ActiveScan results:
Incident Status Location
Adware:Adware/ActiveSearch Not disinfected
C:\Program Files\Common Files\{64CED752-0876-1033-0209-040804030001}\System.dll
Adware:Adware/Mytoolbar Not disinfected
C:\Program Files\Common Files\{64CED752-0876-1033-0209-040804030001}\Update.exe
Adware:adware/cws Not disinfected
C:\Documents and Settings\Owner\Favorites\online gambling\Online Gambling.url
Dialer:dialer.xd Not disinfected c:\windows\downloaded program files\start30.inf
Adware:adware/popuper Not disinfected
c:\documents and settings\owner\my documents\Your Scanner.url
Adware:adware/portalscan Not disinfected c:\windows\bundles\58kd52fg.exe
Adware:adware/delfinmedia Not disinfected c:\keys.ini
Spyware:spyware/surfsidekick Not disinfected
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/exact.bargainbuddy Not disinfected c:\windows\msxct1.ini
Adware:adware/wupd Not disinfected
c:\program files\DeskAd Service
Potentially unwanted tool:application/myway Not disinfected
c:\program files\MyWay
Adware:adware/statblaster Not disinfected
c:\program files\WildArcade
Adware:adware/sidesearch Not disinfected
C:\Documents and Settings\Owner\Application Data\Lycos
Adware:adware/tvmedia Not disinfected c:\windows\bundles
Adware:adware/addestroyer Not disinfected
c:\documents and settings\all users\application data\AdDestroyer
Adware:adware/virtualbouncer Not disinfected
c:\documents and settings\all users\application data\VBouncer
Adware:adware/savenow Not disinfected
c:\documents and settings\all users\application data\vmss
Spyware:spyware/searchcentrix Not disinfected
Windows Registry
Spyware:Cookie/2o7 Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected
C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt
Spyware:Cookie/AdDynamix Not disinfected
C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Spyware:Cookie/Casalemedia Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected
C:\Documents and Settings\Owner\Cookies\
[email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected
C:\Documents and Settings\Owner\Cookies\
[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
Spyware:Cookie/Go Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@go[2].txt
Spyware:Cookie/Hitbox Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt
Spyware:Cookie/Mediaplex Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
Spyware:Cookie/RealMedia Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
Spyware:Cookie/Searchportal Not disinfected
C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected
C:\Documents and Settings\Owner\Cookies\
[email protected][2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Spyware:Cookie/Zedo Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
Adware:Adware/PurityScan Not disinfected
C:\Documents and Settings\Owner\My Documents\qr.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\My Documents\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\My Documents\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Adware:Adware/Mytoolbar Not disinfected
C:\Documents and Settings\Owner\My Documents\ze.exe
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/MyWay Not disinfected
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
Potentially unwanted tool:Application/MyWay Not disinfected
C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL
Spyware:Spyware/ClearSearch Not disinfected
C:\Program Files\oxbx3xdz\1rryy07y.DLL
Adware:Adware/Comet Not disinfected
C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe
Adware:Adware/StatBlaster Not disinfected
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks.exe[update_8.exe][update.exe]
Dialer:Dialer.XD Not disinfected C:\WINDOWS\Downloaded Program Files\ied.inf
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\LastGood\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Spyware:Cookie/Hbmediapro Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\
[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@adrevolver[2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\
[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@azjmp[2].txt
Spyware:Cookie/Banner Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@belnk[1].txt
Spyware:Cookie/Cassava Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@cassava[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@cgi-bin[4].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@cgi-bin[5].txt
Spyware:Cookie/did-it Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\
[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\
[email protected][1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\
[email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@maxserving[1].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@pacificpoker[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@realmedia[2].txt
Spyware:Cookie/Target Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@target[1].txt
Spyware:Cookie/Toplist Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\owner@toplist[1].txt
Spyware:Spyware/Smitfraud Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\AGLanguage.ini
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Cookies\owner@atwola[1].txt
Potentially unwanted tool:Application/Processor
HIJACK THIS REPORT:
Logfile of HijackThis v1.99.1
Scan saved at 4:57:11 PM, on 1/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\AOL\1143044547\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\DVDRAMSV.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\{64CED752-0876-1033-0209-040804030001}\Update.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\America Online 9.0b\waol.exe
c:\program files\common files\aol\1143044547\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\common files\aol\1143044547\ee\aolsoftware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1143044547\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) -
http://community.web...wsaxcontrol.cabO16 - DPF: {49232000-16E4-426C-A231-62846947304B} -
http://ipgweb.cce.hp...ads/sysinfo.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com...kup/qdiagcc.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) -
http://support.f-sec...m/ols/fscax.cabO16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) -
http://community.web...otoUploader.CABO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe