Incident Status Location
Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Adware:adware/secure32 Not disinfected c:\windows\secure32.html
Adware:adware/beginto Not disinfected c:\windows\system32\cache3244tbvds
Adware:adware/purityscan Not disinfected Windows Registry
Adware:adware/statblaster Not disinfected Windows Registry
Adware:adware/sbsoft Not disinfected Windows Registry
Spyware:Spyware/Virtumonde Not disinfected C:\!KillBox\gebxx.dll
Adware:Adware/eZula Not disinfected C:\!KillBox\mti-hits.exe[²èÇ]
Spyware:Spyware/Media-motor Not disinfected C:\!KillBox\pop06ap2.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.2o7.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.fastclick.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.statcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[sel.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dave\Cookies\dave@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dave\Cookies\dave@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Dave\Cookies\dave@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Cookies\dave@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dave\Cookies\dave@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dave\Cookies\dave@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dave\Cookies\dave@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dave\Cookies\dave@burstnet[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dave\Cookies\dave@c5.zedo[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dave\Cookies\dave@casalemedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dave\Cookies\dave@com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dave\Cookies\dave@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dave\Cookies\dave@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dave\Cookies\dave@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dave\Cookies\dave@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dave\Cookies\dave@hitbox[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Dave\Cookies\dave@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dave\Cookies\dave@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dave\Cookies\dave@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dave\Cookies\dave@realmedia[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Cookies\dave@servedby.advertising[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dave\Cookies\dave@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dave\Cookies\dave@statcounter[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dave\Cookies\dave@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dave\Cookies\dave@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dave\Cookies\dave@www.burstbeacon[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Dave\Cookies\dave@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dave\Cookies\dave@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dave\Desktop\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dave\Desktop\l2mfix.exe[l2mfix/Process.exe]
Logfile of HijackThis v1.99.1
Scan saved at 9:58:52 PM, on 5/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\hijack\HijackThis.exe
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~2\PopUp.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutoUpdate.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe