User Name : MHM-9B9D20E75FB\ATC
Mem Usage : 2396 K
Mem Usage Peak : 2452 K
Page Faults : 822
Pagefile Usage : 1040 K
Pagefile Peak Usage : 1104 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\autochk.exe
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.3156
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NVIDIA Display Properties Extension
NVIDIA Corporation
6.14.0010.7772
c:\windows\system32\nvcpl.dll
nwiz
nwiz.exe /install
NVIDIA nView Wizard, Version 105.25
NVIDIA Corporation
6.14.0010.10525
c:\windows\system32\nwiz.exe
SW20
C:\WINDOWS\system32\sw20.exe
sw20 MFC Application
1.00.0000.0001
c:\windows\system32\sw20.exe
SW24
C:\WINDOWS\system32\sw24.exe
c:\windows\system32\sw24.exe
SMSERIAL
sm56hlpr.exe
Motorola SM56 Win32 Utility
Motorola Inc.
6.09.0007.0000
c:\windows\sm56hlpr.exe
BluetoothAuthenticationAgent
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Bluetooth Control Panel Applet
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\bthprops.cpl
!AVG Anti-Spyware
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" /minimized
AVG Anti-Spyware
GRISOFT s.r.o.
7.05.0001.0043
c:\program files\grisoft\avg anti-spyware 7.5\zyzoom.exe
AVP
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
Kaspersky Anti-Virus
Kaspersky Lab
8.00.0000.0454
c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe
TkBellExe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RealNetworks Scheduler
RealNetworks, Inc.
0.01.0000.4279
c:\program files\common files\real\update_ob\realsched.exe
NvMediaCenter
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NVIDIA Media Center Library
NVIDIA Corporation
6.14.0010.7772
c:\windows\system32\nvmctray.dll
zyz1
c:\zyz_auto_killer\run2.exe
File not found: c:\zyz_auto_killer\run2.exe
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل
WinZip Quick Pick.lnk
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\WinZip Quick Pick.lnk
WinZip Executable
WinZip Computing, S.L.
1.00.7403.0000
c:\program files\winzip\wzqkpick.exe
سرعة تشغيل Adobe Reader.lnk
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\سرعة تشغيل Adobe Reader.lnk
Adobe Acrobat SpeedLauncher
Adobe Systems Incorporated
7.00.0005.0172
c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
AdVantage
"C:\Program Files\AdVantage\AdVantage.exe"
File not found: C:\Program Files\AdVantage\AdVantage.exe
kxva
C:\WINDOWS\system32\kxvo.exe
c:\windows\system32\kxvo.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Privacy Suite
"C:\Documents and Settings\ATC\Application Data\cleaner\CSPSeraser.exe" "/R:C:\Documents and Settings\ATC\Application Data\CyberScrub\Privacy Suite"
Privacy Suite (TM)
CyberScrub LLC
4.07.0000.0139
c:\documents and settings\atc\application data\cleaner\cspseraser.exe
.
.
----------- End Report ---------------
