==================================================
Process Name : smss.exe
ProcessID : 460
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 05/04/1430 01:09:56 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 404 K
Mem Usage Peak : 720 K
Page Faults : 298
Pagefile Usage : 168 K
Pagefile Peak Usage : 1676 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 660
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 05/04/1430 01:10:02 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4856 K
Mem Usage Peak : 6348 K
Page Faults : 8540
Pagefile Usage : 3600 K
Pagefile Peak Usage : 3644 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 684
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 05/04/1430 01:10:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3408 K
Mem Usage Peak : 11448 K
Page Faults : 6223
Pagefile Usage : 11472 K
Pagefile Peak Usage : 12432 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 728
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 05/04/1430 01:10:05 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4536 K
Mem Usage Peak : 4596 K
Page Faults : 1656
Pagefile Usage : 3760 K
Pagefile Peak Usage : 3928 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 740
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 05/04/1430 01:10:05 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1240 K
Mem Usage Peak : 6232 K
Page Faults : 3082
Pagefile Usage : 5772 K
Pagefile Peak Usage : 6020 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 888
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 05/04/1430 01:10:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5232 K
Mem Usage Peak : 5272 K
Page Faults : 1469
Pagefile Usage : 8056 K
Pagefile Peak Usage : 26652 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 944
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 05/04/1430 01:10:06 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4684 K
Mem Usage Peak : 4684 K
Page Faults : 1326
Pagefile Usage : 6428 K
Pagefile Peak Usage : 6440 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 980
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 05/04/1430 01:10:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 23152 K
Mem Usage Peak : 33844 K
Page Faults : 38634
Pagefile Usage : 21216 K
Pagefile Peak Usage : 25892 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1040
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 05/04/1430 01:10:06 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3760 K
Mem Usage Peak : 3796 K
Page Faults : 1422
Pagefile Usage : 2960 K
Pagefile Peak Usage : 3044 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1096
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 05/04/1430 01:10:06 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4832 K
Mem Usage Peak : 4848 K
Page Faults : 1293
Pagefile Usage : 6172 K
Pagefile Peak Usage : 6220 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1380
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 05/04/1430 01:10:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5024 K
Mem Usage Peak : 5136 K
Page Faults : 1930
Pagefile Usage : 7572 K
Pagefile Peak Usage : 8228 K
File Attributes : A
==================================================
==================================================
Process Name : FolderSizeSvc.exe
ProcessID : 1540
Priority : Normal
Product Name : Folder Size for Windows
Version : 1, 3, 0, 0
Description : FolderSize Service
Company : Brio
Window Title :
File Size : 98,304
File Created Date : 24/02/1427 08:23:22 م
File Modified Date : 24/02/1427 08:23:22 م
Filename : C:\Program Files\FolderSize\FolderSizeSvc.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:10:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3056 K
Mem Usage Peak : 3056 K
Page Faults : 807
Pagefile Usage : 2540 K
Pagefile Peak Usage : 2580 K
File Attributes : A
==================================================
==================================================
Process Name : Explorer.EXE
ProcessID : 1772
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : برامج
File Size : 949,760
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\Explorer.EXE
Base Address : 0x01000000
Created On : 05/04/1430 01:10:10 م
Visible Windows : 3
Hidden Windows : 40
User Name : AL-F09510039511\1
Mem Usage : 40664 K
Mem Usage Peak : 45628 K
Page Faults : 41090
Pagefile Usage : 45688 K
Pagefile Peak Usage : 51088 K
File Attributes : A
==================================================
==================================================
Process Name : RTHDCPL.EXE
ProcessID : 316
Priority : Normal
Product Name : Realtek HD Audio Sound Effect Manager
Version : 2.1.4.9
Description : Realtek HD Audio Control Panel
Company : Realtek Semiconductor Corp.
Window Title :
File Size : 16,402,432
File Created Date : 04/04/1430 02:09:11 م
File Modified Date : 27/07/1428 12:21:56 م
Filename : C:\WINDOWS\RTHDCPL.EXE
Base Address : 0x00400000
Created On : 05/04/1430 01:10:14 م
Visible Windows : 0
Hidden Windows : 47
User Name : AL-F09510039511\1
Mem Usage : 23380 K
Mem Usage Peak : 23380 K
Page Faults : 9145
Pagefile Usage : 23024 K
Pagefile Peak Usage : 23044 K
File Attributes : A
==================================================
==================================================
Process Name : sm56hlpr.exe
ProcessID : 424
Priority : Normal
Product Name : SM56 Helper Win32 Utility
Version : 6.12.05
Description : Application executable file
Company : Motorola Inc.
