Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT - ganna


  • Please log in to reply
16 replies to this topic

#1 ganna

ganna

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 12 June 2005 - 11:40 AM

Hi there, about 2 days ago I was on a website and all of a sudden a blue screen appeared saying: Beginning dump of physical memory. On restarting after about 15-30 mins the same thing happened again, after restarting again the taskbar was gray (not the normal blue of windows XP) so I shut down & started again and the taskbar was blue again.

I ran MANY antivirus, anti spyware programs....Spybot S&D came up with some cookies which I deleted and it seemed to be fine again today until the blue screen came up...this time it took about 8 hrs for it to appear.

I was searching for any funny processes in task manager & I found these

1. rundl32.exe, explorer.exe (they seem to be the same thing)
2. hpotddll.exe
3. crss.exe

However, none of the av or antispyware programs managed to find them...could it be these that are causing my problems?

Thanks in advance & here's my hijackthislog:

Logfile of HijackThis v1.99.1
Scan saved at 18:30:26, on 12/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onvol.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onvol.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
It's great being an anorak

BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 13 June 2005 - 11:34 AM

Hi ganna,

crss.exe is a known malware file and the rundl32.exe, explorer.exe is suspect. Strange that nothing is showing up in the HijackThis log.

The hpotddll.exe appears to be asociated with HP Digital Imaging drivers and something seems to be going on with them so that users are experiencing memory dumps. Haven't got a handle on exactly what, but let me research it some more and we will try to figure that out after dealing with whatever malware issues you might have.

Some more information by doing the following may help with both.

I would like to see a list of modules for each process by means of a special AdAware logfile. If you already have AdAware SE 1.05 installed, we will use that to save time as the program has just been upgraded to v 1.06. If you need to download it, please use this link:
http://fileforum.betanews.com/detail/Adawa...nal/965718306/1

And then do the following:

:thumbsup: A. Please follow the instructions in the Ad-Aware Tutorial to download, update and configure AdAware.

:flowers: B. Change the configuration to the following options:

Advanced button>Logfile detail level>disable Include negligible objects information.

Tweak button:

:trumpet: Scanning Engine
Disable Unload recognized processes & modules during scan

:inlove: Log Files
Enable Include module list in log file.

Click Proceed then scan with AdAware. When scan is complete, click Show Logfile button>right click and choose Select All> right click and choose Copy to Clipboard> paste the log into Notepad or your Word Procesor of choice and save this file. Then paste the contents in your next reply to this thread.

Include also a fresh HijackThis log.

The thing about people

is they change

when they walk away.--Mipso


#3 ganna

ganna
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 13 June 2005 - 12:39 PM

Thanks alot for your help btw!!

Well I did as you said...should I delete the objects AdAware found? (slightly silly question I realise)

OK then here is the AdAware log


Ad-Aware SE Build 1.06r1
Logfile Created on:13 June 2005 19:16:22
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):31 total references
Tracking Cookie(TAC index:3):13 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include module list in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


13-06-2005 19:16:22 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 444
ThreadCreationTime : 13-06-2005 16:30:17
BasePriority : Normal

Scanning Module:\SystemRoot\System32\smss.exe...
Scanning Module:C:\WINDOWS\system32\ntdll.dll...

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 13-06-2005 16:30:19
BasePriority : Normal

Scanning Module:\??\C:\WINDOWS\system32\csrss.exe...
Scanning Module:C:\WINDOWS\system32\CSRSRV.dll...
Scanning Module:C:\WINDOWS\system32\basesrv.dll...
Scanning Module:C:\WINDOWS\system32\winsrv.dll...
Scanning Module:C:\WINDOWS\system32\GDI32.dll...
Scanning Module:C:\WINDOWS\system32\KERNEL32.dll...
Scanning Module:C:\WINDOWS\system32\USER32.dll...
Scanning Module:C:\WINDOWS\system32\sxs.dll...
Scanning Module:C:\WINDOWS\system32\ADVAPI32.dll...
Scanning Module:C:\WINDOWS\system32\RPCRT4.dll...
Scanning Module:C:\WINDOWS\system32\Apphelp.dll...
Scanning Module:C:\WINDOWS\system32\VERSION.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\offguard.dll...
Scanning Module:C:\WINDOWS\system32\OLEAUT32.dll...
Scanning Module:C:\WINDOWS\system32\msvcrt.dll...
Scanning Module:C:\WINDOWS\system32\ole32.dll...

