Logfile of HijackThis v1.99.1
Scan saved at 8:46:15 PM, on 5/5/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\LXCRPPLS.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\HPHMON04.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\ACHKR.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\LEXMARK 2400 SERIES\LXCRMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LEXMARK 2400 SERIES\EZPRINT.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MYSPACE\IM\MYSPACEIM.EXE
C:\WINDOWS\SYSTEM\ONSRVR.EXE
C:\WINDOWS\SYSTEM\LXCRCOMS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\PROFILES\HOLLY\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...nsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...rchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL (file missing)
F1 - win.ini: run=lxcrppls.exe
O1 - Hosts: 207.44.240.65 rad.msn.com
O1 - Hosts: 216.93.174.28 view.atdmt.com
O1 - Hosts: 216.93.174.28 ad.doubleclick.net
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\PROGRAM FILES\LEXMARK TOOLBAR\TOOLBAND.DLL
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\PROGRAM FILES\LEXMARK TOOLBAR\TOOLBAND.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.EXE
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [OnSrvr] C:\WINDOWS\SYSTEM\OnSrvr.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\SYSTEM\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O8 - Extra context menu item: &Dictionary - C:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Spelling - C:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Thesaurus - C:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Translate - C:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Web Search - C:\Program Files\Dictionary\search.html
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .PPT: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPDOC. DLL
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

Ok, this is driving me crazy!!! I've tried getting rid of both IE and Netscape 6.2 because they are constantly crashing. Mozilla FireFox lets me view about 10 pages or so before getting "the blue screen of death"...my browser seems to get sucked into the vortex of horrid "Yournetworth" site that overtakes everything then eventually freezing.
Thank you in advance, any help at all is greatly appreciated!

Submit the following file(s) to VirusTotal for their immediate evaluation and feedback. Use any of the following methods, as appropriate:

• Locate FULL FILE PATH if not apparent. Use Start (BUTTON)>Search, [WINDOWS+F] keys, or F3 key.
• Copy & Paste the FULL FILE PATH in the input BOX
  -- OR --
• Navigate to the file in question.

Post those results in your next reply (if malware findings were indicated) for:

C:\WINDOWS\SYSTEM\LXCRPPLS.EXE




Get HostsXpert here:
http://www.funkytoad.com/download/HostsXpert.zip

• Unzip it to a convenient place and run the program.
• If you see red text (‘Make Writeable?’) then press the ‘Make Writeable?’ BUTTON.
• Click ’Restore MS Hosts File’ BUTTON.
• You will be asked to confirm ’Press OK to Restore Microsofts original Hosts File’. Click ’OK’ BUTTON.
• Close the program.

You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items – to avoid horrible clutter and/or potential lost backup issues.

It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.

• Create a new folder in your C: Drive.
• Name the FOLDER HijackThis (or HJT) such as C:\Program Files\HijackThis or C:\HJT and
• Move the HijackThis.exe file into the newly created FOLDER.
• Run HJT from there (and revise your shortcut accordingly).

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O4 - HKLM\..\Run: [ONSRVR] C:\WINDOWS\SYSTEM\OnSrvr.exe

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.




REBOOT.


Delete FILE:
C:\WINDOWS\SYSTEM\OnSrvr.exe



POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

Logfile of HijackThis v1.99.1
Scan saved at 11:34:09 PM, on 5/5/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LXCRPPLS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\HPHMON04.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LEXMARK 2400 SERIES\LXCRMON.EXE
C:\PROGRAM FILES\LEXMARK 2400 SERIES\EZPRINT.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\ONSRVR.EXE
C:\PROGRAM FILES\MYSPACE\IM\MYSPACEIM.EXE
C:\WINDOWS\SYSTEM\ACHKR.EXE
C:\WINDOWS\SYSTEM\LXCRCOMS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...nsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...rchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL (file missing)
F1 - win.ini: run=lxcrppls.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\PROGRAM FILES\LEXMARK TOOLBAR\TOOLBAND.DLL
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN1\YT.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\PROGRAM FILES\LEXMARK TOOLBAR\TOOLBAND.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\SYSTEM\HPHMON04.EXE
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\SYSTEM\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OnSrvr] C:\WINDOWS\SYSTEM\AChkr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O8 - Extra context menu item: &Dictionary - C:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Spelling - C:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Thesaurus - C:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Translate - C:\Program Files\Dictionary\dictionary.html
O8 - Extra context menu item: &Web Search - C:\Program Files\Dictionary\search.html
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .PPT: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPDOC. DLL
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

Thank you for your prompt reply. I wasn't able to find the onsrvr.exe after the reboot to delete it, so I think that HJT fixed that problem when I checked it. I will post soon to let you know how the system is running since following your advice.
Again, thanks bunches...
(And on a personal note, my MySpace page profile picture is of both of my hazel eyes! lol)

I just wanted to write to let you know I have enjoyed 5 hours of uninterrupted websurfing without a crashing incident!
THANK YOU!!!
Your advice was stellar!!!

Nice to hear that things are working better.