Window Title :
File Size : 630,784
File Created Date : 04/04/1430 02:08:07 م
File Modified Date : 02/11/1427 02:31:26 م
Filename : C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:10:14 م
Visible Windows : 0
Hidden Windows : 5
User Name : AL-F09510039511\1
Mem Usage : 4096 K
Mem Usage Peak : 4104 K
Page Faults : 1076
Pagefile Usage : 3116 K
Pagefile Peak Usage : 3156 K
File Attributes : A
==================================================
==================================================
Process Name : SynTPEnh.exe
ProcessID : 432
Priority : Normal
Product Name : Synaptics Pointing Device Driver
Version : 9.2.5 10May07
Description : Synaptics TouchPad Enhancements
Company : Synaptics, Inc.
Window Title :
File Size : 864,256
File Created Date : 04/04/1430 02:09:51 م
File Modified Date : 23/04/1428 04:22:08 م
Filename : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:10:14 م
Visible Windows : 0
Hidden Windows : 8
User Name : AL-F09510039511\1
Mem Usage : 5188 K
Mem Usage Peak : 5188 K
Page Faults : 1473
Pagefile Usage : 2976 K
Pagefile Peak Usage : 3004 K
File Attributes : A
==================================================
==================================================
Process Name : TouchPad_HotKey.exe
ProcessID : 444
Priority : Normal
Product Name :
Version : 4.0.6.0
Description :
Company :
Window Title :
File Size : 364,544
File Created Date : 04/04/1430 02:10:48 م
File Modified Date : 30/07/1428 10:47:38 ص
Filename : C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:10:14 م
Visible Windows : 0
Hidden Windows : 4
User Name : AL-F09510039511\1
Mem Usage : 4396 K
Mem Usage Peak : 4396 K
Page Faults : 1404
Pagefile Usage : 5728 K
Pagefile Peak Usage : 5780 K
File Attributes : A
==================================================
==================================================
Process Name : FireWall.exe
ProcessID : 468
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 3,543,552
File Created Date : 05/04/1430 04:48:56 ص
File Modified Date : 30/11/1427 11:10:58 م
Filename : C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:10:15 م
Visible Windows : 0
Hidden Windows : 14
User Name : AL-F09510039511\1
Mem Usage : 14232 K
Mem Usage Peak : 14320 K
Page Faults : 104644
Pagefile Usage : 18940 K
Pagefile Peak Usage : 19200 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 464
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 05/04/1430 01:10:15 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4032 K
Mem Usage Peak : 4064 K
Page Faults : 1075
Pagefile Usage : 5596 K
Pagefile Peak Usage : 5640 K
File Attributes : A
==================================================
==================================================
Process Name : USBGuard.exe
ProcessID : 508
Priority : Normal
Product Name : USBGuard Application
Version : 5, 1, 0, 15
Description : Antivirus software
Company : Zbshareware Lab
Window Title :
File Size : 798,720
File Created Date : 05/04/1430 09:13:38 ص
File Modified Date : 23/09/1429 02:21:28 م
Filename : C:\Program Files\USB Disk Security\USBGuard.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:10:15 م
Visible Windows : 0
Hidden Windows : 44
User Name : AL-F09510039511\1
Mem Usage : 7136 K
Mem Usage Peak : 7324 K
Page Faults : 127106
Pagefile Usage : 5228 K
Pagefile Peak Usage : 5948 K
File Attributes : A
==================================================
==================================================
Process Name : oldmcdonald.exe
ProcessID : 540
Priority : Normal
Product Name :
Version : 2.3
Description : Old McDonald
Company : Old McDonald's Farm
Window Title :
File Size : 501,768
File Created Date : 05/04/1430 09:13:46 ص
File Modified Date : 28/11/1429 11:19:54 م
Filename : C:\Program Files\Autorun Eater\oldmcdonald.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:10:15 م
Visible Windows : 0
Hidden Windows : 4
User Name : AL-F09510039511\1
Mem Usage : 1620 K
Mem Usage Peak : 10464 K
Page Faults : 103707
Pagefile Usage : 9564 K
Pagefile Peak Usage : 9728 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 576
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 30,208
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:10:15 م
Visible Windows : 0
Hidden Windows : 5
User Name : AL-F09510039511\1
Mem Usage : 3752 K
Mem Usage Peak : 3752 K
Page Faults : 1076
Pagefile Usage : 2928 K
Pagefile Peak Usage : 2968 K
File Attributes : A
==================================================
==================================================
Process Name : Rainlendar2.exe
ProcessID : 584
Priority : Normal
Product Name : Rainlendar2
Version : 2, 2, 0, 0
Description : Rainlendar2
Company :
Window Title : Todo List .:. Rainlendar2
File Size : 1,298,432
File Created Date : 10/07/1428 07:12:56 ص
File Modified Date : 10/07/1428 07:12:56 ص
Filename : C:\Program Files\Rainlendar2\Rainlendar2.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:10:15 م
Visible Windows : 3
Hidden Windows : 9
User Name : AL-F09510039511\1
Mem Usage : 11848 K
Mem Usage Peak : 11848 K
Page Faults : 3573
Pagefile Usage : 13000 K
Pagefile Peak Usage : 13052 K
File Attributes : A
==================================================
==================================================
Process Name : sistray.exe
ProcessID : 620
Priority : Normal
Product Name : SiS (R) Compatible Super VGA SiSTray application
Version : 0.0.0.3820
Description : SiS Compatible Super VGA Tray Application
Company : Silicon Integrated Systems Corporation
Window Title :
File Size : 262,144
File Created Date : 04/04/1430 02:08:49 م
File Modified Date : 20/07/1428 01:06:32 م
Filename : C:\WINDOWS\system32\sistray.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:10:16 م
Visible Windows : 0
Hidden Windows : 2
User Name : AL-F09510039511\1
Mem Usage : 3872 K
Mem Usage Peak : 3884 K
Page Faults : 1016
Pagefile Usage : 2552 K
Pagefile Peak Usage : 2592 K
File Attributes : A
==================================================
==================================================
Process Name : WirelessSelector.exe
ProcessID : 632
Priority : Normal
Product Name : WirelessSelector
Version : 1.0.1.6
Description :
Company : ITE Tech Inc.
