Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

CWS.MSConfig [RESOLVED]

Started by blu3boy15 , Aug 05 2005 11:09 AM

This topic is locked

#1
blu3boy15

Posted 05 August 2005 - 11:09 AM

Member

Member
12 posts

Logfile of HijackThis v1.99.1
Scan saved at 10:12:21 AM, on 8/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Cas\Client\casclient.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\apsi\wtta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Owner\Desktop\l2mfix\second.bat
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120598637578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOCUME~1\OWNER\LOCALS~1\TEMP\_VWUPSRV.EXE (file missing)

#2
ukbiker

Posted 05 August 2005 - 11:28 AM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hello and welcome to Geeks To Go.

I am UKBiker and will be helping you with this log.

Lets start out with some general scans and see if we cant clean things up a little.

+++++ Step 1 +++++

Please download Ewido security suite it is a trial version of the program.

Install Ewido security suite
Launch Ewido, there should be an icon on your desktop double-click it.
The program will prompt you to update click the OK button
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Click on Start

The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:

Click on scanner
Make sure the following boxes are checked before scanning:
- Binder
- Crypter
- Archives
Click on Start Scan
Let the program scan the machine

While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

Click Save report
Save the report to your desktop

+++++ Step 2 +++++

Please run an on-line virus scan at Kaspersky OnLine Scanand have it fix whatever it finds, or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 3 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

UKBiker

#3
blu3boy15

Posted 05 August 2005 - 12:45 PM

Member

Topic Starter
Member
12 posts

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:45:03 AM, 8/5/2005
+ Report-Checksum: B17F2626

