 HJT - ganna, Need help |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jun 12 2005, 11:40 AM
Post
#1
|
|
 Member  Group: Members Posts: 58 Joined: 26-May 05 Member No.: 21,452  |
I ran MANY antivirus, anti spyware programs....Spybot S&D came up with some cookies which I deleted and it seemed to be fine again today until the blue screen came up...this time it took about 8 hrs for it to appear. I was searching for any funny processes in task manager & I found these 1. rundl32.exe, explorer.exe (they seem to be the same thing) 2. hpotddll.exe 3. crss.exe However, none of the av or antispyware programs managed to find them...could it be these that are causing my problems? Thanks in advance & here's my hijackthislog: Logfile of HijackThis v1.99.1 Scan saved at 18:30:26, on 12/06/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe C:\WINDOWS\System32\nvraidservice.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Ares\Ares.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onvol.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onvol.net/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -------------------- It's great being an anorak
|
 |
 
|
|
Jun 13 2005, 11:34 AM
Post
#2
|
|
 Guru at being a Newbie Group: HJT Team Posts: 5,718 Joined: 8-April 04 Member No.: 96 |
Hi ganna,
crss.exe is a known malware file and the rundl32.exe, explorer.exe is suspect. Strange that nothing is showing up in the HijackThis log. The hpotddll.exe appears to be asociated with HP Digital Imaging drivers and something seems to be going on with them so that users are experiencing memory dumps. Haven't got a handle on exactly what, but let me research it some more and we will try to figure that out after dealing with whatever malware issues you might have. Some more information by doing the following may help with both. I would like to see a list of modules for each process by means of a special AdAware logfile. If you already have AdAware SE 1.05 installed, we will use that to save time as the program has just been upgraded to v 1.06. If you need to download it, please use this link: http://fileforum.betanews.com/detail/Adawa...nal/965718306/1 And then do the following:  A. Please follow the instructions in the Ad-Aware Tutorial to download, update and configure AdAware. B. Change the configuration to the following options:Advanced button>Logfile detail level>disable Include negligible objects information. Tweak button: Scanning Engine Disable Unload recognized processes & modules during scan Log FilesEnable Include module list in log file. Click Proceed then scan with AdAware. When scan is complete, click Show Logfile button>right click and choose Select All> right click and choose Copy to Clipboard> paste the log into Notepad or your Word Procesor of choice and save this file. Then paste the contents in your next reply to this thread. Include also a fresh HijackThis log. -------------------- If I have helped you, please consider a donation in memory of my cousin Matthew, lost to leukemia August 29, 2008 at the age of 25. Matt's sister, Marla, and his wife, Erin (who he had newly wed), are raising money to fight such blood diseases.
Marla's Site Erin's Site |
|
|
|
|
Jun 13 2005, 12:39 PM
Post
#3
|
|
|
Member Group: Members Posts: 58 Joined: 26-May 05 Member No.: 21,452 |
Thanks alot for your help btw!!
Well I did as you said...should I delete the objects AdAware found? (slightly silly question I realise) OK then here is the AdAware log Ad-Aware SE Build 1.06r1 Logfile Created on:13 June 2005 19:16:22 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R49 31.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):31 total references Tracking Cookie(TAC index:3):13 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include module list in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 13-06-2005 19:16:22 - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 444 ThreadCreationTime : 13-06-2005 16:30:17 BasePriority : Normal Scanning Module:\SystemRoot\System32\smss.exe... Scanning Module:C:\WINDOWS\system32\ntdll.dll... #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 660 ThreadCreationTime : 13-06-2005 16:30:19 BasePriority : Normal Scanning Module:\??\C:\WINDOWS\system32\csrss.exe... Scanning Module:C:\WINDOWS\system32\CSRSRV.dll... Scanning Module:C:\WINDOWS\system32\basesrv.dll... Scanning Module:C:\WINDOWS\system32\winsrv.dll... Scanning Module:C:\WINDOWS\system32\GDI32.dll... Scanning Module:C:\WINDOWS\system32\KERNEL32.dll... Scanning Module:C:\WINDOWS\system32\USER32.dll... Scanning Module:C:\WINDOWS\system32\sxs.dll... Scanning Module:C:\WINDOWS\system32\ADVAPI32.dll... Scanning Module:C:\WINDOWS\system32\RPCRT4.dll... Scanning Module:C:\WINDOWS\system32\Apphelp.dll... Scanning Module:C:\WINDOWS\system32\VERSION.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\offguard.dll... Scanning Module:C:\WINDOWS\system32\OLEAUT32.dll... Scanning Module:C:\WINDOWS\system32\msvcrt.dll... Scanning Module:C:\WINDOWS\system32\ole32.dll... #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 684 ThreadCreationTime : 13-06-2005 16:30:20 BasePriority : High Scanning Module:\??\C:\WINDOWS\system32\winlogon.exe... Scanning Module:C:\WINDOWS\system32\AUTHZ.dll... Scanning Module:C:\WINDOWS\system32\CRYPT32.dll... Scanning Module:C:\WINDOWS\system32\MSASN1.dll... Scanning Module:C:\WINDOWS\system32\NDdeApi.dll... Scanning Module:C:\WINDOWS\system32\PROFMAP.dll... Scanning Module:C:\WINDOWS\system32\NETAPI32.dll... Scanning Module:C:\WINDOWS\system32\USERENV.dll... Scanning Module:C:\WINDOWS\system32\PSAPI.DLL... Scanning Module:C:\WINDOWS\system32\REGAPI.dll... Scanning Module:C:\WINDOWS\system32\Secur32.dll... Scanning Module:C:\WINDOWS\system32\SETUPAPI.dll... Scanning Module:C:\WINDOWS\system32\WINSTA.dll... Scanning Module:C:\WINDOWS\system32\WINTRUST.dll... Scanning Module:C:\WINDOWS\system32\IMAGEHLP.dll... Scanning Module:C:\WINDOWS\system32\WS2_32.dll... Scanning Module:C:\WINDOWS\system32\WS2HELP.dll... Scanning Module:C:\WINDOWS\system32\MSGINA.dll... Scanning Module:C:\WINDOWS\system32\SHELL32.dll... Scanning Module:C:\WINDOWS\system32\SHLWAPI.dll... Scanning Module:C:\WINDOWS\system32\COMCTL32.dll... Scanning Module:C:\WINDOWS\system32\ODBC32.dll... Scanning Module:C:\WINDOWS\system32\comdlg32.dll... Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll... Scanning Module:C:\WINDOWS\system32\odbcint.dll... Scanning Module:C:\WINDOWS\system32\SHSVCS.dll... Scanning Module:C:\WINDOWS\system32\sfc.dll... Scanning Module:C:\WINDOWS\system32\sfc_os.dll... Scanning Module:C:\WINDOWS\system32\WINSCARD.DLL... Scanning Module:C:\WINDOWS\system32\WTSAPI32.dll... Scanning Module:C:\WINDOWS\system32\WINMM.dll... Scanning Module:C:\WINDOWS\system32\uxtheme.dll... Scanning Module:C:\WINDOWS\system32\cscdll.dll... Scanning Module:C:\WINDOWS\system32\WlNotify.dll... Scanning Module:C:\WINDOWS\system32\WINSPOOL.DRV... Scanning Module:C:\WINDOWS\system32\MPR.dll... Scanning Module:C:\WINDOWS\system32\rsaenh.dll... Scanning Module:C:\WINDOWS\system32\SAMLIB.dll... Scanning Module:C:\WINDOWS\system32\cscui.dll... Scanning Module:C:\WINDOWS\system32\msv1_0.dll... Scanning Module:C:\WINDOWS\system32\iphlpapi.dll... Scanning Module:C:\WINDOWS\system32\xpsp2res.dll... Scanning Module:C:\WINDOWS\system32\NTMARTA.DLL... Scanning Module:C:\WINDOWS\system32\WLDAP32.dll... Scanning Module:C:\WINDOWS\system32\wdmaud.drv... Scanning Module:C:\WINDOWS\system32\msacm32.drv... Scanning Module:C:\WINDOWS\system32\MSACM32.dll... Scanning Module:C:\WINDOWS\system32\midimap.dll... Scanning Module:C:\WINDOWS\system32\COMRes.dll... Scanning Module:C:\WINDOWS\system32\CLBCATQ.DLL... #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 732 ThreadCreationTime : 13-06-2005 16:30:22 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe Scanning Module:C:\WINDOWS\system32\services.exe... Scanning Module:C:\WINDOWS\system32\SCESRV.dll... Scanning Module:C:\WINDOWS\system32\umpnpmgr.dll... Scanning Module:C:\WINDOWS\system32\NCObjAPI.DLL... Scanning Module:C:\WINDOWS\system32\MSVCP60.dll... Scanning Module:C:\WINDOWS\system32\ShimEng.dll... Scanning Module:C:\WINDOWS\AppPatch\AcGenral.DLL... Scanning Module:C:\WINDOWS\system32\eventlog.dll... #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 744 ThreadCreationTime : 13-06-2005 16:30:22 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe Scanning Module:C:\WINDOWS\system32\lsass.exe... Scanning Module:C:\WINDOWS\system32\LSASRV.dll... Scanning Module:C:\WINDOWS\system32\NTDSAPI.dll... Scanning Module:C:\WINDOWS\system32\DNSAPI.dll... Scanning Module:C:\WINDOWS\system32\SAMSRV.dll... Scanning Module:C:\WINDOWS\system32\cryptdll.dll... Scanning Module:C:\WINDOWS\system32\msprivs.dll... Scanning Module:C:\WINDOWS\system32\kerberos.dll... Scanning Module:C:\WINDOWS\system32\netlogon.dll... Scanning Module:C:\WINDOWS\system32\w32time.dll... Scanning Module:C:\WINDOWS\system32\schannel.dll... Scanning Module:C:\WINDOWS\system32\wdigest.dll... Scanning Module:C:\WINDOWS\system32\scecli.dll... Scanning Module:C:\WINDOWS\system32\ipsecsvc.dll... Scanning Module:C:\WINDOWS\system32\oakley.DLL... Scanning Module:C:\WINDOWS\system32\WINIPSEC.DLL... Scanning Module:C:\WINDOWS\system32\mswsock.dll... Scanning Module:C:\WINDOWS\system32\hnetcfg.dll... Scanning Module:C:\WINDOWS\System32\wshtcpip.dll... Scanning Module:C:\WINDOWS\system32\pstorsvc.dll... Scanning Module:C:\WINDOWS\system32\psbase.dll... Scanning Module:C:\WINDOWS\system32\dssenh.dll... #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 888 ThreadCreationTime : 13-06-2005 16:30:25 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:C:\WINDOWS\system32\svchost.exe... Scanning Module:c:\windows\system32\rpcss.dll... Scanning Module:C:\WINDOWS\system32\msi.dll... Scanning Module:c:\windows\system32\termsrv.dll... Scanning Module:c:\windows\system32\ICAAPI.dll... Scanning Module:c:\windows\system32\mstlsapi.dll... Scanning