Window Title :
File Size : 650,752
File Created Date : 04/04/1430 02:10:39 م
File Modified Date : 01/08/1428 01:41:54 م
Filename : C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:10:16 م
Visible Windows : 0
Hidden Windows : 3
User Name : AL-F09510039511\1
Mem Usage : 3960 K
Mem Usage Peak : 3960 K
Page Faults : 1048
Pagefile Usage : 2596 K
Pagefile Peak Usage : 2636 K
File Attributes : A
==================================================
==================================================
Process Name : billy.exe
ProcessID : 704
Priority : Normal
Product Name :
Version : 2.3
Description : Billy The Goat
Company : Old McDonald's Farm
Window Title :
File Size : 370,032
File Created Date : 05/04/1430 09:13:46 ص
File Modified Date : 28/11/1429 11:27:58 م
Filename : C:\Program Files\Autorun Eater\billy.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:10:18 م
Visible Windows : 0
Hidden Windows : 2
User Name : AL-F09510039511\1
Mem Usage : 2296 K
Mem Usage Peak : 6908 K
Page Faults : 168364
Pagefile Usage : 6500 K
Pagefile Peak Usage : 6604 K
File Attributes : A
==================================================
==================================================
Process Name : IEXPLORE.EXE
ProcessID : 3224
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title : استئناف التشغيل - Microsoft Internet Explorer
File Size : 93,184
File Created Date : 04/04/1430 01:02:22 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Base Address : 0x00400000
Created On : 05/04/1430 01:22:42 م
Visible Windows : 1
Hidden Windows : 22
User Name : AL-F09510039511\1
Mem Usage : 19100 K
Mem Usage Peak : 23096 K
Page Faults : 17076
Pagefile Usage : 30504 K
Pagefile Peak Usage : 36184 K
File Attributes : A
==================================================
==================================================
Process Name : IEXPLORE.EXE
ProcessID : 1276
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Internet Explorer
Company : Microsoft Corporation
Window Title :
- Microsoft Internet Explorer
File Size : 93,184
File Created Date : 04/04/1430 01:02:22 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Base Address : 0x00400000
Created On : 05/04/1430 01:26:48 م
Visible Windows : 3
Hidden Windows : 54
User Name : AL-F09510039511\1
Mem Usage : 35616 K
Mem Usage Peak : 38560 K
Page Faults : 26871
Pagefile Usage : 45832 K
Pagefile Peak Usage : 45852 K
File Attributes : A
==================================================
==================================================
Process Name : msiexec.exe
ProcessID : 3068
Priority : Normal
Product Name : Windows Installer - Unicode
Version : 3.0.3790.2180
Description : Windows® installer
Company : Microsoft Corporation
Window Title :
File Size : 87,552
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\msiexec.exe
Base Address : 0x01000000
Created On : 05/04/1430 01:27:19 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5884 K
Mem Usage Peak : 5892 K
Page Faults : 1516
Pagefile Usage : 6212 K
Pagefile Peak Usage : 10804 K
File Attributes : A
==================================================
==================================================
Process Name : MiniDM.exe
ProcessID : 3868
Priority : Normal
Product Name : MiniDM
Version : 1, 3, 0, 2
Description : MiniDM
Company : IE7Pro.com
Window Title : MiniDM
File Size : 715,912
File Created Date : 09/02/1430 09:59:16 ص
File Modified Date : 09/02/1430 09:59:16 ص
Filename : C:\Program Files\IEPro\MiniDM.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:32:11 م
Visible Windows : 1
Hidden Windows : 3
User Name : AL-F09510039511\1
Mem Usage : 10216 K
Mem Usage Peak : 10216 K
Page Faults : 4177
Pagefile Usage : 15224 K
Pagefile Peak Usage : 15228 K
File Attributes : A
==================================================
==================================================
Process Name : run.exe
ProcessID : 2820
Priority : Normal
Product Name :
Version : 0. 0.
Description :
Company :
Window Title :
File Size : 132,254
File Created Date : 05/04/1430 10:32:59 ص
File Modified Date : 22/09/1428 07:52:46 م
Filename : C:\DOCUME~1\1\LOCALS~1\Temp\cpr\run.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:32:59 م
Visible Windows : 0
Hidden Windows : 0
User Name : AL-F09510039511\1
Mem Usage : 2172 K
Mem Usage Peak : 2172 K
Page Faults : 622
Pagefile Usage : 896 K
Pagefile Peak Usage : 900 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 2900
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 05/04/1430 01:32:59 م
Visible Windows : 0
Hidden Windows : 1
User Name : AL-F09510039511\1
Mem Usage : 2644 K
Mem Usage Peak : 2652 K
Page Faults : 692
Pagefile Usage : 2128 K
Pagefile Peak Usage : 2132 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 2964
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 05/04/1430 10:32:59 ص
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\1\LOCALS~1\Temp\cpr\CProcess.exe
Base Address : 0x00400000
Created On : 05/04/1430 01:33:00 م
Visible Windows : 0
Hidden Windows : 0
User Name : AL-F09510039511\1
Mem Usage : 2184 K
Mem Usage Peak : 2236 K
Page Faults : 872
Pagefile Usage : 940 K
Pagefile Peak Usage : 1628 K
File Attributes : A
==================================================
.
--------------------------\\\ Start Report Of HijackThis ---------------
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:46:08 م, on 30/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\1\LOCALS~1\Temp\bntoz\runn.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\1\LOCALS~1\Temp\bntoz\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WirelessSelector.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster -
Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia -
Files\ieSpell\wikipedia.HTM
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 5331 bytes
.
.
--------------------------\\\ End Report Of Of HijackThis ---------------
.
.
.
.
--------------------------\\\ Start Report Of Running Processes ---------------
.
==================================================
Process Name : smss.exe
ProcessID : 560
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Session Manager
Company : Microsoft Corporation
Window Title :
File Size : 50,688
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\smss.exe
Base Address : 0x48580000
Created On : 04/04/1430 09:01:58 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 396 K
Mem Usage Peak : 488 K
Page Faults : 218
Pagefile Usage : 164 K
Pagefile Peak Usage : 1672 K
File Attributes : A
==================================================
==================================================
Process Name : csrss.exe
ProcessID : 624
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Client Server Runtime Process
Company : Microsoft Corporation
Window Title :
File Size : 6,144
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\csrss.exe
Base Address : 0x4A680000
Created On : 04/04/1430 09:02:04 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4992 K
Mem Usage Peak : 6348 K
Page Faults : 8396
Pagefile Usage : 2064 K
Pagefile Peak Usage : 3644 K
File Attributes : A
==================================================
==================================================
Process Name : winlogon.exe
ProcessID : 648
Priority : High
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows NT Logon Application
Company : Microsoft Corporation
Window Title :
File Size : 502,272
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\winlogon.exe
Base Address : 0x01000000
Created On : 04/04/1430 09:02:05 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4364 K
Mem Usage Peak : 13636 K
Page Faults : 7383
Pagefile Usage : 9976 K
Pagefile Peak Usage : 12428 K
File Attributes : A
==================================================
==================================================
Process Name : services.exe
ProcessID : 1052
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Services and Controller app
Company : Microsoft Corporation
Window Title :
File Size : 108,032
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\services.exe
Base Address : 0x01000000
Created On : 04/04/1430 09:02:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 5404 K
Mem Usage Peak : 13912 K
Page Faults : 7440
Pagefile Usage : 6572 K
Pagefile Peak Usage : 8864 K
File Attributes : A
==================================================
==================================================
Process Name : lsass.exe
ProcessID : 1064
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : LSA Shell (Export Version)
Company : Microsoft Corporation
Window Title :
File Size : 13,312
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\lsass.exe
Base Address : 0x01000000
Created On : 04/04/1430 09:02:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 1392 K
Mem Usage Peak : 6428 K
Page Faults : 4167
Pagefile Usage : 4816 K
Pagefile Peak Usage : 4988 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1212
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 04/04/1430 09:02:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4888 K
Mem Usage Peak : 4976 K
Page Faults : 1425
Pagefile Usage : 6532 K
Pagefile Peak Usage : 26684 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1268
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 04/04/1430 09:02:06 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4760 K
Mem Usage Peak : 4764 K
Page Faults : 1347
Pagefile Usage : 5336 K
Pagefile Peak Usage : 5384 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1312
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 04/04/1430 09:02:06 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 22556 K
Mem Usage Peak : 33072 K
Page Faults : 36545
Pagefile Usage : 18824 K
Pagefile Peak Usage : 24216 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1360
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 04/04/1430 09:02:06 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 3688 K
Mem Usage Peak : 3792 K
Page Faults : 1067
Pagefile Usage : 1740 K
Pagefile Peak Usage : 1836 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 1456
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\svchost.exe
Base Address : 0x01000000
Created On : 04/04/1430 09:02:06 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 7148 K
Mem Usage Peak : 7224 K
Page Faults : 3191
Pagefile Usage : 7940 K
Pagefile Peak Usage : 8096 K
File Attributes : A
==================================================
==================================================
Process Name : spoolsv.exe
ProcessID : 1984
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Spooler SubSystem App
Company : Microsoft Corporation
Window Title :
File Size : 57,856
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\spoolsv.exe
Base Address : 0x01000000
Created On : 04/04/1430 09:02:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 4652 K
Mem Usage Peak : 4672 K
Page Faults : 1730
Pagefile Usage : 6020 K
Pagefile Peak Usage : 6260 K
File Attributes : A
==================================================
==================================================
Process Name : PWRISOVM.EXE
ProcessID : 260
Priority : Normal
Product Name : PowerISO Virtual Drive Manager
Version : 4, 4, 0, 0
Description : PowerISO Virtual Drive Manager
Company : PowerISO Computing, Inc.