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 13-06-2005 16:30:20
BasePriority : High

Scanning Module:\??\C:\WINDOWS\system32\winlogon.exe...
Scanning Module:C:\WINDOWS\system32\AUTHZ.dll...
Scanning Module:C:\WINDOWS\system32\CRYPT32.dll...
Scanning Module:C:\WINDOWS\system32\MSASN1.dll...
Scanning Module:C:\WINDOWS\system32\NDdeApi.dll...
Scanning Module:C:\WINDOWS\system32\PROFMAP.dll...
Scanning Module:C:\WINDOWS\system32\NETAPI32.dll...
Scanning Module:C:\WINDOWS\system32\USERENV.dll...
Scanning Module:C:\WINDOWS\system32\PSAPI.DLL...
Scanning Module:C:\WINDOWS\system32\REGAPI.dll...
Scanning Module:C:\WINDOWS\system32\Secur32.dll...
Scanning Module:C:\WINDOWS\system32\SETUPAPI.dll...
Scanning Module:C:\WINDOWS\system32\WINSTA.dll...
Scanning Module:C:\WINDOWS\system32\WINTRUST.dll...
Scanning Module:C:\WINDOWS\system32\IMAGEHLP.dll...
Scanning Module:C:\WINDOWS\system32\WS2_32.dll...
Scanning Module:C:\WINDOWS\system32\WS2HELP.dll...
Scanning Module:C:\WINDOWS\system32\MSGINA.dll...
Scanning Module:C:\WINDOWS\system32\SHELL32.dll...
Scanning Module:C:\WINDOWS\system32\SHLWAPI.dll...
Scanning Module:C:\WINDOWS\system32\COMCTL32.dll...
Scanning Module:C:\WINDOWS\system32\ODBC32.dll...
Scanning Module:C:\WINDOWS\system32\comdlg32.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll...
Scanning Module:C:\WINDOWS\system32\odbcint.dll...
Scanning Module:C:\WINDOWS\system32\SHSVCS.dll...
Scanning Module:C:\WINDOWS\system32\sfc.dll...
Scanning Module:C:\WINDOWS\system32\sfc_os.dll...
Scanning Module:C:\WINDOWS\system32\WINSCARD.DLL...
Scanning Module:C:\WINDOWS\system32\WTSAPI32.dll...
Scanning Module:C:\WINDOWS\system32\WINMM.dll...
Scanning Module:C:\WINDOWS\system32\uxtheme.dll...
Scanning Module:C:\WINDOWS\system32\cscdll.dll...
Scanning Module:C:\WINDOWS\system32\WlNotify.dll...
Scanning Module:C:\WINDOWS\system32\WINSPOOL.DRV...
Scanning Module:C:\WINDOWS\system32\MPR.dll...
Scanning Module:C:\WINDOWS\system32\rsaenh.dll...
Scanning Module:C:\WINDOWS\system32\SAMLIB.dll...
Scanning Module:C:\WINDOWS\system32\cscui.dll...
Scanning Module:C:\WINDOWS\system32\msv1_0.dll...
Scanning Module:C:\WINDOWS\system32\iphlpapi.dll...
Scanning Module:C:\WINDOWS\system32\xpsp2res.dll...
Scanning Module:C:\WINDOWS\system32\NTMARTA.DLL...
Scanning Module:C:\WINDOWS\system32\WLDAP32.dll...
Scanning Module:C:\WINDOWS\system32\wdmaud.drv...
Scanning Module:C:\WINDOWS\system32\msacm32.drv...
Scanning Module:C:\WINDOWS\system32\MSACM32.dll...
Scanning Module:C:\WINDOWS\system32\midimap.dll...
Scanning Module:C:\WINDOWS\system32\COMRes.dll...
Scanning Module:C:\WINDOWS\system32\CLBCATQ.DLL...

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 13-06-2005 16:30:22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
Scanning Module:C:\WINDOWS\system32\services.exe...
Scanning Module:C:\WINDOWS\system32\SCESRV.dll...
Scanning Module:C:\WINDOWS\system32\umpnpmgr.dll...
Scanning Module:C:\WINDOWS\system32\NCObjAPI.DLL...
Scanning Module:C:\WINDOWS\system32\MSVCP60.dll...
Scanning Module:C:\WINDOWS\system32\ShimEng.dll...
Scanning Module:C:\WINDOWS\AppPatch\AcGenral.DLL...
Scanning Module:C:\WINDOWS\system32\eventlog.dll...

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 13-06-2005 16:30:22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
Scanning Module:C:\WINDOWS\system32\lsass.exe...
Scanning Module:C:\WINDOWS\system32\LSASRV.dll...
Scanning Module:C:\WINDOWS\system32\NTDSAPI.dll...
Scanning Module:C:\WINDOWS\system32\DNSAPI.dll...
Scanning Module:C:\WINDOWS\system32\SAMSRV.dll...
Scanning Module:C:\WINDOWS\system32\cryptdll.dll...
Scanning Module:C:\WINDOWS\system32\msprivs.dll...
Scanning Module:C:\WINDOWS\system32\kerberos.dll...
Scanning Module:C:\WINDOWS\system32\netlogon.dll...
Scanning Module:C:\WINDOWS\system32\w32time.dll...
Scanning Module:C:\WINDOWS\system32\schannel.dll...
Scanning Module:C:\WINDOWS\system32\wdigest.dll...
Scanning Module:C:\WINDOWS\system32\scecli.dll...
Scanning Module:C:\WINDOWS\system32\ipsecsvc.dll...
Scanning Module:C:\WINDOWS\system32\oakley.DLL...
Scanning Module:C:\WINDOWS\system32\WINIPSEC.DLL...
Scanning Module:C:\WINDOWS\system32\mswsock.dll...
Scanning Module:C:\WINDOWS\system32\hnetcfg.dll...
Scanning Module:C:\WINDOWS\System32\wshtcpip.dll...
Scanning Module:C:\WINDOWS\system32\pstorsvc.dll...
Scanning Module:C:\WINDOWS\system32\psbase.dll...
Scanning Module:C:\WINDOWS\system32\dssenh.dll...