Module:c:\windows\system32\ACTIVEDS.dll... Scanning Module:c:\windows\system32\adsldpc.dll... Scanning Module:c:\windows\system32\ATL.DLL... #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 984 ThreadCreationTime : 13-06-2005 16:30:27 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:C:\WINDOWS\System32\winrnr.dll... Scanning Module:C:\WINDOWS\system32\rasadhlp.dll... #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1096 ThreadCreationTime : 13-06-2005 16:30:27 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:c:\windows\system32\dhcpcsvc.dll... Scanning Module:c:\windows\system32\wzcsvc.dll... Scanning Module:c:\windows\system32\rtutils.dll... Scanning Module:c:\windows\system32\WMI.dll... Scanning Module:c:\windows\system32\ESENT.dll... Scanning Module:C:\WINDOWS\System32\rastls.dll... Scanning Module:C:\WINDOWS\system32\CRYPTUI.dll... Scanning Module:C:\WINDOWS\system32\WININET.dll... Scanning Module:C:\WINDOWS\System32\MPRAPI.dll... Scanning Module:C:\WINDOWS\System32\RASAPI32.dll... Scanning Module:C:\WINDOWS\System32\rasman.dll... Scanning Module:C:\WINDOWS\System32\TAPI32.dll... Scanning Module:C:\WINDOWS\System32\raschap.dll... Scanning Module:c:\windows\system32\schedsvc.dll... Scanning Module:C:\WINDOWS\System32\MSIDLE.DLL... Scanning Module:c:\windows\system32\audiosrv.dll... Scanning Module:c:\windows\system32\wkssvc.dll... Scanning Module:c:\windows\system32\cryptsvc.dll... Scanning Module:c:\windows\system32\certcli.dll... Scanning Module:c:\windows\pchealth\helpctr\binaries\pchsvc.dll... Scanning Module:c:\windows\system32\es.dll... Scanning Module:c:\windows\system32\ersvc.dll... Scanning Module:c:\windows\system32\dmserver.dll... Scanning Module:c:\windows\system32\srvsvc.dll... Scanning Module:c:\windows\system32\netman.dll... Scanning Module:c:\windows\system32\netshell.dll... Scanning Module:c:\windows\system32\credui.dll... Scanning Module:c:\windows\system32\WZCSAPI.DLL... Scanning Module:C:\WINDOWS\system32\comsvcs.dll... Scanning Module:C:\WINDOWS\system32\MTXCLU.DLL... Scanning Module:C:\WINDOWS\system32\WSOCK32.dll... Scanning Module:C:\WINDOWS\system32\colbact.DLL... Scanning Module:C:\WINDOWS\System32\CLUSAPI.DLL... Scanning Module:C:\WINDOWS\System32\RESUTILS.DLL... Scanning Module:c:\windows\system32\seclogon.dll... Scanning Module:c:\windows\system32\sens.dll... Scanning Module:c:\windows\system32\srsvc.dll... Scanning Module:c:\windows\system32\POWRPROF.dll... Scanning Module:c:\windows\system32\browser.dll... Scanning Module:c:\windows\system32\wuauserv.dll... Scanning Module:C:\WINDOWS\system32\wuaueng.dll... Scanning Module:C:\WINDOWS\System32\ADVPACK.dll... Scanning Module:C:\WINDOWS\System32\SHFOLDER.dll... Scanning Module:C:\WINDOWS\System32\WINHTTP.dll... Scanning Module:C:\WINDOWS\System32\Cabinet.dll... Scanning Module:C:\WINDOWS\System32\mspatcha.dll... Scanning Module:c:\windows\system32\wbem\wmisvc.dll... Scanning Module:C:\WINDOWS\system32\VSSAPI.DLL... Scanning Module:c:\windows\system32\trkwks.dll... Scanning Module:C:\WINDOWS\System32\upnp.dll... Scanning Module:C:\WINDOWS\System32\SSDPAPI.dll... Scanning Module:c:\windows\system32\ipnathlp.dll... Scanning Module:c:\windows\system32\wscsvc.dll... Scanning Module:C:\WINDOWS\System32\wbem\wbemcomn.dll... Scanning Module:C:\WINDOWS\System32\Wbem\wbemcore.dll... Scanning Module:C:\WINDOWS\System32\Wbem\esscli.dll... Scanning Module:C:\WINDOWS\System32\Wbem\FastProx.dll... Scanning Module:C:\WINDOWS\System32\wbem\wmiutils.dll... Scanning Module:C:\WINDOWS\System32\wbem\repdrvfs.dll... Scanning Module:C:\WINDOWS\System32\wbem\wmiprvsd.dll... Scanning Module:C:\WINDOWS\System32\netcfgx.dll... Scanning Module:C:\WINDOWS\System32\wbem\wbemess.dll... Scanning Module:C:\WINDOWS\System32\rasmans.dll... Scanning Module:c:\windows\system32\tapisrv.dll... Scanning Module:C:\WINDOWS\System32\rastapi.dll... Scanning Module:C:\WINDOWS\System32\unimdm.tsp... Scanning Module:C:\WINDOWS\System32\uniplat.dll... Scanning Module:C:\WINDOWS\System32\kmddsp.tsp... Scanning Module:C:\WINDOWS\System32\ndptsp.tsp... Scanning Module:C:\WINDOWS\System32\ipconf.tsp... Scanning Module:C:\WINDOWS\System32\h323.tsp... Scanning Module:C:\WINDOWS\System32\hidphone.tsp... Scanning Module:C:\WINDOWS\System32\HID.DLL... Scanning Module:C:\WINDOWS\System32\rasppp.dll... Scanning Module:C:\WINDOWS\System32\ntlsapi.dll... Scanning Module:C:\WINDOWS\System32\wbem\ncprov.dll... Scanning Module:C:\WINDOWS\System32\RASDLG.dll... Scanning Module:c:\windows\system32\qmgr.dll... #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1188 ThreadCreationTime : 13-06-2005 16:30:27 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:c:\windows\system32\dnsrslvr.dll... #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1316 ThreadCreationTime : 13-06-2005 16:30:28 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:c:\windows\system32\lmhsvc.dll... Scanning Module:c:\windows\system32\webclnt.dll... Scanning Module:C:\WINDOWS\system32\urlmon.dll... Scanning Module:c:\windows\system32\regsvc.dll... Scanning Module:c:\windows\system32\ssdpsrv.dll... #:11 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1540 ThreadCreationTime : 13-06-2005 16:30:30 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE Scanning Module:C:\WINDOWS\Explorer.EXE... Scanning Module:C:\WINDOWS\system32\BROWSEUI.dll... Scanning Module:C:\WINDOWS\system32\SHDOCVW.dll... Scanning Module:C:\WINDOWS\System32\themeui.dll... Scanning Module:C:\WINDOWS\System32\MSIMG32.dll... Scanning Module:C:\WINDOWS\System32\msutb.dll... Scanning Module:C:\WINDOWS\System32\MSCTF.dll... Scanning Module:C:\WINDOWS\system32\LINKINFO.dll... Scanning Module:C:\WINDOWS\system32\ntshrui.dll... Scanning Module:C:\Program Files\Microsoft AntiSpyware\shellextension.dll... Scanning Module:C:\WINDOWS\System32\webcheck.dll... Scanning Module:C:\WINDOWS\System32\stobject.dll... Scanning Module:C:\WINDOWS\System32\BatMeter.dll... Scanning Module:C:\WINDOWS\system32\mslbui.dll... Scanning Module:C:\WINDOWS\system32\browselc.dll... Scanning Module:C:\WINDOWS\system32\DSOUND.dll... Scanning Module:C:\WINDOWS\system32\DUSER.dll... Scanning Module:C:\WINDOWS\system32\MLANG.dll... Scanning Module:C:\WINDOWS\System32\drprov.dll... Scanning Module:C:\WINDOWS\System32\ntlanman.dll... Scanning Module:C:\WINDOWS\System32\NETUI0.dll... Scanning Module:C:\WINDOWS\System32\NETUI1.dll... Scanning Module:C:\WINDOWS\System32\NETRAP.dll... Scanning Module:C:\WINDOWS\System32\davclnt.dll... Scanning Module:C:\WINDOWS\system32\shdoclc.dll... Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll... Scanning Module:C:\WINDOWS\System32\mydocs.dll... Scanning Module:C:\WINDOWS\system32\printui.dll... Scanning Module:C:\WINDOWS\system32\CFGMGR32.dll... Scanning Module:C:\PROGRA~1\WINZIP\WZSHLSTB.DLL... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\ShellEx.dll... Scanning Module:C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll... Scanning Module:C:\WINDOWS\system32\MFC42.DLL... Scanning Module:C:\WINDOWS\system32\xpsp1res.dll... #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1596 ThreadCreationTime : 13-06-2005 16:30:31 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe Scanning Module:C:\WINDOWS\system32\spoolsv.exe... Scanning Module:C:\WINDOWS\system32\SPOOLSS.DLL... Scanning Module:C:\WINDOWS\system32\localspl.dll... Scanning Module:C:\WINDOWS\System32\AdobePDF.dll... Scanning Module:C:\Program Files\Adobe\Acrobat 4.0\Distillr\adistres.dll... Scanning Module:C:\WINDOWS\system32\cnbjmon.dll... Scanning Module:C:\WINDOWS\system32\hpzsnt07.dll... Scanning Module:C:\WINDOWS\system32\mdimon.dll... Scanning Module:C:\WINDOWS\system32\pjlmon.dll... Scanning Module:C:\WINDOWS\system32\tcpmon.dll... Scanning Module:C:\WINDOWS\system32\usbmon.dll... Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll... Scanning Module:C:\WINDOWS\system32\win32spl.dll... Scanning Module:C:\WINDOWS\system32\inetpp.dll... Scanning Module:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzntp07.dll... Scanning Module:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku07.dll... #:13 [gcasserv.exe] FilePath : C:\Program Files\Microsoft AntiSpyware\ ProcessID : 1796 ThreadCreationTime : 13-06-2005 16:30:35 BasePriority : Idle FileVersion : 1.00.0509 ProductVersion : 1.00.0509 ProductName : Microsoft AntiSpyware (Beta 1) CompanyName : Microsoft Corporation FileDescription : Microsoft AntiSpyware Service InternalName : gcasServ LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation. OriginalFilename : gcasServ.exe Scanning Module:C:\Program Files\Microsoft AntiSpyware\gcasServ.exe... Scanning Module:C:\WINDOWS\system32\MSVBVM60.DLL... Scanning Module:C:\Program Files\Microsoft AntiSpyware\gcAntiSpywareLibrary.dll... Scanning Module:C:\WINDOWS\system32\sensapi.dll... #:14 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ProcessID : 1804 ThreadCreationTime : 13-06-2005 16:30:35 BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe Scanning Module:C:\Program Files\QuickTime\qttask.exe... #:15 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 1812 ThreadCreationTime : 13-06-2005 16:30:35 BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe Scanning Module:C:\Program Files\iTunes\iTunesHelper.exe... Scanning Module:C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL... Scanning Module:C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL... #:16 [kav.exe] FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\ ProcessID : 1820 ThreadCreationTime : 13-06-2005 16:30:35 BasePriority : Normal FileVersion : 5.0.20.0 ProductVersion : 5.0.20.0 ProductName : Kaspersky Anti-Virus Personal Pro 5.0 CompanyName : Kaspersky Lab FileDescription : Personal Pro Tray GUI Component InternalName : KAV LegalCopyright : Copyright © Kaspersky Lab 1996-2004. LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab. OriginalFilename : KAV.EXE Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\KCAStub.