Window Title :
File Size : 180,224
File Created Date : 19/03/1430 10:15:16 ص
File Modified Date : 19/03/1430 10:15:16 ص
Filename : C:\Program Files\PowerISO\PWRISOVM.EXE
Base Address : 0x00400000
Created On : 04/04/1430 09:02:09 م
Visible Windows : 0
Hidden Windows : 2
User Name : AL-F09510039511\1
Mem Usage : 2604 K
Mem Usage Peak : 2604 K
Page Faults : 677
Pagefile Usage : 880 K
Pagefile Peak Usage : 880 K
File Attributes : A
==================================================
==================================================
Process Name : RTHDCPL.EXE
ProcessID : 296
Priority : Normal
Product Name : Realtek HD Audio Sound Effect Manager
Version : 2.1.4.9
Description : Realtek HD Audio Control Panel
Company : Realtek Semiconductor Corp.
Window Title :
File Size : 16,402,432
File Created Date : 04/04/1430 02:09:11 م
File Modified Date : 27/07/1428 12:21:56 م
Filename : C:\WINDOWS\RTHDCPL.EXE
Base Address : 0x00400000
Created On : 04/04/1430 09:02:09 م
Visible Windows : 0
Hidden Windows : 47
User Name : AL-F09510039511\1
Mem Usage : 22284 K
Mem Usage Peak : 22284 K
Page Faults : 8813
Pagefile Usage : 21516 K
Pagefile Peak Usage : 21532 K
File Attributes : A
==================================================
==================================================
Process Name : sm56hlpr.exe
ProcessID : 316
Priority : Normal
Product Name : SM56 Helper Win32 Utility
Version : 6.12.05
Description : Application executable file
Company : Motorola Inc.
Window Title :
File Size : 630,784
File Created Date : 04/04/1430 02:08:07 م
File Modified Date : 02/11/1427 02:31:26 م
Filename : C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:02:09 م
Visible Windows : 0
Hidden Windows : 5
User Name : AL-F09510039511\1
Mem Usage : 3472 K
Mem Usage Peak : 3472 K
Page Faults : 890
Pagefile Usage : 1392 K
Pagefile Peak Usage : 1392 K
File Attributes : A
==================================================
==================================================
Process Name : SynTPEnh.exe
ProcessID : 388
Priority : Normal
Product Name : Synaptics Pointing Device Driver
Version : 9.2.5 10May07
Description : Synaptics TouchPad Enhancements
Company : Synaptics, Inc.
Window Title :
File Size : 864,256
File Created Date : 04/04/1430 02:09:51 م
File Modified Date : 23/04/1428 04:22:08 م
Filename : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:02:09 م
Visible Windows : 0
Hidden Windows : 8
User Name : AL-F09510039511\1
Mem Usage : 4824 K
Mem Usage Peak : 4880 K
Page Faults : 1356
Pagefile Usage : 1468 K
Pagefile Peak Usage : 1576 K
File Attributes : A
==================================================
==================================================
Process Name : TouchPad_HotKey.exe
ProcessID : 396
Priority : Normal
Product Name :
Version : 4.0.6.0
Description :
Company :
Window Title :
File Size : 364,544
File Created Date : 04/04/1430 02:10:48 م
File Modified Date : 30/07/1428 10:47:38 ص
Filename : C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:02:09 م
Visible Windows : 0
Hidden Windows : 4
User Name : AL-F09510039511\1
Mem Usage : 4024 K
Mem Usage Peak : 4028 K
Page Faults : 1282
Pagefile Usage : 4224 K
Pagefile Peak Usage : 4804 K
File Attributes : A
==================================================
==================================================
Process Name : nod32kui.exe
ProcessID : 404
Priority : Normal
Product Name : NOD32 Antivirus System
Version : 2, 70, 39
Description : NOD32 Control Center GUI
Company : Eset
Window Title :
File Size : 949,376
File Created Date : 04/04/1430 02:31:44 م
File Modified Date : 04/04/1430 02:31:43 م
Filename : C:\Program Files\Eset\nod32kui.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:02:09 م
Visible Windows : 0
Hidden Windows : 44
User Name : AL-F09510039511\1
Mem Usage : 2884 K
Mem Usage Peak : 6320 K
Page Faults : 5728
Pagefile Usage : 2428 K
Pagefile Peak Usage : 3128 K
File Attributes : A
==================================================
==================================================
Process Name : ctfmon.exe
ProcessID : 420
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : CTF Loader
Company : Microsoft Corporation
Window Title :
File Size : 30,208
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\ctfmon.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:02:09 م
Visible Windows : 0
Hidden Windows : 5
User Name : AL-F09510039511\1
Mem Usage : 3328 K
Mem Usage Peak : 3328 K
Page Faults : 938
Pagefile Usage : 1416 K
Pagefile Peak Usage : 1416 K
File Attributes : A
==================================================
==================================================
Process Name : Rainlendar2.exe
ProcessID : 428
Priority : Normal
Product Name : Rainlendar2
Version : 2, 2, 0, 0
Description : Rainlendar2
Company :
Window Title : Todo List .:. Rainlendar2
File Size : 1,298,432
File Created Date : 10/07/1428 07:12:56 ص
File Modified Date : 10/07/1428 07:12:56 ص
Filename : C:\Program Files\Rainlendar2\Rainlendar2.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:02:09 م
Visible Windows : 3
Hidden Windows : 9
User Name : AL-F09510039511\1
Mem Usage : 11404 K
Mem Usage Peak : 11408 K
Page Faults : 3440
Pagefile Usage : 11480 K
Pagefile Peak Usage : 11596 K
File Attributes : A
==================================================
==================================================
Process Name : sistray.exe
ProcessID : 588
Priority : Normal
Product Name : SiS (R) Compatible Super VGA SiSTray application
Version : 0.0.0.3820
Description : SiS Compatible Super VGA Tray Application
Company : Silicon Integrated Systems Corporation
Window Title :
File Size : 262,144
File Created Date : 04/04/1430 02:08:49 م
File Modified Date : 20/07/1428 01:06:32 م
Filename : C:\WINDOWS\system32\sistray.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:02:09 م
Visible Windows : 0
Hidden Windows : 2
User Name : AL-F09510039511\1
Mem Usage : 3364 K
Mem Usage Peak : 3364 K
Page Faults : 861
Pagefile Usage : 1028 K
Pagefile Peak Usage : 1028 K
File Attributes : A
==================================================
==================================================
Process Name : WirelessSelector.exe
ProcessID : 600
Priority : Normal
Product Name : WirelessSelector
Version : 1.0.1.6
Description :
Company : ITE Tech Inc.
Window Title :
File Size : 650,752
File Created Date : 04/04/1430 02:10:39 م
File Modified Date : 01/08/1428 01:41:54 م
Filename : C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:02:09 م
Visible Windows : 0
Hidden Windows : 3
User Name : AL-F09510039511\1
Mem Usage : 3624 K
Mem Usage Peak : 3624 K
Page Faults : 935
Pagefile Usage : 1096 K
Pagefile Peak Usage : 1096 K
File Attributes : A
==================================================
==================================================
Process Name : FolderSizeSvc.exe
ProcessID : 980
Priority : Normal
Product Name : Folder Size for Windows
Version : 1, 3, 0, 0
Description : FolderSize Service
Company : Brio
Window Title :
File Size : 98,304
File Created Date : 24/02/1427 08:23:22 م
File Modified Date : 24/02/1427 08:23:22 م
Filename : C:\Program Files\FolderSize\FolderSizeSvc.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:02:13 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 2640 K
Mem Usage Peak : 2640 K
Page Faults : 675
Pagefile Usage : 1040 K
Pagefile Peak Usage : 1040 K
File Attributes : A
==================================================
==================================================
Process Name : nod32krn.exe
ProcessID : 1008
Priority : Normal
Product Name : NOD32 Antivirus System
Version : 2, 70, 39
Description : NOD32 Kernel Service
Company : Eset
Window Title :
File Size : 552,064
File Created Date : 04/04/1430 02:31:44 م
File Modified Date : 04/04/1430 02:31:42 م
Filename : C:\Program Files\Eset\nod32krn.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:02:13 م
Visible Windows : 0
Hidden Windows : 2
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 22940 K
Mem Usage Peak : 30312 K
Page Faults : 48493
Pagefile Usage : 22464 K
Pagefile Peak Usage : 55116 K
File Attributes : A
==================================================
==================================================
Process Name : alg.exe
ProcessID : 1500
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Application Layer Gateway Service
Company : Microsoft Corporation
Window Title :
File Size : 44,544
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\alg.exe
Base Address : 0x01000000
Created On : 04/04/1430 09:02:16 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 4028 K
Mem Usage Peak : 4028 K
Page Faults : 1054
Pagefile Usage : 4492 K
Pagefile Peak Usage : 4508 K
File Attributes : A
==================================================
==================================================
Process Name : msnmsgr.exe
ProcessID : 764
Priority : Normal
Product Name : Messenger
Version : 8.1.0178.00
Description : Messenger
Company : Microsoft Corporation
Window Title :
File Size : 5,674,352
File Created Date : 01/01/1428 09:54:56 ص
File Modified Date : 01/01/1428 09:54:56 ص
Filename : C:\Program Files\MSN Messenger\msnmsgr.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:12:18 م
Visible Windows : 1
Hidden Windows : 12
User Name : AL-F09510039511\1
Mem Usage : 4084 K
Mem Usage Peak : 15828 K
Page Faults : 7731
Pagefile Usage : 12284 K
Pagefile Peak Usage : 12740 K
File Attributes : A
==================================================
==================================================
Process Name : RtWLan.exe
ProcessID : 1448
Priority : Normal
Product Name : RtWLan Application
Version : 402, 1190, 801, 2006
Description : RtWLan ( For Win2K/XP ) Application
Company : Realtek Semiconductor Corp.
Window Title :
File Size : 737,280
File Created Date : 04/04/1430 06:13:05 م
File Modified Date : 07/07/1427 06:19:10 ص
Filename : C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:13:20 م
Visible Windows : 0
Hidden Windows : 24
User Name : AL-F09510039511\1
Mem Usage : 9532 K
Mem Usage Peak : 9600 K
Page Faults : 11578
Pagefile Usage : 6468 K
Pagefile Peak Usage : 6560 K
File Attributes : A
==================================================
==================================================
Process Name : svchost.exe
ProcessID : 3616
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Generic Host Process for Win32 Services
Company : Microsoft Corporation
Window Title :
File Size : 14,336
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\System32\svchost.exe
Base Address : 0x01000000
Created On : 04/04/1430 09:16:32 م
Visible Windows : 0
Hidden Windows : 0
User Name : NT AUTHORITY\SYSTEM
Mem Usage : 3488 K
Mem Usage Peak : 3496 K
Page Faults : 902
Pagefile Usage : 4512 K
Pagefile Peak Usage : 4536 K
File Attributes : A
==================================================
==================================================
Process Name : firefox.exe
ProcessID : 2648
Priority : Normal
Product Name : Firefox
Version : 1.8.1.6: 2007072518
Description : Firefox
Company : Mozilla Corporation
Window Title : 15% of 2 files - Downloads
File Size : 7,644,520
File Created Date : 04/04/1430 02:30:39 م
File Modified Date : 12/07/1428 07:32:45 م
Filename : C:\Program Files\Mozilla Firefox\firefox.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:33:09 م
Visible Windows : 2
Hidden Windows : 19
User Name : AL-F09510039511\1
Mem Usage : 56796 K
Mem Usage Peak : 67744 K
Page Faults : 422178
Pagefile Usage : 58552 K
Pagefile Peak Usage : 69616 K
File Attributes : A
==================================================
==================================================
Process Name : explorer.exe
ProcessID : 2728
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Explorer
Company : Microsoft Corporation
Window Title : Program Manager
File Size : 949,760
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\explorer.exe
Base Address : 0x01000000
Created On : 04/04/1430 09:37:56 م
Visible Windows : 2
Hidden Windows : 24
User Name : AL-F09510039511\1
Mem Usage : 24644 K
Mem Usage Peak : 26316 K
Page Faults : 10128
Pagefile Usage : 31012 K
Pagefile Peak Usage : 33760 K
File Attributes : A
==================================================
==================================================
Process Name : runn.exe
ProcessID : 3892
Priority : Normal
Product Name :
Version :
Description :
Company :
Window Title :
File Size : 71,680
File Created Date : 04/04/1430 06:46:05 م
File Modified Date : 23/01/1429 10:24:25 م
Filename : C:\DOCUME~1\1\LOCALS~1\Temp\bntoz\runn.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:46:05 م
Visible Windows : 0
Hidden Windows : 0
User Name : AL-F09510039511\1
Mem Usage : 2132 K
Mem Usage Peak : 2132 K
Page Faults : 613
Pagefile Usage : 884 K
Pagefile Peak Usage : 888 K
File Attributes : A
==================================================
==================================================
Process Name : cmd.exe
ProcessID : 3520
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : Windows Command Processor
Company : Microsoft Corporation
Window Title :
File Size : 388,608
File Created Date : 18/06/1425 12:00:00 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\cmd.exe
Base Address : 0x4AD00000
Created On : 04/04/1430 09:46:05 م
Visible Windows : 0
Hidden Windows : 1
User Name : AL-F09510039511\1
Mem Usage : 2868 K
Mem Usage Peak : 2936 K
Page Faults : 811
Pagefile Usage : 2128 K
Pagefile Peak Usage : 2204 K
File Attributes : A
==================================================
==================================================
Process Name : wmiprvse.exe
ProcessID : 3292
Priority : Normal
Product Name : Microsoft® Windows® Operating System
Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Description : WMI
Company : Microsoft Corporation
Window Title :
File Size : 218,112
File Created Date : 04/04/1430 01:00:28 م
File Modified Date : 18/06/1425 12:00:00 م
