Tech Support Forum - View Single Post - looots of adware/spyware keep coming all due to a bad windows media player link

compgeek · 07-16-2005, 03:12 PM

Incident Status Location

Possible Virus. No disinfected C:\WINDOWS\SYSTEM\WMASCR.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\DVNET.DLL
Adware:adware/alwaysupdatednewsNo disinfected C:\WINDOWS\SYSTEM\Free Picture iPod.ico
Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM\winupdt.bin
Adware:adware/sqwire No disinfected C:\WINDOWS\SYSTEM\tsuninst.exe
Adware:adware/powersearch No disinfected C:\WINDOWS\SYSTEM\stlb2.xml
Adware:adware/ncase No disinfected C:\WINDOWS\SYSTEM\saie_gdf.dat
Spyware:spyware/surfsidekick No disinfected C:\WINDOWS\SYSTEM\CACHE\SSK_B5 WMG Media - Rev Share 3.EXE
Adware:adware/searchtheweb No disinfected C:\WINDOWS\SYSTEM\CACHE\mswinstall.exe
Adware:adware/transponder No disinfected C:\WINDOWS\INF\CERES.INF
Spyware:spyware/betterinet No disinfected C:\WINDOWS\Buddy.exe
Adware:adware/apropos No disinfected C:\WINDOWS\cxtpls_loader.exe
Adware:adware/navhelper No disinfected C:\PROGRAM FILES\Ares
Adware:adware/sidesearch No disinfected C:\WINDOWS\APPLICATION DATA\Lycos
Adware:adware/mediatickets No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/MEDIATICKETSINSTALLER.OCX
Adware:adware/sidefind No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TSL INSTALLER
Adware:adware/wintools No disinfected HKEY_CLASSES_ROOT\PROTOCOLS\NAME-SPACE HANDLER\RES
Adware:adware/mywebsearch No disinfected HKEY_CLASSES_ROOT\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A}
Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Spyware:spyware/bargainbuddy No disinfected HKEY_CLASSES_ROOT\Interface\{71a27036-c7d8-11d2-bef8-525400dfb47a}
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\SSI_CI32.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\QJV.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\IPSETUP.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\NYWRSPT.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\MNDMO.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\IWWPHBK.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\CRL3DV2.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\QAV.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\PXNMAP.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\WSADMOD.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\HNOPNP.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\BIOWSEUI.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\NWONN16.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\OGBCINT.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\OWBCBCP.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\WNNMM.DLL
Adware:Adware/Transponder No disinfected C:\WINDOWS\SYSTEM\biA.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM\Cache\ezstub.exe
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\SYSTEM\Cache\ic_d.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\Cache\videoinst.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\SYSTEM\Cache\SSK_B5 WMG Media - Rev Share 3.EXE
Adware:Adware/ILookup No disinfected C:\WINDOWS\SYSTEM\Cache\trgen-fran-default.exe
Adware:Adware/ILookup No disinfected C:\WINDOWS\SYSTEM\Cache\trgen_fran-162813.exe
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\datadx.dll
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\danput8.dll
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\Cul3d.dll
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\WMASCR.DLL
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\SYSTEM\tsuninst.exe
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\ASSTREAM.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\VKAME.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\Ccwflt32.dll
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\mb43dmod.dll
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\cartc.dll
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\mwident.dll
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\mb4sdmod.dll
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\IS_NDI.DLL
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\AOTXPRXY.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\MIC40.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\VEPODBC.DLL
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM\Shex.exe
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\poisdecd.dll
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\dvnet.dll
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\MIC42.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\NUWRSPT.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\dascript.dll
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\SYSTEM\dlylygu.exe
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\UJLMON.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\IAGUTIL.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\SNROBJ.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\SUSCRAP.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\aosc\!update-2154.0000
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\NMRSES.DLL
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\BIA.INF
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\CERES.INF
Possible Virus. No disinfected C:\WINDOWS\TEMP\pav72B7.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pav72E5.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pav8170.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pav8323.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pav9140.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pav91A5.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pav91C1.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pav9221.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pav9270.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pav9285.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pav92E3.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pav92E6.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pav9371.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pav93B5.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA003.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA041.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA043.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA282.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA283.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA292.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA2B0.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA2B1.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA2B3.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA2B4.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA2B6.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA2E6.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA354.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA355.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA381.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA382.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA392.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB014.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB020.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB022.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB026.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB031.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB032.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB034.TMP
Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB041.TMP
Adware:Adware/SearchTheWeb No disinfected C:\WINDOWS\All Users\Application Data\msw\BMan1.exe
Adware:Adware/SearchTheWeb No disinfected C:\WINDOWS\All Users\Application Data\msw\MSW.exe
Virus:Trj/Qoologic.G Disinfected C:\WINDOWS\pppqu.dat
Virus:Trj/Qoologic.G Disinfected C:\WINDOWS\jjjanl.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Buddy.exe
Possible Virus. No disinfected C:\WINDOWS\dddfswg.dll
Possible Virus. No disinfected C:\WINDOWS\pi1_60.exe
Spyware:Spyware/BargainBuddy No disinfected C:\Temp\bb_click_wider.swf
Spyware:Spyware/BargainBuddy No disinfected C:\Temp\bb_auto_wider.swf
Spyware:Spyware/BargainBuddy No disinfected C:\Temp\logo.gif
Spyware:Spyware/BetterInet No disinfected C:\HJT\backups\backup-20050716-152547-807.dll
Virus:Trj/Qoologic.G Disinfected C:\HJT\backups\backup-20050715-225329-754-nnnd.exe
Virus:Trj/Qoologic.G Disinfected C:\HJT\backups\backup-20050716-152547-113-nnnd.exe
Virus:Trj/Mitglieder.DC Disinfected [1.zip][03_05_2005.exe]

