hi all

i am having a popup on my system called MS Webchecker monitor. i read some FAQ on the Forum and down loaded HJT

can some one PLEASE look over my logfiles and and give me some feed back...

Logfile of HijackThis v1.99.1
Scan saved at 2:20:00 PM, on 20/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe C:\Program Files\Canon\nsc\wnappsrv.exe C:\Program Files\Canon\nsc\wnwebsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\PROGRA~1\SPYWAR~1\swdoctor.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUMENTS AND SETTINGS\ARIE ROSS C.E.O\DESKTOP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webster.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409[/url]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099803687953[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url]
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [url]https://meetings.webex.com/client/v_peppu/webex/ieatgpc.cab[/url]
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Canon NetSpot Console (Canon NetSpot Console Server) - CANON INC. - C:\Program Files\Canon\nsc\wnappsrv.exe
O23 - Service: Canon NetSpot Console Web Service (Canon NetSpot Web Service) - CANON INC. - C:\Program Files\Canon\nsc\wnwebsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

To any one that can help

for the past seveal weeks i have been having major spywear problems. i have been having a popup on my computer called MS Webcheck monitor and i have tryed every thing under the sun to get ride of it.

i came a cross this forum and show that your guys have helped others in the past and would like some one to take a look at my HJT logfile....

the following is my logfile..can any one help me..

Logfile of HijackThis v1.99.1
Scan saved at 9:29:49 AM, on 22/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\Canon\nsc\wnappsrv.exe
C:\Program Files\Canon\nsc\wnwebsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Arie Ross C.E.O\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409[/url]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099803687953[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url]
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [url]https://meetings.webex.com/client/v_peppu/webex/ieatgpc.cab[/url]
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Canon NetSpot Console (Canon NetSpot Console Server) - CANON INC. - C:\Program Files\Canon\nsc\wnappsrv.exe
O23 - Service: Canon NetSpot Console Web Service (Canon NetSpot Web Service) - CANON INC. - C:\Program Files\Canon\nsc\wnwebsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

Arie,

Please don't start new threads to ask the same question you have already asked in a thread...

I don't know what is causing your problem, your log looks clean... Try running an MWavScan... It will produce a log in the lower window that has the bad list and you will need to use Ctrl-C to copy it and then paste it here for review....

http://www.mwti.net/antivirus/free_utilities.asp

It will suggest that you buy the product to fix what it finds, but that is not necessary... Just post the bad part of the scan and we will deal with it...

hi Budfred

thanks for the help. i did what you mentioned and this is the log i got. i noted
the very bottom of the log first cause some thing jumped out at me it said "
=> Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD

=> ***** Scanning Registry and File system for Adware/Spyware *****
Wed Jun 22 18:58:17 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Wed Jun 22 18:58:53 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Wed Jun 22 18:59:07 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Wed Jun 22 18:59:13 2005 => Entry "HKCR\CLSID\{0006F03A-0000-0000-C000-000000000046}" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll". Action Taken: No Action Taken.

Wed Jun 22 18:59:22 2005 => Entry "HKCR\CLSID\{4265CF3E-8E88-4f67-910D-37454B2332E5}" refers to invalid object "C:\Program Files\Norton SystemWorks\Password Manager\ppWebWnd.dll". Action Taken: No Action Taken.

Wed Jun 22 18:59:29 2005 => Entry "HKCR\CLSID\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}" refers to invalid object "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll". Action Taken: No Action Taken.

Wed Jun 22 18:59:38 2005 => Entry "HKCR\PpWebWnd.ppWebWindow" refers to invalid object "{079F4B11-D49B-40d5-9C07-BBB79B03A907}". Action Taken: No Action Taken.

Wed Jun 22 18:59:38 2005 => Entry "HKCR\PpWebWnd.ppWebWindow.1" refers to invalid object "{079F4B11-D49B-40d5-9C07-BBB79B03A907}". Action Taken: No Action Taken."

this is the rest of the log..below :confused:

here is the rest of the logfile
does any of this makes any sence to ya...?