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1345321699-3374074227-3872845204-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Administrator.YOUR-RVLNHR6V8D.003\Administrator.YOUR-RVLNHR6V8D.002\Local Settings\Temporary Internet Files\Content.IE5\E1WZAXQG\runsearch[1].exe -> Spyware.MegaSearch.d : Cleaned with backup
C:\Documents and Settings\Administrator.YOUR-RVLNHR6V8D.003\Administrator.YOUR-RVLNHR6V8D.002\Local Settings\Temporary Internet Files\Content.IE5\HS5GPOYC\id201[1].exe -> Trojan.SecondThought.ak : Cleaned with backup
C:\Documents and Settings\Administrator.YOUR-RVLNHR6V8D.003\Administrator.YOUR-RVLNHR6V8D.002\Local Settings\Temporary Internet Files\Content.IE5\I3G55AXO\install[1].exe -> Spyware.Adstart.c : Cleaned with backup
C:\Documents and Settings\Administrator.YOUR-RVLNHR6V8D.003\Administrator.YOUR-RVLNHR6V8D.002\Local Settings\Temporary Internet Files\Content.IE5\Z9TEJ48N\Civ3GoldSetup-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
C:\Documents and Settings\Administrator.YOUR-RVLNHR6V8D.004\ezStub\ezStub.exe -> Adware.eZula : Cleaned with backup
C:\Documents and Settings\Default User\ezStub\ezStub.exe -> Adware.eZula : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EAY6Q74L\!update-2224[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I92561EH\!update-2214[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MZS5S3AV\!update-2234[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MZS5S3AV\!update-2274[1].0000 -> Spyware.MediaTickets : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/amptif.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/api2cqag.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/ardiosrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/corsrv.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/cVmocx.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/dclayx.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/dkmsadsn.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/dkmsvinn.dLL -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/dkvvox.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/dxvmgr.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/eh.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/eoent.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/fcsperf.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/fgsperf.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/fmsui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/gji32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/if41_qcx.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/ivxpromn.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/jtcript.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/jwsd400.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/khdur.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/kodusr.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/kwdru1.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/lcawd12n.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/lfrmonui.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/lkcdll.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/Lqplt12n.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/lspcd12n.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/lyeps12n.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/mcgina.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/mgxoci.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/mrxparhd.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/njtfxperf.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/nldenb32.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/nomkcert.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/nomsdba.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/nvtid.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/nxtid.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/pWutoenr.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/qsgr.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/rfpwsx.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/rmbdyctl.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/sjndmail.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/szrvdeps.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/tmddd.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/udrsvpia.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/vbs_ps.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/vja256.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/wnhrm.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/wwcsvc.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\backup.zip/guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Owner\ezStub\ezStub.exe -> Adware.eZula : Cleaned with backup
C:\Documents and Settings\Owner\installer_MARKETING35.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\apsi\__delete_on_reboot__wtta.exe -> Spyware.MediaTickets : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\0mr0urv.VIR -> Trojan.Delf.cf : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\0z2p0.VIR -> Trojan.Delf.cf : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\5bwm8i.VIR -> Trojan.Delf.cf : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\6d0wopw.VIR -> Trojan.Delf.cf : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\7rfg4id.VIR -> Trojan.Delf.cf : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\bzi4jf5.VIR -> Trojan.Delf.cf : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\hh0cd.VIR -> Trojan.Delf.cf : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\jfc6r.VIR -> Trojan.Delf.cf : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\jfc6r.VIR00 -> Trojan.Delf.cf : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\TMP14.TMP.VIR -> TrojanDownloader.IstBar.fp : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\TMP1A4.TMP.VIR -> TrojanDownloader.IstBar.fp : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\TMP21B.TMP.VIR -> TrojanDownloader.IstBar.fp : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\TMP293.TMP.VIR -> TrojanDownloader.IstBar.fp : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\TMP3B1.TMP.VIR -> TrojanDownloader.IstBar.fp : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\TMP3E.TMP.VIR -> TrojanDownloader.IstBar.fp : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\TMP472.TMP.VIR -> TrojanDownloader.IstBar.fp : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\TMP72.TMP.VIR -> TrojanDownloader.IstBar.fp : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\TMP86.TMP.VIR -> TrojanDownloader.IstBar.fp : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\vppr.VIR -> TrojanDownloader.Lastad.p : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\w6xhy9.VIR -> Trojan.Delf.cf : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\ze2ncf.VIR -> Trojan.Delf.cf : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\zfafo.VIR -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\bundles\runsearch.exe -> Spyware.MegaSearch.d : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
C:\WINDOWS\ozpewlxs.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\smfin32.exe -> TrojanDownloader.Small.ne : Cleaned with backup
C:\WINDOWS\system32\adlinstallwin32.exe -> Spyware.Downloadware : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\ezStub\ezStub.exe -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\adlinstallwin32.exe -> Spyware.Adstart.c : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\asmfiles.cab/asm.exe -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\asmfiles.cab/asmps.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bi1.cab/bi.dll -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bi1.cab/biprep.exe -> Trojan.Bispy.B : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bi419.cab/bi.dll -> Trojan.Bispy.A : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\gsim.cab/gsim.dll -> Spyware.Visicom : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\E1WZAXQG\runsearch[1].exe -> Spyware.MegaSearch.d : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HS5GPOYC\id201[1].exe -> Trojan.SecondThought.ak : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I3G55AXO\install[1].exe -> Spyware.Adstart.c : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Z9TEJ48N\Civ3GoldSetup-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
C:\WINDOWS\system32\conres.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\epx30105.exe -> TrojanDownloader.Lastad.p : Cleaned with backup
C:\WINDOWS\system32\ezStub3.exe -> Adware.EZula : Cleaned with backup
C:\WINDOWS\system32\modgxyz.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\PSof1.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\system32\SHAgentNew.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\vrolyf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\WinStat12.dll -> Spyware.Winsta : Cleaned with backup
C:\WINDOWS\system32\xlckgbpe.dll -> Trojan.Goldid : Cleaned with backup
C:\WINDOWS\Temp\!update.exe -> Spyware.MediaTickets : Cleaned with backup

::Report End

#4
ukbiker

Posted 05 August 2005 - 12:59 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi there again.

Ewido found and cleaned a lot of stuff there, so before you run the online scan, please do the following

1 Have Ewido finally delete everything it found.

2 Delete anything held in quarantine in any other antivirus/antispyware scans you have run.

3 Please clean out your temporary files

Start | Run | type cleanmgr | OK
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Click "OK" to remove them.
Click "Yes" to confirm the deletion.