Filename : C:\WINDOWS\system32\wbem\wmiprvse.exe
Base Address : 0x01000000
Created On : 04/04/1430 09:46:05 م
Visible Windows : 0
Hidden Windows : 0
User Name :
Mem Usage : 5672 K
Mem Usage Peak : 5672 K
Page Faults : 1449
Pagefile Usage : 6364 K
Pagefile Peak Usage : 6364 K
File Attributes : A
==================================================
==================================================
Process Name : CProcess.exe
ProcessID : 3644
Priority : Normal
Product Name : CurrProcess
Version : 1.11
Description : CurrProcess
Company : NirSoft
Window Title :
File Size : 35,840
File Created Date : 04/04/1430 06:46:04 م
File Modified Date : 08/06/1426 04:46:34 ص
Filename : C:\DOCUME~1\1\LOCALS~1\Temp\bntoz\CProcess.exe
Base Address : 0x00400000
Created On : 04/04/1430 09:46:08 م
Visible Windows : 0
Hidden Windows : 0
User Name : AL-F09510039511\1
Mem Usage : 2164 K
Mem Usage Peak : 2216 K
Page Faults : 870
Pagefile Usage : 908 K
Pagefile Peak Usage : 1632 K
File Attributes : A
==================================================
.
.
--------------------------\\\ End Report Of Running Processes ---------------
.
.
.
.
--------------------------\\\ Windows XP Startup List ---------------
.
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
File not found: autochk
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
RDP Clip Monitor
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
Userinit Logon Application
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
Windows Explorer
Microsoft Corporation
6.00.2900.2180
c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Microsoft IME
Microsoft Corporation
8.01.4202.0000
c:\windows\ime\imjp8_1\imjpmig.exe
PHIME2002ASync
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
???????? 2002a
Microsoft Corporation
5.02.0000.2801
c:\windows\system32\ime\tintlgnt\tintsetp.exe
PHIME2002A
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
???????? 2002a
Microsoft Corporation
5.02.0000.2801
c:\windows\system32\ime\tintlgnt\tintsetp.exe
PWRISOVM.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
PowerISO Virtual Drive Manager
PowerISO Computing, Inc.
4.04.0000.0000
c:\program files\poweriso\pwrisovm.exe
SiSPower
Rundll32.exe SiSPower.dll,ModeAgent
Dynamic link library for setting Power Scheme
Silicon Integrated Systems Corporation
6.14.0010.3820
c:\windows\system32\sispower.dll
RTHDCPL
RTHDCPL.EXE
Realtek HD Audio Control Panel
Realtek Semiconductor Corp.
2.01.0004.0009
c:\windows\rthdcpl.exe
Alcmtr
ALCMTR.EXE
Realtek Azalia Audio - Event Monitor
Realtek Semiconductor Corp.
1.06.0000.0002
c:\windows\alcmtr.exe
SMSERIAL
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
Application executable file
Motorola Inc.
6.12.0005.0000
c:\program files\motorola\smserial\sm56hlpr.exe
SynTPEnh
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Synaptics TouchPad Enhancements
Synaptics, Inc.
9.02.0005.0000
c:\program files\synaptics\syntp\syntpenh.exe
TouchPadHotKey
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
4.00.0006.0000
c:\program files\fsc\touchpad hotkey utility\touchpad_hotkey.exe
nod32kui
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
NOD32 Control Center GUI
Eset
2.70.0039.0000
c:\program files\eset\nod32kui.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
REALTEK RTL8187 Wireless LAN Utility.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk
RtWLan ( For Win2K/XP ) Application
Realtek Semiconductor Corp.
402.1190.0801.2006
c:\program files\realtek rtl8187 wireless lan driver and utility\rtwlan.exe
Utility Tray.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
SiS Compatible Super VGA Tray Application
Silicon Integrated Systems Corporation
0.00.0000.3820
c:\windows\system32\sistray.exe
WirelessSelector.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WirelessSelector.lnk
ITE Tech Inc.
1.00.0001.0006
c:\program files\fsc\wireless utility\wirelessselector.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe
CTF Loader
Microsoft Corporation
5.01.2600.2180
c:\windows\system32\ctfmon.exe
Rainlendar2
C:\Program Files\Rainlendar2\Rainlendar2.exe
Rainlendar2
2.02.0000.0000
c:\program files\rainlendar2\rainlendar2.exe
.
.
----------- End Report ---------------