An absence of symptoms does not guarantee you are free of malware:
http://www.castlecops.com/modules.ph...t&query=ONSRVR

C:\WINDOWS\SYSTEM\AChkr.exe
C:\WINDOWS\SYSTEM\ONSRVR.EXE

You really should investigate the above files at VirusTotal.

Show hidden files:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html


Fix the following additional item in HijackThis:

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

Complete scanning result of "AChkr.exe", received in VirusTotal at 05.06.2007, 19:58:30 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.4.0 05.04.2007 no virus found
AntiVir 7.4.0.15 05.06.2007 ADSPY/OnWebMedia.A.2
Authentium 4.93.8 05.04.2007 no virus found
Avast 4.7.997.0 05.05.2007 no virus found
AVG 7.5.0.467 05.06.2007 Adware Generic.EWU
BitDefender 7.2 05.06.2007 Adware.Onwebmedia.C
CAT-QuickHeal 9.00 05.05.2007 no virus found
ClamAV devel-20070416 05.06.2007 no virus found
DrWeb 4.33 05.06.2007 no virus found
eSafe 7.0.15.0 05.03.2007 no virus found
eTrust-Vet 30.7.3615 05.05.2007 no virus found
Ewido 4.0 05.06.2007 no virus found
FileAdvisor 1 05.06.2007 no virus found
Fortinet 2.85.0.0 05.06.2007 Adware/Checkin
F-Prot 4.3.2.48 05.04.2007 no virus found
F-Secure 6.70.13030.0 05.06.2007 no virus found
Ikarus T3.1.1.7 05.06.2007 no virus found
Kaspersky 4.0.2.24 05.06.2007 not-a-virus:AdWare.Win32.OnWebMedia.a
McAfee 5024 05.04.2007 potentially unwanted program Adware-Checkin
Microsoft 1.2503 05.06.2007 Adware:Win32/OnWebMedia (threat-c)
NOD32v2 2245 05.06.2007 Win32/Adware.OnWebMedia
Norman 5.80.02 05.04.2007 W32/OnWebMedia.C
Panda 9.0.0.4 05.06.2007 Spyware/OnWebMedia
Prevx1 V2 05.06.2007 no virus found
Sophos 4.17.0 05.05.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 OnWebMedia
Symantec 10 05.06.2007 Adware.SearchSeekFind
TheHacker 6.1.6.104 04.15.2007 no virus found
VBA32 3.11.4 05.04.2007 no virus found
VirusBuster 4.3.7:9 05.06.2007 no virus found
Webwasher-Gateway 6.0.1 05.06.2007 Ad-Spyware.OnWebMedia.A.2

Aditional Information
File size: 36864 bytes
MD5: 5570257b000680b02609811cc09b6800
SHA1: 617f8872aada96f5a0100e07d9c22e8a4c854a36

Complete scanning result of "OnSrvr.exe", received in VirusTotal at 05.06.2007, 20:24:21 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.4.0 05.04.2007 no virus found
AntiVir 7.4.0.15 05.06.2007 ADSPY/OnWebMedia.B
Authentium 4.93.8 05.04.2007 no virus found
Avast 4.7.997.0 05.05.2007 no virus found
AVG 7.5.0.467 05.06.2007 Adware Generic.CHG
BitDefender 7.2 05.06.2007 Application.Adware.Checkin.A
CAT-QuickHeal 9.00 05.05.2007 no virus found
ClamAV devel-20070416 05.06.2007 no virus found
DrWeb 4.33 05.06.2007 no virus found
eSafe 7.0.15.0 05.03.2007 no virus found
eTrust-Vet 30.7.3615 05.05.2007 no virus found
Ewido 4.0 05.06.2007 no virus found
FileAdvisor 1 05.06.2007 no virus found
Fortinet 2.85.0.0 05.06.2007 Adware/Checkin
F-Prot 4.3.2.48 05.04.2007 no virus found
F-Secure 6.70.13030.0 05.06.2007 W32/OnWebMedia.C.dropper
Ikarus T3.1.1.7 05.06.2007 not-a-virus:AdWare.Win32.OnWebMedia.b
Kaspersky 4.0.2.24 05.06.2007 not-a-virus:AdWare.Win32.OnWebMedia.b
McAfee 5024 05.04.2007 potentially unwanted program Adware-Checkin
Microsoft 1.2503 05.06.2007 no virus found
NOD32v2 2245 05.06.2007 probably unknown NewHeur_PE virus
Norman 5.80.02 05.04.2007 W32/OnWebMedia.B
Panda 9.0.0.4 05.06.2007 Spyware/OnWebMedia
Prevx1 V2 05.06.2007 no virus found
Sophos 4.17.0 05.05.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.06.2007 Adware.SearchSeekFind
TheHacker 6.1.6.104 04.15.2007 no virus found
VBA32 3.11.4 05.04.2007 AdWare.OnWebMedia.b
VirusBuster 4.3.7:9 05.06.2007 no virus found
Webwasher-Gateway 6.0.1 05.06.2007 Ad-Spyware.OnWebMedia.B

Aditional Information
File size: 176128 bytes
MD5: 65d679ca19fafd8238a9a140969a5bde
SHA1: ca6ab667b9804cb1002eec1302fe9a0e0afbf76a
packers: embedded