4Flush System Restore.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

When you have done all this, run the online scan, then post its results and a fresh HJT log for me please.

UKBiker

#5
ukbiker

Posted 05 August 2005 - 01:36 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi there

The link for the Kaspersky online scanner has changed, this is the correct link HERE

UKBiker

#6
blu3boy15

Posted 05 August 2005 - 03:25 PM

Member

Topic Starter
Member
12 posts

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, August 05, 2005 14:27:02
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/08/2005
Kaspersky Anti-Virus database records: 133983
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 93271
Number of viruses found: 10
Number of infected objects: 14
Number of suspicious objects: 2
Duration of the scan process: 7313 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Administrator.YOUR-RVLNHR6V8D.003\Administrator.YOUR-RVLNHR6V8D.002\Local Settings\Temporary Internet Files\Content.IE5\I3G55AXO\track[1].htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia3.zip/main.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia3.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Owner\My Documents\AmericasArmy240_Download\AmericasArmy240_Download.exe/AmericasArmy.msi/NewBinary24 Infected: Trojan-Dropper.Win32.Agent.rm
C:\Documents and Settings\Owner\My Documents\AmericasArmy240_Download\AmericasArmy240_Download.exe/AmericasArmy.msi Infected: Trojan-Dropper.Win32.Agent.rm
C:\Documents and Settings\Owner\My Documents\AmericasArmy240_Download\AmericasArmy240_Download.exe Infected: Trojan-Dropper.Win32.Agent.rm
C:\Program Files\AVPersonal\INFECTED\AP0.BIN.VIR Infected: Trojan.Win32.Scagent.c
C:\Program Files\AVPersonal\INFECTED\TMP1A5.TMP.VIR Infected: Trojan-Downloader.Win32.Agent.af
C:\WINDOWS\system32\bi1.exe Infected: Trojan-Dropper.Win32.Agent.og
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\TinyInstaller.exe Infected: Trojan-Dropper.Win32.Agent.fa
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I3G55AXO\track[1].htm Infected: Exploit.HTML.Mht
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Z9TEJ48N\TRACK[1].CHM/track.htm Infected: Trojan-Downloader.JS.Psyme.n
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Z9TEJ48N\TRACK[1].CHM Infected: Trojan-Downloader.JS.Psyme.n
C:\WINDOWS\system32\GSM3-0511.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\WINDOWS\system32\GSM3-0511.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\WINDOWS\system32\GSM3-0511.exe Infected: Trojan-Downloader.Win32.Small.ayh

Scan process completed.

#7
ukbiker

Posted 05 August 2005 - 03:32 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi there

ok, have kaspersky fix these files only

C:\Documents and Settings\Administrator.YOUR-RVLNHR6V8D.003\Administrator.YOUR-RVLNHR6V8D.002\Local Settings\Temporary Internet Files\Content.IE5\I3G55AXO\track[1].htm Infected: Exploit.HTML.Mht

C:\Documents and Settings\Owner\My Documents\AmericasArmy240_Download\AmericasArmy240_Download.exe/AmericasArmy.msi/NewBinary24 Infected: Trojan-Dropper.Win32.Agent.rm
C:\Documents and Settings\Owner\My Documents\AmericasArmy240_Download\AmericasArmy240_Download.exe/AmericasArmy.msi Infected: Trojan-Dropper.Win32.Agent.rm
C:\Documents and Settings\Owner\My Documents\AmericasArmy240_Download\AmericasArmy240_Download.exe Infected: Trojan-Dropper.Win32.Agent.rm

C:\WINDOWS\system32\bi1.exe Infected: Trojan-Dropper.Win32.Agent.og
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\TinyInstaller.exe Infected: Trojan-Dropper.Win32.Agent.fa
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I3G55AXO\track[1].htm Infected: Exploit.HTML.Mht
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Z9TEJ48N\TRACK[1].CHM/track.htm Infected: Trojan-Downloader.JS.Psyme.n
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Z9TEJ48N\TRACK[1].CHM Infected: Trojan-Downloader.JS.Psyme.n
C:\WINDOWS\system32\GSM3-0511.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\WINDOWS\system32\GSM3-0511.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\WINDOWS\system32\GSM3-0511.exe Infected: Trojan-Downloader.Win32.Small.ayh

Then reboot, rescan with HJT and post a new HJT log.

UKBiker

#8
ukbiker

Posted 05 August 2005 - 03:53 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi again

Save these in a text file somewhere handy

C:\Documents and Settings\Administrator.YOUR-RVLNHR6V8D.003\Administrator.YOUR-RVLNHR6V8D.002\Local Settings\Temporary Internet Files\Content.IE5\I3G55AXO\track[1].htm
C:\Documents and Settings\Owner\My Documents\AmericasArmy240_Download\AmericasArmy240_Download.exe/AmericasArmy.msi/NewBinary24
C:\Documents and Settings\Owner\My Documents\AmericasArmy240_Download\AmericasArmy240_Download.exe/AmericasArmy.msi
C:\Documents and Settings\Owner\My Documents\AmericasArmy240_Download\AmericasArmy240_Download.exe
C:\WINDOWS\system32\bi1.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\TinyInstaller.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I3G55AXO\track[1].htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Z9TEJ48N\TRACK[1].CHM/track.htm
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Z9TEJ48N\TRACK[1].CHM
C:\WINDOWS\system32\GSM3-0511.exe/data0002
C:\WINDOWS\system32\GSM3-0511.exe/data0003
C:\WINDOWS\system32\GSM3-0511.exe

Then

1- please run Killbox.

2- Select "Delete on Reboot".

3- Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

put files here in a box.

4- Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

5- Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Post a new HJT log for me

UKBiker

#9
blu3boy15

Posted 05 August 2005 - 04:05 PM

Member

Topic Starter
Member
12 posts

C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Owner\Desktop\l2mfix\second.bat
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120598637578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOCUME~1\OWNER\LOCALS~1\TEMP\_VWUPSRV.EXE (file missing)

#10
blu3boy15

Posted 05 August 2005 - 04:06 PM

Member

Topic Starter
Member
12 posts

i dont think the whole thing posted last time so here is the right one

Logfile of HijackThis v1.99.1
Scan saved at 3:08:37 PM, on 8/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Cas\Client\casclient.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Owner\Desktop\l2mfix\second.bat
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120598637578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOCUME~1\OWNER\LOCALS~1\TEMP\_VWUPSRV.EXE (file missing)

#11
ukbiker

Posted 05 August 2005 - 04:21 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi again

Ok then , while i am looking at your log and working out the fix, i would like you to download a few tools in prearation and also provide me with the uninstall list From HJT that I asked for earlier.

If you already have CWShredder installed, please delete it, then download a copy of it from HERE.
Install it but do not run it yet.

Make sure you're using the latest version of Ad-aware(Ad-aware SE 1.06) If you're using an older version, or do not have it at all download Ad-aware SE Personal 1.06 and install it..

Once installed, update it

Select Check for updates.
Then Connect and download .

Do not run this tool yet.

Please post the uninstall list for me here
UKBiker

#12
blu3boy15

Posted 05 August 2005 - 04:28 PM

Member

Topic Starter
Member
12 posts

Ad-Aware SE Personal
Adobe Acrobat 5.0
Advanced WMA Workshop version 2.1rc2
ArcSoft Picture Software
avast! Antivirus
BlitzIn2
Bridge Baron 15
CleanUp!
Dark Orbit
Dell Digital Jukebox Driver
Dell DJ Explorer
Diablo II
DiMAGE Viewer
ewido security suite
Google Toolbar for Internet Explorer
Hero Editor V0.80
HijackThis 1.99.1
hp center
HP Digital Imaging Album Printing 1.0
HP Instant Support
HP Memories Disc
HP Photo and Imaging 1.1 - Photosmart Cameras
HP Photo and Imaging 2.0 - Photosmart Printer Series
Inactive HP Printer Drivers (Remove only)
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
Kaspersky On-line Scanner
KBD
Lernout & Hauspie TruVoice American English TTS Engine
Microsoft .NET Framework (English) v1.0.3705
Microsoft Office Excel Viewer 2003
Musicmatch® Jukebox
NVIDIA Windows 2000/XP Display Drivers
OIN
Pacific Poker
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Pop-Up Stopper Free Edition
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
QuickTime
RecordNow
RecordNow Update Manager
RichEditor
S3Display
S3Info2
S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Simple Backup for My Pictures
Simple Installer - Multilanguage Version
Spybot - Search & Destroy 1.4
Update for Windows XP (KB898461)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WordPerfect Productivity Pack
WordPerfect Productivity Pack