Wed Jun 22 18:55:44 2005 => Version 6.4.1 (C:\DOCUME~1\ARIERO~1.O\LOCALS~1\Temp\mwavscan.com )
Wed Jun 22 18:55:44 2005 => Log File: C:\DOCUME~1\ARIERO~1.O\LOCALS~1\Temp\MWAV.LOG
Wed Jun 22 18:55:44 2005 => MWAV Registered: FALSE.
Wed Jun 22 18:55:44 2005 => MWAV Mode: Only Scan files.
Wed Jun 22 18:55:45 2005 => Latest Date of files inside MWAV: 17 Jun 2005 08:33:39.
Wed Jun 22 18:55:50 2005 => AV Library Loaded...
Wed Jun 22 18:55:50 2005 => MWAV doing self scanning...
Wed Jun 22 18:55:50 2005 => Scanning File C:\DOCUME~1\ARIERO~1.O\LOCALS~1\Temp\kavss.exe
Wed Jun 22 18:55:50 2005 => Scanning File C:\DOCUME~1\ARIERO~1.O\LOCALS~1\Temp\Getvlist.exe
Wed Jun 22 18:55:50 2005 => Scanning File C:\DOCUME~1\ARIERO~1.O\LOCALS~1\Temp\kavss.dll
Wed Jun 22 18:55:50 2005 => Scanning File C:\DOCUME~1\ARIERO~1.O\LOCALS~1\Temp\kavssdi.dll
Wed Jun 22 18:55:50 2005 => Scanning File C:\DOCUME~1\ARIERO~1.O\LOCALS~1\Temp\kavssi.dll
Wed Jun 22 18:55:50 2005 => Scanning File C:\DOCUME~1\ARIERO~1.O\LOCALS~1\Temp\kavvlg.dll
Wed Jun 22 18:55:50 2005 => Scanning File C:\DOCUME~1\ARIERO~1.O\LOCALS~1\Temp\msvlclnt.dll
Wed Jun 22 18:55:50 2005 => Scanning File C:\DOCUME~1\ARIERO~1.O\LOCALS~1\Temp\ipc.dll
Wed Jun 22 18:55:50 2005 => Scanning File C:\DOCUME~1\ARIERO~1.O\LOCALS~1\Temp\main.avi
Wed Jun 22 18:55:50 2005 => Scanning File C:\DOCUME~1\ARIERO~1.O\LOCALS~1\Temp\virus.avi
Wed Jun 22 18:55:50 2005 => MWAV files are clean.
Wed Jun 22 18:55:54 2005 => Virus Database Date: 2005/06/17
Wed Jun 22 18:55:54 2005 => Virus Database Count: 135140

Wed Jun 22 18:56:50 2005 => Version 6.4.1 (C:\DOCUME~1\ARIERO~1.O\LOCALS~1\Temp\mwavscan.com )
Wed Jun 22 18:56:50 2005 => Log File: C:\DOCUME~1\ARIERO~1.O\LOCALS~1\Temp\MWAV.LOG
Wed Jun 22 18:56:50 2005 => User Account: Arie Ross C.E.O
Wed Jun 22 18:56:50 2005 => Windows Root Folder: C:\WINDOWS
Wed Jun 22 18:56:50 2005 => Windows Sys32 Folder: C:\WINDOWS\system32
Wed Jun 22 18:56:50 2005 => OS: Windows NT
Wed Jun 22 18:56:51 2005 => Latest Date of files inside MWAV: 17 Jun 2005 08:33:39.

Wed Jun 22 18:56:51 2005 => Options Selected by User:
Wed Jun 22 18:56:51 2005 => Memory Check: Enabled
Wed Jun 22 18:56:51 2005 => Registry Check: Enabled
Wed Jun 22 18:56:51 2005 => StartUp Folder Check: Enabled
Wed Jun 22 18:56:51 2005 => System Folder Check: Enabled
Wed Jun 22 18:56:51 2005 => System Area Check: Disabled
Wed Jun 22 18:56:51 2005 => Services Check: Enabled
Wed Jun 22 18:56:51 2005 => Drive Check: Disabled
Wed Jun 22 18:56:51 2005 => All Drive Check :Enabled
Wed Jun 22 18:56:51 2005 => Folder Check: Enabled
Wed Jun 22 18:56:51 2005 => Folder Selected = C:\WINDOWS

Wed Jun 22 18:56:51 2005 => ***** Scanning Memory Files *****
Wed Jun 22 18:56:51 2005 => Scanning File C:\WINDOWS\System32\smss.exe
Wed Jun 22 18:56:51 2005 => Scanning File C:\WINDOWS\system32\ntdll.dll
Wed Jun 22 18:56:51 2005 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Wed Jun 22 18:56:51 2005 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Wed Jun 22 18:56:51 2005 => Scanning File C:\WINDOWS\system32\basesrv.dll
Wed Jun 22 18:56:51 2005 => Scanning File C:\WINDOWS\system32\winsrv.dll
Wed Jun 22 18:56:51 2005 => Scanning File C:\WINDOWS\system32\GDI32.dll
Wed Jun 22 18:56:51 2005 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Wed Jun 22 18:56:51 2005 => Scanning File C:\WINDOWS\system32\USER32.dll
Wed Jun 22 18:56:51 2005 => Scanning File C:\WINDOWS\system32\sxs.dll
Wed Jun 22 18:56:51 2005 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Wed Jun 22 18:56:51 2005 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Wed Jun 22 18:56:51 2005 => Scanning File C:\PROGRA~1\SPYWAR~1\Tools\klg.dat
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\oleaut32.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\ole32.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\PROGRA~1\SPYWAR~1\Tools\swpg.dat
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\Apphelp.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\VERSION.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\USERENV.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\Secur32.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\WINTRUST.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\MSGINA.dll
Wed Jun 22 18:56:52 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Wed Jun 22 18:56:53 2005 => Scanning File

C:\WINDOWS\system32\ODBC32.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\odbcint.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\SHSVCS.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\sfc.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\sfc_os.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\WINSCARD.DLL
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\WTSAPI32.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\uxtheme.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\WINMM.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\cscdll.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\WINSPOOL.DRV
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\MPR.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\rsaenh.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\SAMLIB.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\cscui.dll
Wed Jun 22 18:56:53 2005 => Scanning File C:\WINDOWS\system32\xpsp2res.dll
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\COMRes.dll
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\CLBCATQ.DLL
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\NTMARTA.DLL
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\WLDAP32.dll
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\wdmaud.drv
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\msacm32.drv
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\MSACM32.dll
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\midimap.dll
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\Cabinet.dll
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\services.exe
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\ShimEng.dll
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\AppPatch\AcGenral.DLL
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\eventlog.dll
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Wed Jun 22 18:56:54 2005 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\msprivs.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\kerberos.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\netlogon.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\w32time.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\schannel.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\wdigest.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\ipsecsvc.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\oakley.DLL
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\WINIPSEC.DLL
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\pstorsvc.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\psbase.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\mswsock.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\hnetcfg.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\dssenh.dll
Wed Jun 22 18:56:55 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Jun 22 18:56:55 2005 => Scanning File c:\windows\system32\rpcss.dll
Wed Jun 22 18:56:55 2005 => Scanning File c:\windows\system32\termsrv.dll
Wed Jun 22 18:56:55 2005 => Scanning File c:\windows\system32\ICAAPI.dll
Wed Jun 22 18:56:55 2005 => Scanning File c:\windows\system32\mstlsapi.dll
Wed Jun 22 18:56:55 2005 => Scanning File

Please do NOT post any more of the scan... What I said is: It will produce a log in the lower window that has the bad list and you will need to use Ctrl-C to copy it and then paste it here for review....The text in the lower window is much less and contains the files that were found to be bad... Posting the whole scan log is a waste of time... Please post ONLY the bad list in the bottom window...

Hello...

I've got a possible "infection" with a popup called MS Webcheck Monitor, that was not detected by any antivirus or antispyware...
This popup was activated every 15 minutes, and it was disapeared instantaneously... Once I've did a click over it, and a screen was opened with the title MS Webcheck Monitor, and I saw that my screen was captured by this "program" (something like a printscreen).
So, the hunt was started...
Last night, I've discovered this:

1- Every 15 minutes, a program called HPOSM.EXE (resident in the path: C:\ProgramFiles\HP\hpcoretech\soln) was started automatically, and it was followed by a second "HP program" called HPTSKMGR.EXE whose started immediately before that popup starts (the so called MS Webcheck Monitor)...
2-After the "MS Webcheck Monitor" capture my screen and close, it closed the program HPTSKMGR.EXE immediately...

If you read about something called MS Webcheck Monitor, you'll see that this is a program from Microsoft putted together with Internet Explorer (till the version 5).
As my OS is Windows XP professional and my IE is 6.02, that program could'nt be the true MS Webcheck Monitor (it doesn'nt exists in version 6 and higher!).
So my conclusion was: Why a program entitled MS Webcheck Monitor should use HP programs for starts itself? and still capture my screen?
I believe that this is an adware or spyware that infects HP programs, or use its with bad purposes...

Well, in conclusion, FINALLY, I've DELETED the program called HPTSKMGR.EXE, and...
voilà!!!!!

That damned popup called MS Webcheck Monitor DID NOT started again!!!

And my machine is functioning perfectly, until now...

So, if you want be free of that popup called "MS Webcheck Monitor", that capture your screen, JUST DELETE HPTSKMGR.EXE, At your own risk!!!!!

Best Regards

D-mig

D-mig,

Welcome to http://www.pcguide.com/ubb/pcgubb.gif

If you have WebCheckMonitor, it is likely that you have other infections as well... I suggest that you open you own thread and post a HijackThis log for review... If you have not already done so, it would be a good idea to run spyware and antivirus scans as well...