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 13-06-2005 16:30:25
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\system32\svchost.exe...
Scanning Module:c:\windows\system32\rpcss.dll...
Scanning Module:C:\WINDOWS\system32\msi.dll...
Scanning Module:c:\windows\system32\termsrv.dll...
Scanning Module:c:\windows\system32\ICAAPI.dll...
Scanning Module:c:\windows\system32\mstlsapi.dll...
Scanning Module:c:\windows\system32\ACTIVEDS.dll...
Scanning Module:c:\windows\system32\adsldpc.dll...
Scanning Module:c:\windows\system32\ATL.DLL...

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 984
ThreadCreationTime : 13-06-2005 16:30:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:C:\WINDOWS\System32\winrnr.dll...
Scanning Module:C:\WINDOWS\system32\rasadhlp.dll...

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1096
ThreadCreationTime : 13-06-2005 16:30:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dhcpcsvc.dll...
Scanning Module:c:\windows\system32\wzcsvc.dll...
Scanning Module:c:\windows\system32\rtutils.dll...
Scanning Module:c:\windows\system32\WMI.dll...
Scanning Module:c:\windows\system32\ESENT.dll...
Scanning Module:C:\WINDOWS\System32\rastls.dll...
Scanning Module:C:\WINDOWS\system32\CRYPTUI.dll...
Scanning Module:C:\WINDOWS\system32\WININET.dll...
Scanning Module:C:\WINDOWS\System32\MPRAPI.dll...
Scanning Module:C:\WINDOWS\System32\RASAPI32.dll...
Scanning Module:C:\WINDOWS\System32\rasman.dll...
Scanning Module:C:\WINDOWS\System32\TAPI32.dll...
Scanning Module:C:\WINDOWS\System32\raschap.dll...
Scanning Module:c:\windows\system32\schedsvc.dll...
Scanning Module:C:\WINDOWS\System32\MSIDLE.DLL...
Scanning Module:c:\windows\system32\audiosrv.dll...
Scanning Module:c:\windows\system32\wkssvc.dll...
Scanning Module:c:\windows\system32\cryptsvc.dll...
Scanning Module:c:\windows\system32\certcli.dll...
Scanning Module:c:\windows\pchealth\helpctr\binaries\pchsvc.dll...
Scanning Module:c:\windows\system32\es.dll...
Scanning Module:c:\windows\system32\ersvc.dll...
Scanning Module:c:\windows\system32\dmserver.dll...
Scanning Module:c:\windows\system32\srvsvc.dll...
Scanning Module:c:\windows\system32\netman.dll...
Scanning Module:c:\windows\system32\netshell.dll...
Scanning Module:c:\windows\system32\credui.dll...
Scanning Module:c:\windows\system32\WZCSAPI.DLL...
Scanning Module:C:\WINDOWS\system32\comsvcs.dll...
Scanning Module:C:\WINDOWS\system32\MTXCLU.DLL...
Scanning Module:C:\WINDOWS\system32\WSOCK32.dll...
Scanning Module:C:\WINDOWS\system32\colbact.DLL...
Scanning Module:C:\WINDOWS\System32\CLUSAPI.DLL...
Scanning Module:C:\WINDOWS\System32\RESUTILS.DLL...
Scanning Module:c:\windows\system32\seclogon.dll...
Scanning Module:c:\windows\system32\sens.dll...
Scanning Module:c:\windows\system32\srsvc.dll...
Scanning Module:c:\windows\system32\POWRPROF.dll...
Scanning Module:c:\windows\system32\browser.dll...
Scanning Module:c:\windows\system32\wuauserv.dll...
Scanning Module:C:\WINDOWS\system32\wuaueng.dll...
Scanning Module:C:\WINDOWS\System32\ADVPACK.dll...
Scanning Module:C:\WINDOWS\System32\SHFOLDER.dll...
Scanning Module:C:\WINDOWS\System32\WINHTTP.dll...
Scanning Module:C:\WINDOWS\System32\Cabinet.dll...
Scanning Module:C:\WINDOWS\System32\mspatcha.dll...
Scanning Module:c:\windows\system32\wbem\wmisvc.dll...
Scanning Module:C:\WINDOWS\system32\VSSAPI.DLL...
Scanning Module:c:\windows\system32\trkwks.dll...
Scanning Module:C:\WINDOWS\System32\upnp.dll...
Scanning Module:C:\WINDOWS\System32\SSDPAPI.dll...
Scanning Module:c:\windows\system32\ipnathlp.dll...
Scanning Module:c:\windows\system32\wscsvc.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemcomn.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\wbemcore.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\esscli.dll...
Scanning Module:C:\WINDOWS\System32\Wbem\FastProx.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wmiutils.dll...
Scanning Module:C:\WINDOWS\System32\wbem\repdrvfs.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wmiprvsd.dll...
Scanning Module:C:\WINDOWS\System32\netcfgx.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemess.dll...
Scanning Module:C:\WINDOWS\System32\rasmans.dll...
Scanning Module:c:\windows\system32\tapisrv.dll...
Scanning Module:C:\WINDOWS\System32\rastapi.dll...
Scanning Module:C:\WINDOWS\System32\unimdm.tsp...
Scanning Module:C:\WINDOWS\System32\uniplat.dll...
Scanning Module:C:\WINDOWS\System32\kmddsp.tsp...
Scanning Module:C:\WINDOWS\System32\ndptsp.tsp...
Scanning Module:C:\WINDOWS\System32\ipconf.tsp...
Scanning Module:C:\WINDOWS\System32\h323.tsp...
Scanning Module:C:\WINDOWS\System32\hidphone.tsp...
Scanning Module:C:\WINDOWS\System32\HID.DLL...
Scanning Module:C:\WINDOWS\System32\rasppp.dll...
Scanning Module:C:\WINDOWS\System32\ntlsapi.dll...
Scanning Module:C:\WINDOWS\System32\wbem\ncprov.dll...
Scanning Module:C:\WINDOWS\System32\RASDLG.dll...
Scanning Module:c:\windows\system32\qmgr.dll...