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kltrace.dll... Scanning Module:C:\WINDOWS\system32\MSVCP61.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\klcsc.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\FSSync.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\qbstorage.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\pr_remote.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\prloader.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\prkernel.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\prstring.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\report.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\nfio.ppl... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavploc.dll... Scanning Module:C:\WINDOWS\System32\msxml3.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\klsecur.dll... #:17 [nvraidservice.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1844 ThreadCreationTime : 13-06-2005 16:30:36 BasePriority : Normal FileVersion : 1.0.1 ProductVersion : 1.0.1 ProductName : NVIDIA® NVRAID CompanyName : NVIDIA Corporation FileDescription : Raid Service U.S. English Resources InternalName : NvRaidServiceENU.dll LegalCopyright : Copyright© NVIDIA Corporation 2000-2003. LegalTrademarks : NVIDIA® is a registered trademark of NVIDIA Corporation. OriginalFilename : NvRaidServiceENU.dll Scanning Module:C:\WINDOWS\System32\nvraidservice.exe... Scanning Module:C:\WINDOWS\System32\wbem\wbemprox.dll... Scanning Module:C:\WINDOWS\System32\wbem\wbemsvc.dll... Scanning Module:C:\WINDOWS\System32\NvRaidSvENU.dll... #:18 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 1852 ThreadCreationTime : 13-06-2005 16:30:36 BasePriority : Normal FileVersion : 5.1.0.36 ProductVersion : 5.1.0.36 ProductName : Realtek Sound Manager CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Sound Manager InternalName : ALSMTray LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp. OriginalFilename : ALSMTray.exe Comments : Realtek AC97 Audio Sound Manager Scanning Module:C:\WINDOWS\SOUNDMAN.EXE... #:19 [jusched.exe] FilePath : C:\Program Files\Java\jre1.5.0_03\bin\ ProcessID : 1880 ThreadCreationTime : 13-06-2005 16:30:36 BasePriority : Normal Scanning Module:C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe... #:20 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1892 ThreadCreationTime : 13-06-2005 16:30:36 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE Scanning Module:C:\WINDOWS\system32\ctfmon.exe... #:21 [gcasdtserv.exe] FilePath : C:\Program Files\Microsoft AntiSpyware\ ProcessID : 2028 ThreadCreationTime : 13-06-2005 16:30:38 BasePriority : Normal FileVersion : 1.00.0509 ProductVersion : 1.00.0509 ProductName : Microsoft AntiSpyware (Beta 1) CompanyName : Microsoft Corporation FileDescription : Microsoft AntiSpyware Data Service InternalName : gcasDtServ LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation. OriginalFilename : gcasDtServ.exe Scanning Module:C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe... Scanning Module:C:\WINDOWS\System32\GCCollection.dll... Scanning Module:C:\WINDOWS\system32\hashlib.dll... #:22 [ares.exe] FilePath : C:\Program Files\Ares\ ProcessID : 200 ThreadCreationTime : 13-06-2005 16:30:38 BasePriority : Normal FileVersion : 1.8.1.2962 ProductVersion : 1.8.1 ProductName : Ares for windows CompanyName : Ares Development Group FileDescription : Ares InternalName : Ares OriginalFilename : ARES.EXE Comments : http://www.aresgalaxy.org Scanning Module:C:\Program Files\Ares\Ares.exe... Scanning Module:C:\WINDOWS\system32\ddraw.dll... Scanning Module:C:\WINDOWS\system32\DCIMAN32.dll... Scanning Module:C:\WINDOWS\system32\quartz.dll... Scanning Module:C:\WINDOWS\system32\oledlg.dll... Scanning Module:C:\WINDOWS\system32\olepro32.dll... Scanning Module:C:\WINDOWS\system32\RICHED20.DLL... Scanning Module:C:\WINDOWS\System32\mshtml.dll... Scanning Module:C:\WINDOWS\System32\msls31.dll... Scanning Module:C:\WINDOWS\System32\msimtf.dll... Scanning Module:C:\WINDOWS\ime\sptip.dll... Scanning Module:C:\WINDOWS\system32\OLEACC.dll... Scanning Module:C:\WINDOWS\IME\SPGRMR.DLL... Scanning Module:C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL... Scanning Module:C:\WINDOWS\System32\actxprxy.dll... #:23 [kavmm.exe] FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\ ProcessID : 204 ThreadCreationTime : 13-06-2005 16:30:38 BasePriority : Normal FileVersion : 5.0.20.0 ProductVersion : 5.0.20.0 ProductName : Kaspersky Anti-Virus Personal Pro 5.0 CompanyName : Kaspersky Lab InternalName : KAVMM LegalCopyright : Copyright © Kaspersky Lab 1996-2004. LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab. OriginalFilename : KAVMM.EXE Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\klcsa.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavbl.dll... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\xorio_ex.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\startups.