#13
blu3boy15

Posted 05 August 2005 - 05:31 PM

Member

Topic Starter
Member
12 posts

Logfile of HijackThis v1.99.1
Scan saved at 4:33:10 PM, on 8/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RunDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Cas\Client\casclient.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Owner\Desktop\l2mfix\second.bat
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120598637578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOCUME~1\OWNER\LOCALS~1\TEMP\_VWUPSRV.EXE (file missing)

#14
ukbiker

Posted 05 August 2005 - 05:52 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi again

Ok here is the fix. I strongly suggest you print this out for reference as you will be in safe mode for some of the fix and unable to access this page online. :tazz:

Step 1

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

Step 2

Run Ad-Aware with the latest update.

Download the latest version of Ad-Aware (Ad-Aware SE Build 1.06r1) from here.
If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
Once the definitions have been updated:
Reconfigure Ad-Aware for Full Scan as per the following instructions:
- Launch the program, and click on the Gear at the top of the start screen.
- Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
  - "Automatically save logfile"
  - Automatically quarantine objects prior to removal"
  - Safe Mode (always request confirmation)
  - Prompt to update outdated confirmation) - Change to 7 days.
- Click the "Scanning" button (On the left side).
- Under Drives & Folders, select "Scan within Archives"
- Click "Click here to select Drives + folders" and select your installed hard drives.
- Under Memory & Registry, select all options.
- Click the "Advanced" button (On the left hand side).
- Under "Shell Integration", select "Move deleted files to Recycle Bin".
- Under "Log-file detail", select all options.
- Click on the "Defaults" button on the left.
- Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
- Click the "Tweak" button (Again, on the left hand side).
- Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
  - "Unload recognized processes during scanning."
  - "Obtain command line of scanned processes"
  - "Scan registry for all users instead of current user only"
- Under "Cleaning Engine", select the following:
  - "Automatically try to unregister objects prior to deletion."
  - "During removal, unload explorer and IE if necessary"
  - "Let Windows remove files in use at next reboot."
  - "Delete quarrantined objects after restoring"
- Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
- Click on "Proceed" to save these Preferences.
- Click on the "Scan Now" button on the left.
- Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
Close all programs except ad-aware.
Click on "Next" in the bottom right corner to start the scan.
Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

Step 3

Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Step 4

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O16 - DPF: Yahoo! Chess -

Now close all windows other than HiJackThis, then click Fix Checked.

Step 5

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

IntelliMover Data Transfer Demo
OIN
Pacific Poker
Python 2.2 combined Win32 extensions
Python 2.2.1
Simple Backup for My Pictures
Simple Installer - Multilanguage Version

Please note any other programs that you dont recognize in that list in your next response

Step 6

Please delete these folders using Windows Explorer(if present):

C:\Program Files\NaviSearch
C:\Program Files\Cas

Step 7

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\cfgmgr52.dll

Step 8

After that, Reboot.

Rescan with HJT and post me a new log.

Good Luck

UKBiker

#15
blu3boy15

Posted 06 August 2005 - 08:23 PM

Member

Topic Starter
Member
12 posts

Logfile of HijackThis v1.99.1
Scan saved at 7:23:38 PM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis\HijackThis.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Owner\Desktop\l2mfix\second.bat
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120598637578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOCUME~1\OWNER\LOCALS~1\TEMP\_VWUPSRV.EXE (file missing)