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1188
ThreadCreationTime : 13-06-2005 16:30:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\dnsrslvr.dll...

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1316
ThreadCreationTime : 13-06-2005 16:30:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\lmhsvc.dll...
Scanning Module:c:\windows\system32\webclnt.dll...
Scanning Module:C:\WINDOWS\system32\urlmon.dll...
Scanning Module:c:\windows\system32\regsvc.dll...
Scanning Module:c:\windows\system32\ssdpsrv.dll...

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1540
ThreadCreationTime : 13-06-2005 16:30:30
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Scanning Module:C:\WINDOWS\Explorer.EXE...
Scanning Module:C:\WINDOWS\system32\BROWSEUI.dll...
Scanning Module:C:\WINDOWS\system32\SHDOCVW.dll...
Scanning Module:C:\WINDOWS\System32\themeui.dll...
Scanning Module:C:\WINDOWS\System32\MSIMG32.dll...
Scanning Module:C:\WINDOWS\System32\msutb.dll...
Scanning Module:C:\WINDOWS\System32\MSCTF.dll...
Scanning Module:C:\WINDOWS\system32\LINKINFO.dll...
Scanning Module:C:\WINDOWS\system32\ntshrui.dll...
Scanning Module:C:\Program Files\Microsoft AntiSpyware\shellextension.dll...
Scanning Module:C:\WINDOWS\System32\webcheck.dll...
Scanning Module:C:\WINDOWS\System32\stobject.dll...
Scanning Module:C:\WINDOWS\System32\BatMeter.dll...
Scanning Module:C:\WINDOWS\system32\mslbui.dll...
Scanning Module:C:\WINDOWS\system32\browselc.dll...
Scanning Module:C:\WINDOWS\system32\DSOUND.dll...
Scanning Module:C:\WINDOWS\system32\DUSER.dll...
Scanning Module:C:\WINDOWS\system32\MLANG.dll...
Scanning Module:C:\WINDOWS\System32\drprov.dll...
Scanning Module:C:\WINDOWS\System32\ntlanman.dll...
Scanning Module:C:\WINDOWS\System32\NETUI0.dll...
Scanning Module:C:\WINDOWS\System32\NETUI1.dll...
Scanning Module:C:\WINDOWS\System32\NETRAP.dll...
Scanning Module:C:\WINDOWS\System32\davclnt.dll...
Scanning Module:C:\WINDOWS\system32\shdoclc.dll...
Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll...
Scanning Module:C:\WINDOWS\System32\mydocs.dll...
Scanning Module:C:\WINDOWS\system32\printui.dll...
Scanning Module:C:\WINDOWS\system32\CFGMGR32.dll...
Scanning Module:C:\PROGRA~1\WINZIP\WZSHLSTB.DLL...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\ShellEx.dll...
Scanning Module:C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll...
Scanning Module:C:\WINDOWS\system32\MFC42.DLL...
Scanning Module:C:\WINDOWS\system32\xpsp1res.dll...