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\pr_server.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\pr_client.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\l_llio.ppl... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\avp_iont.dll... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\avpmgr.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\wdiskio.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\avlib.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\arj.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\arjpack.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\avp1.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\avpgs.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\btdisk.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\buffer.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\cab.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\deflate.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\dmap.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\dtreg.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\explode.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\hashcont.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\hashmd5.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\hccmp.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\ichk2.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\ichstrms.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\inflate.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\klonacci.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\klondemi.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\mailmsg.ppl... Scanning Module:C:\WINDOWS\system32\MAPI32.dll... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\mchk.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\mdb.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\mdmap.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\memmodsc.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\memscan.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\minizip.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\msoe.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\ntfsstrm.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\passdmap.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\prseqio.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\prutil.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\rar.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\sfdb.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\stdcomp.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\stored.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\superio.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\tempfile.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\unarj.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\uniarc.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\unlzx.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\unreduce.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\unshrink.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\unstored.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\winreg.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\xorio.ppl... Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\zcompare.ppl... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\AVS.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\CheckTool.DLL... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\xmlparse.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\xmltok.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavbloc.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\QBackup.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavblp.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\OnDemand.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\OnAccess.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\mcproxy.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\mailapplayer.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\scrch_ag.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\MchkBL.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\SubjPlugin.dll... #:24 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\ ProcessID : 344 ThreadCreationTime : 13-06-2005 16:30:43 BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe Scanning Module:C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE... #:25 [teatimer.exe] FilePath : C:\Program Files\Spybot - Search & Destroy\ ProcessID : 568 ThreadCreationTime : 13-06-2005 16:30:46 BasePriority : Idle FileVersion : 1, 4, 0, 2 ProductVersion : 1, 4, 0, 3 ProductName : Spybot - Search & Destroy CompanyName : Safer Networking Limited FileDescription : System settings protector InternalName : TeaTimer LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten. LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen. OriginalFilename : TeaTimer.exe Comments : Schützt Systemeinstellungen vor ungewollten Änderungen. Scanning Module:C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe... Scanning Module:C:\WINDOWS\system32\hhctrl.ocx... Scanning Module:C:\Program Files\Spybot - Search & Destroy\advcheck.dll... #:26 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 652 ThreadCreationTime : 13-06-2005 16:30:48 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:c:\windows\system32\wiaservc.dll... Scanning Module:c:\windows\system32\mscms.dll... Scanning Module:C:\WINDOWS\System32\sti.dll... Scanning Module:C:\WINDOWS\System32\hpgwiamd.dll... Scanning Module:C:\WINDOWS\System32\hpotscl.dll... #:27 [acrotray.exe] FilePath : C:\Program Files\Adobe\Acrobat 6.0\Distillr\ ProcessID : 1064 ThreadCreationTime : 13-06-2005 16:30:50 BasePriority : Normal FileVersion : 6.0.0.2003051500 ProductVersion : 6.0.0.0 ProductName : AcroTray - Adobe Acrobat Distiller helper application. CompanyName : Adobe Systems Inc. FileDescription : AcroTray InternalName : AcroTray LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved. OriginalFilename : AcroTray.exe Scanning Module:C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe... #:28 [hpohmr08.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\ ProcessID : 1076 ThreadCreationTime : 13-06-2005 16:30:50 BasePriority : Normal FileVersion : 4.2.0.020 ProductVersion : 2.4.1.020 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Device Objects InternalName : HPOHMR08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOHMR08.EXE Comments : HP OfficeJet <Homer> Series COM Device Objects Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe... Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll... Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvb08.dll... Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpocxi08.dll... Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcob08.dll... Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodio08.dll... Scanning Module:C:\WINDOWS\system32\hpzidr12.dll... Scanning Module:C:\WINDOWS\system32\hpzipr12.dll... #:29 [hpotdd01.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\ ProcessID : 1088 ThreadCreationTime : 13-06-2005 16:30:50 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Hewlett-Packard hpotdd01 CompanyName : Hewlett-Packard FileDescription : hpotdd01 InternalName : hpotdd01 LegalCopyright : Copyright © 2002 OriginalFilename : hpotdd01.exe Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe... Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll... #:30 [wzqkpick.exe] FilePath : C:\Program Files\WinZip\ ProcessID : 1152 ThreadCreationTime : 13-06-2005 16:30:51 BasePriority : Normal FileVersion : 1.0 (32-bit) ProductVersion : 9.0 (6028) ProductName : WinZip CompanyName : WinZip Computing, Inc. FileDescription : WinZip Executable InternalName : WZQKPICK.EXE LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc OriginalFilename : WZQKPICK.EXE Comments : StringFileInfo: U.S. English Scanning Module:C:\Program Files\WinZip\WZQKPICK.EXE... #:31 [hpoevm08.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\ ProcessID : 1440 ThreadCreationTime : 13-06-2005 16:30:53 BasePriority : Normal FileVersion : 4.2.0.020 ProductVersion : 2.4.1.020 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Event Manager InternalName : HPOEVM08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOEVM08.EXE Comments : HP OfficeJet COM Event Manager Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe... #:32 [ipodservice.exe] FilePath : C:\Program Files\iPod\bin\ ProcessID : 972 ThreadCreationTime : 13-06-2005 16:30:56 BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe Scanning Module:C:\Program Files\iPod\bin\iPodService.exe... Scanning Module:C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL... Scanning Module:C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL... #:33 [hposts08.exe] FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\ ProcessID : 2452 ThreadCreationTime : 13-06-2005 16:30:58 BasePriority : Normal FileVersion : 4.2.0.020 ProductVersion : 2.4.1.020 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet Status InternalName : HPOSTS08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOSTS08.EXE Comments : HP OfficeJet Status Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe... Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtap08.dll... Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.rsc... #:34 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2628 ThreadCreationTime : 13-06-2005 16:31:00 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe Scanning Module:C:\WINDOWS\System32\alg.exe... #:35 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 3212 ThreadCreationTime : 13-06-2005 17:06:11 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE Scanning Module:C:\Program Files\Internet Explorer\iexplore.exe... Scanning Module:C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll... Scanning Module:C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ATL.DLL... Scanning Module:C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll... Scanning Module:C:\Program Files\Spybot - Search & Destroy\SDHelper.dll... Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\scr_ch_pg.dll... Scanning Module:C:\WINDOWS\System32\jscript.dll... Scanning Module:C:\Program Files\Microsoft Office\OFFICE11\msohev.dll... Scanning Module:C:\WINDOWS\System32\iepeers.dll... Scanning Module:C:\WINDOWS\System32\vbscript.dll... Scanning Module:C:\WINDOWS\System32\macromed\flash\Flash.ocx... Scanning Module:C:\WINDOWS\System32\ddrawex.dll... Scanning Module:C:\WINDOWS\System32\mshtmled.dll... Scanning Module:C:\WINDOWS\System32\shimgvw.dll... Scanning Module:C:\WINDOWS\System32\dxtrans.dll... Scanning Module:C:\WINDOWS\System32\dxtmsft.dll... #:36 [hpzipm12.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3008 ThreadCreationTime : 13-06-2005 17:09:20 BasePriority : Normal FileVersion : 6, 0, 0, 0 ProductVersion : 6, 0, 0, 0 ProductName : HP PML CompanyName : HP FileDescription : PML Driver InternalName : PmlDrv LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company OriginalFilename : PmlDrv.exe Scanning Module:C:\WINDOWS\System32\HPZipm12.exe... #:37 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 788 ThreadCreationTime : 13-06-2005 17:12:18 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Scanning Module:C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe... Scanning Module:C:\WINDOWS\system32\RICHED32.DLL... Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 31 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 31 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 31 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : jane coates@adtech[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:jane coates@adtech.de/ Tracking Cookie Object Recognized! Type : IECache Entry Data : jane coates@bluestreak[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:jane coates@bluestreak.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : jane coates@centrport[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:jane coates@centrport.net/ Tracking Cookie Object Recognized! Type : IECache Entry Data : jane coates@casalemedia[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:18 Value : Cookie:jane coates@casalemedia.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : jane coates@overture[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookie:jane coates@overture.com/ Tracking Cookie Object Recognized! Type : IECache Entry Data : jane coates@questionmarket[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:8 Value : Cookie -------------------- It's great being an anorak
|
|
|
|
|
Jun 13 2005, 12:57 PM
Post
#4
|
|
|
Member Group: Members Posts: 58 Joined: 26-May 05 Member No.: 21,452 |
Sorry I didn't attach my HijackThis log!
Logfile of HijackThis v1.99.1 Scan saved at 19:37:05, on 13/06/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe C:\WINDOWS\System32\nvraidservice.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\system32\spider.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onvol.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onvol.net/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -------------------- It's great being an anorak
|
|
|
|
|
Jun 14 2005, 12:00 AM
Post
#5
|
|
|
Guru at being a Newbie Group: HJT Team Posts: 5,718 Joined: 8-April 04 Member No.: 96 |
OK, I'm not finding any bad processes running. I think you misspelled the one that had us worried. Could you please go into Task Manager again and check the spelling--csrss.exe is legit and running, crss.exe is a bad file, but there is no sign of it running in either log.
I'm fairly certain the problem you describe is from some misbehaving HP drivers. QUOTE about 2 days ago I was on a website and all of a sudden a blue screen appeared As a wild guess, was that around the time you had visited this website?http://www.drivershq.com/ Looks like a neat service and I may check it out myself, but people are having problems like you describe after updating HP printer and other drivers. You might want to read this thread, especially the resolution at the end: http://forums.scotsnewsletter.com/lofivers...php/t10868.html Before you visit HP's website or tech support to find some pared down drivers, let's try something that has worked before. Go to Start>Run and type in msconfig. Under the startup tab uncheck the following that should be listed as common startup: hp psc 1000 series hpoddt01 Click OK and reboot. Try it out for a while and let me know if the blue screens and such goes away. If not, post back the exact error messages that you may get or any other problems you may have. -------------------- If I have helped you, please consider a donation in memory of my cousin Matthew, lost to leukemia August 29, 2008 at the age of 25. Matt's sister, Marla, and his wife, Erin (who he had newly wed), are raising money to fight such blood diseases.
Marla's Site Erin's Site |
|
|
|