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1596
ThreadCreationTime : 13-06-2005 16:30:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Scanning Module:C:\WINDOWS\system32\spoolsv.exe...
Scanning Module:C:\WINDOWS\system32\SPOOLSS.DLL...
Scanning Module:C:\WINDOWS\system32\localspl.dll...
Scanning Module:C:\WINDOWS\System32\AdobePDF.dll...
Scanning Module:C:\Program Files\Adobe\Acrobat 4.0\Distillr\adistres.dll...
Scanning Module:C:\WINDOWS\system32\cnbjmon.dll...
Scanning Module:C:\WINDOWS\system32\hpzsnt07.dll...
Scanning Module:C:\WINDOWS\system32\mdimon.dll...
Scanning Module:C:\WINDOWS\system32\pjlmon.dll...
Scanning Module:C:\WINDOWS\system32\tcpmon.dll...
Scanning Module:C:\WINDOWS\system32\usbmon.dll...
Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll...
Scanning Module:C:\WINDOWS\system32\win32spl.dll...
Scanning Module:C:\WINDOWS\system32\inetpp.dll...
Scanning Module:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzntp07.dll...
Scanning Module:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku07.dll...

#:13 [gcasserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 1796
ThreadCreationTime : 13-06-2005 16:30:35
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe
Scanning Module:C:\Program Files\Microsoft AntiSpyware\gcasServ.exe...
Scanning Module:C:\WINDOWS\system32\MSVBVM60.DLL...
Scanning Module:C:\Program Files\Microsoft AntiSpyware\gcAntiSpywareLibrary.dll...
Scanning Module:C:\WINDOWS\system32\sensapi.dll...

#:14 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1804
ThreadCreationTime : 13-06-2005 16:30:35
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
Scanning Module:C:\Program Files\QuickTime\qttask.exe...

#:15 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1812
ThreadCreationTime : 13-06-2005 16:30:35
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
Scanning Module:C:\Program Files\iTunes\iTunesHelper.exe...
Scanning Module:C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL...
Scanning Module:C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL...

#:16 [kav.exe]
FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\
ProcessID : 1820
ThreadCreationTime : 13-06-2005 16:30:35
BasePriority : Normal
FileVersion : 5.0.20.0
ProductVersion : 5.0.20.0
ProductName : Kaspersky Anti-Virus Personal Pro 5.0
CompanyName : Kaspersky Lab
FileDescription : Personal Pro Tray GUI Component
InternalName : KAV
LegalCopyright : Copyright © Kaspersky Lab 1996-2004.
LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
OriginalFilename : KAV.EXE
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\KCAStub.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kltrace.dll...
Scanning Module:C:\WINDOWS\system32\MSVCP61.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\klcsc.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\FSSync.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\qbstorage.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\pr_remote.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\prloader.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\prkernel.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\prstring.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\report.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\nfio.ppl...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavploc.dll...
Scanning Module:C:\WINDOWS\System32\msxml3.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\klsecur.dll...

#:17 [nvraidservice.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1844
ThreadCreationTime : 13-06-2005 16:30:36
BasePriority : Normal
FileVersion : 1.0.1
ProductVersion : 1.0.1
ProductName : NVIDIA® NVRAID
CompanyName : NVIDIA Corporation
FileDescription : Raid Service U.S. English Resources
InternalName : NvRaidServiceENU.dll
LegalCopyright : Copyright© NVIDIA Corporation 2000-2003.
LegalTrademarks : NVIDIA® is a registered trademark of NVIDIA Corporation.
OriginalFilename : NvRaidServiceENU.dll
Scanning Module:C:\WINDOWS\System32\nvraidservice.exe...
Scanning Module:C:\WINDOWS\System32\wbem\wbemprox.dll...
Scanning Module:C:\WINDOWS\System32\wbem\wbemsvc.dll...
Scanning Module:C:\WINDOWS\System32\NvRaidSvENU.dll...

#:18 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1852
ThreadCreationTime : 13-06-2005 16:30:36
BasePriority : Normal
FileVersion : 5.1.0.36
ProductVersion : 5.1.0.36
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
Scanning Module:C:\WINDOWS\SOUNDMAN.EXE...

#:19 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_03\bin\
ProcessID : 1880
ThreadCreationTime : 13-06-2005 16:30:36
BasePriority : Normal

Scanning Module:C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe...

#:20 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1892
ThreadCreationTime : 13-06-2005 16:30:36
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
Scanning Module:C:\WINDOWS\system32\ctfmon.exe...

#:21 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 2028
ThreadCreationTime : 13-06-2005 16:30:38
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
Scanning Module:C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe...
Scanning Module:C:\WINDOWS\System32\GCCollection.dll...
Scanning Module:C:\WINDOWS\system32\hashlib.dll...

#:22 [ares.exe]
FilePath : C:\Program Files\Ares\
ProcessID : 200
ThreadCreationTime : 13-06-2005 16:30:38
BasePriority : Normal
FileVersion : 1.8.1.2962
ProductVersion : 1.8.1
ProductName : Ares for windows
CompanyName : Ares Development Group
FileDescription : Ares
InternalName : Ares
OriginalFilename : ARES.EXE
Comments : http://www.aresgalaxy.org
Scanning Module:C:\Program Files\Ares\Ares.exe...
Scanning Module:C:\WINDOWS\system32\ddraw.dll...
Scanning Module:C:\WINDOWS\system32\DCIMAN32.dll...
Scanning Module:C:\WINDOWS\system32\quartz.dll...
Scanning Module:C:\WINDOWS\system32\oledlg.dll...
Scanning Module:C:\WINDOWS\system32\olepro32.dll...
Scanning Module:C:\WINDOWS\system32\RICHED20.DLL...
Scanning Module:C:\WINDOWS\System32\mshtml.dll...
Scanning Module:C:\WINDOWS\System32\msls31.dll...
Scanning Module:C:\WINDOWS\System32\msimtf.dll...
Scanning Module:C:\WINDOWS\ime\sptip.dll...
Scanning Module:C:\WINDOWS\system32\OLEACC.dll...
Scanning Module:C:\WINDOWS\IME\SPGRMR.DLL...
Scanning Module:C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL...
Scanning Module:C:\WINDOWS\System32\actxprxy.dll...

#:23 [kavmm.exe]
FilePath : C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\
ProcessID : 204
ThreadCreationTime : 13-06-2005 16:30:38
BasePriority : Normal
FileVersion : 5.0.20.0
ProductVersion : 5.0.20.0
ProductName : Kaspersky Anti-Virus Personal Pro 5.0
CompanyName : Kaspersky Lab
InternalName : KAVMM
LegalCopyright : Copyright © Kaspersky Lab 1996-2004.
LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
OriginalFilename : KAVMM.EXE
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\klcsa.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavbl.dll...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\xorio_ex.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\startups.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\pr_server.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\pr_client.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\l_llio.ppl...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\avp_iont.dll...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\avpmgr.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\wdiskio.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\avlib.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\arj.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\arjpack.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\avp1.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\avpgs.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\btdisk.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\buffer.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\cab.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\deflate.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\dmap.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\dtreg.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\explode.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\hashcont.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\hashmd5.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\hccmp.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\ichk2.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\ichstrms.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\inflate.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\klonacci.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\klondemi.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\mailmsg.ppl...
Scanning Module:C:\WINDOWS\system32\MAPI32.dll...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\mchk.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\mdb.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\mdmap.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\memmodsc.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\memscan.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\minizip.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\msoe.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\ntfsstrm.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\passdmap.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\prseqio.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\prutil.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\rar.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\sfdb.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\stdcomp.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\stored.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\superio.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\tempfile.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\unarj.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\uniarc.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\unlzx.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\unreduce.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\unshrink.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\unstored.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\winreg.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\xorio.ppl...
Scanning Module:c:\program files\kaspersky lab\kaspersky anti-virus personal pro 5\zcompare.ppl...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\AVS.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\CheckTool.DLL...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\xmlparse.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\xmltok.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavbloc.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\QBackup.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavblp.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\OnDemand.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\OnAccess.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\mcproxy.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\mailapplayer.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\scrch_ag.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\MchkBL.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\SubjPlugin.dll...

#:24 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 344
ThreadCreationTime : 13-06-2005 16:30:43
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
Scanning Module:C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE...

#:25 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 568
ThreadCreationTime : 13-06-2005 16:30:46
BasePriority : Idle
FileVersion : 1, 4, 0, 2
ProductVersion : 1, 4, 0, 3
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.
Scanning Module:C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe...
Scanning Module:C:\WINDOWS\system32\hhctrl.ocx...
Scanning Module:C:\Program Files\Spybot - Search & Destroy\advcheck.dll...

#:26 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 652
ThreadCreationTime : 13-06-2005 16:30:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Scanning Module:c:\windows\system32\wiaservc.dll...
Scanning Module:c:\windows\system32\mscms.dll...
Scanning Module:C:\WINDOWS\System32\sti.dll...
Scanning Module:C:\WINDOWS\System32\hpgwiamd.dll...
Scanning Module:C:\WINDOWS\System32\hpotscl.dll...

#:27 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 6.0\Distillr\
ProcessID : 1064
ThreadCreationTime : 13-06-2005 16:30:50
BasePriority : Normal
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe
Scanning Module:C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe...

#:28 [hpohmr08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1076
ThreadCreationTime : 13-06-2005 16:30:50
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOHMR08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOHMR08.EXE
Comments : HP OfficeJet <Homer> Series COM Device Objects
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvb08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpocxi08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcob08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodio08.dll...
Scanning Module:C:\WINDOWS\system32\hpzidr12.dll...
Scanning Module:C:\WINDOWS\system32\hpzipr12.dll...

#:29 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1088
ThreadCreationTime : 13-06-2005 16:30:50
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll...

#:30 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 1152
ThreadCreationTime : 13-06-2005 16:30:51
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
Scanning Module:C:\Program Files\WinZip\WZQKPICK.EXE...

#:31 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1440
ThreadCreationTime : 13-06-2005 16:30:53
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe...

#:32 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 972
ThreadCreationTime : 13-06-2005 16:30:56
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
Scanning Module:C:\Program Files\iPod\bin\iPodService.exe...
Scanning Module:C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL...
Scanning Module:C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL...

#:33 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ProcessID : 2452
ThreadCreationTime : 13-06-2005 16:30:58
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtap08.dll...
Scanning Module:C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.rsc...

#:34 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2628
ThreadCreationTime : 13-06-2005 16:31:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
Scanning Module:C:\WINDOWS\System32\alg.exe...

#:35 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3212
ThreadCreationTime : 13-06-2005 17:06:11
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
Scanning Module:C:\Program Files\Internet Explorer\iexplore.exe...
Scanning Module:C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll...
Scanning Module:C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ATL.DLL...
Scanning Module:C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll...
Scanning Module:C:\Program Files\Spybot - Search & Destroy\SDHelper.dll...
Scanning Module:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\scr_ch_pg.dll...
Scanning Module:C:\WINDOWS\System32\jscript.dll...
Scanning Module:C:\Program Files\Microsoft Office\OFFICE11\msohev.dll...
Scanning Module:C:\WINDOWS\System32\iepeers.dll...
Scanning Module:C:\WINDOWS\System32\vbscript.dll...
Scanning Module:C:\WINDOWS\System32\macromed\flash\Flash.ocx...
Scanning Module:C:\WINDOWS\System32\ddrawex.dll...
Scanning Module:C:\WINDOWS\System32\mshtmled.dll...
Scanning Module:C:\WINDOWS\System32\shimgvw.dll...
Scanning Module:C:\WINDOWS\System32\dxtrans.dll...
Scanning Module:C:\WINDOWS\System32\dxtmsft.dll...

#:36 [hpzipm12.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3008
ThreadCreationTime : 13-06-2005 17:09:20
BasePriority : Normal
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
Scanning Module:C:\WINDOWS\System32\HPZipm12.exe...

#:37 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 788
ThreadCreationTime : 13-06-2005 17:12:18
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Scanning Module:C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe...
Scanning Module:C:\WINDOWS\system32\RICHED32.DLL...

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jane coates@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:jane coates@adtech.de/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jane coates@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:jane coates@bluestreak.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jane coates@centrport[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:jane coates@centrport.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jane coates@casalemedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:jane coates@casalemedia.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jane coates@overture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:jane coates@overture.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jane coates@questionmarket[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie
It's great being an anorak

#4 ganna

ganna
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 13 June 2005 - 12:57 PM

Sorry I didn't attach my HijackThis log!

Logfile of HijackThis v1.99.1
Scan saved at 19:37:05, on 13/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onvol.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onvol.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
It's great being an anorak

#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 14 June 2005 - 12:00 AM

OK, I'm not finding any bad processes running. I think you misspelled the one that had us worried. Could you please go into Task Manager again and check the spelling--csrss.exe is legit and running, crss.exe is a bad file, but there is no sign of it running in either log.

I'm fairly certain the problem you describe is from some misbehaving HP drivers.

about 2 days ago I was on a website and all of a sudden a blue screen appeared

As a wild guess, was that around the time you had visited this website?
http://www.drivershq.com/

Looks like a neat service and I may check it out myself, but people are having problems like you describe after updating HP printer and other drivers. You might want to read this thread, especially the resolution at the end:
http://forums.scotsnewsletter.com/lofivers...php/t10868.html

Before you visit HP's website or tech support to find some pared down drivers, let's try something that has worked before.

Go to Start>Run and type in msconfig. Under the startup tab uncheck the following that should be listed as common startup:

hp psc 1000 series
hpoddt01


Click OK and reboot.

Try it out for a while and let me know if the blue screens and such goes away. If not, post back the exact error messages that you may get or any other problems you may have.

The thing about people

is they change

when they walk away.--Mipso


#6 ganna

ganna
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 14 June 2005 - 11:32 AM

Yeah you were right about that spelling thing...I blame my writing!! :thumbsup:

Well I did as you said so I'll see if any blue screens do come back.

You must have quite some crystal ball btw coz you were right about that site too!!
hehehe

Well thanks again
It's great being an anorak

#7 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 14 June 2005 - 01:20 PM

:thumbsup: Well, HijackThis is the crystal ball. :flowers: Saw this and checked it out to see if it was bad since I'd never heard of it before.

O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB

Just put two and two together after what I had read about the HP drivers. :trumpet: Do me a favor and post back here in a day or two if you don't get any more blue screens. This problem with HP doesn't seem to be too well known and if we can get the word out maybe HP will get off their rear end and fix the problem. And at least we can get help to others experiencing the same thing. Once we know this is a workable solution, either post back to the thread you started here and link back to this thread, or we might start a new one about the experience.

And frankly, I would've been surprised if you had had any malware on your system with you running Kaspersky. Very, very few logs are posted here with that AV.

The thing about people

is they change

when they walk away.--Mipso


#8 ganna

ganna
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 15 June 2005 - 10:18 AM

Bugger...I just got the same blue screen as before.

And I was writing a reply sayin that it has been fine till then! :thumbsup:
It's great being an anorak

#9 ganna

ganna
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 15 June 2005 - 10:28 AM

When the blue screen comes on it says:

Windows shut down to prevent damage
Machine_Check_Exception

The usual stuff about uninstalling new hardware & then the codes (If you want I can write them down..hopefully more legibly than my processes!!), on the next line it says

Beginning Physical Dump Of Memory

As you can tell I had another one :thumbsup:
It's great being an anorak

#10 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 15 June 2005 - 12:27 PM

Post another HijackThis log, please. I want to see if the hp stuff has reinserted itself into global startup. That can happen with some other programs.

And yes, write down the codes--all information that is available. To prevent any misspellings, :thumbsup: try to hilite the info with your mouse then press Ctrl+C and hope it gets copied to your clipboard.

The thing about people

is they change

when they walk away.--Mipso


#11 ganna

ganna
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 15 June 2005 - 02:24 PM

I'll post the codes as soon as I get another blue screen....properly I promise! :thumbsup:

Well here's my HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 21:22:40, on 15/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onvol.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onvol.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
It's great being an anorak

#12 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 16 June 2005 - 12:45 AM

OK, I did some research on Machine_Check_Exception. It is definitely a hardware related issue. That's not my strong suite. But let's try a couple of things to narrow it down some more and then you'll need to move into the hardware forum where those with more expertise than me can help.

Uninstall your printer. If you don't need to use it a lot, surf around for a while and see if you get any more BSOD'S. If you do need it, install the original drivers you should have on CD. But I would like for you to try it with no printer installed first if you can. If you still get a BSOD with no printer, post a HijackThis log.

Or if you go with the old drivers and they work fine let me know. Also let me know the model of HP printer you're using and if you have any other HP devices installed. And if the BSOD's come at random or if there is something in particular that triggers them.

This should tell us if it is the printer drivers by themselves. But it could be some faulty RAM, a problem with the BIOS or a combination of factors.

The thing about people

is they change

when they walk away.--Mipso


#13 ganna

ganna
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 16 June 2005 - 10:46 AM

I unistalled my printer but I still got a blue screen...I luv the term blue screen of death btw.

The thing I noticed about these BSOD is that they seemed to appear during a Microsoft Antispyware scan.....even today after I unistalled the printer.

So I removed Microsoft AS & downloaded it again & yet again a BSOD appeared.

The stop code is

STOP: 0x0000009C (0x00000004, 0x80545FF0, 0xB2000000, 0x00070F0F)

Well thanks ALOT for your help...I'll post in the hardware forum as you suggested & hopefully sort this out!
It's great being an anorak

#14 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 16 June 2005 - 11:52 AM

Thnks for the info--MSAS being a factor is another clue. Tells me SP2 may be a significant factor for this problem. It may get too confusing, but I would like to see something posted in BC's Microsoft AntiSpyware forum. Maybe we'll look into that later.

Did you try a test run with both the printer and MSAS uninstalled? What I was wanting to see in that environment--both uninstalled--with HijackThis is if this line still appears.

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Which would mean an HP service is still running and all of the HP program hasn't been removed. This could be the, or one source of the problem, but I would need to know if the printer is the only HP device you have installed and if you are running in that particular environment.

So could you let em know that before I let you go? :thumbsup:

It probably won't be that easy:
http://support.microsoft.com/?kbid=329284&sd=RMVP

A machine check exception occurs when Windows XP and your hardware platform cannot recover from a hardware error so that the system can continue to run successfully and reliably. More specific diagnosis of machine check exceptions is difficult, and there is no general solution. Contact your hardware manufacturer or a computer hardware technician for help with troubleshooting this issue.


The thing about people

is they change

when they walk away.--Mipso


#15 ganna

ganna
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 16 June 2005 - 12:00 PM

I don't have any other HP products on my pc though I would like to keep the printer installed, if possible of course...it's the hp psc 1215.

I tried for myself that everytime I run a MSAS scan the BSOD appears though Kapersky AV runs to completion fine, so I would think it's one of the causes (i'm no expert though)..and I did recently download SP2.

I'll post in the MSAS forum too then.

Well here's my HijackThis log without printer & MSAS installed:

Logfile of HijackThis v1.99.1
Scan saved at 18:55:39, on 16/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onvol.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onvol.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
It's great being an anorak




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users