Logfile of HijackThis v1.99.1
Scan saved at 5:12:59 PM, on 7/16/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\DIGSTREAM\DIGSTREAM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

07-16-2005, 03:12 PM	#7 (permalink)
compgeek Member Join Date: Jan 2005 Posts: 33 OS: Windows ME	panda and hijackthis logs Incident Status Location Possible Virus. No disinfected C:\WINDOWS\SYSTEM\WMASCR.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\DVNET.DLL Adware:adware/alwaysupdatednewsNo disinfected C:\WINDOWS\SYSTEM\Free Picture iPod.ico Adware:adware/portalscan No disinfected C:\WINDOWS\SYSTEM\winupdt.bin Adware:adware/sqwire No disinfected C:\WINDOWS\SYSTEM\tsuninst.exe Adware:adware/powersearch No disinfected C:\WINDOWS\SYSTEM\stlb2.xml Adware:adware/ncase No disinfected C:\WINDOWS\SYSTEM\saie_gdf.dat Spyware:spyware/surfsidekick No disinfected C:\WINDOWS\SYSTEM\CACHE\SSK_B5 WMG Media - Rev Share 3.EXE Adware:adware/searchtheweb No disinfected C:\WINDOWS\SYSTEM\CACHE\mswinstall.exe Adware:adware/transponder No disinfected C:\WINDOWS\INF\CERES.INF Spyware:spyware/betterinet No disinfected C:\WINDOWS\Buddy.exe Adware:adware/apropos No disinfected C:\WINDOWS\cxtpls_loader.exe Adware:adware/navhelper No disinfected C:\PROGRAM FILES\Ares Adware:adware/sidesearch No disinfected C:\WINDOWS\APPLICATION DATA\Lycos Adware:adware/mediatickets No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/MEDIATICKETSINSTALLER.OCX Adware:adware/sidefind No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TSL INSTALLER Adware:adware/wintools No disinfected HKEY_CLASSES_ROOT\PROTOCOLS\NAME-SPACE HANDLER\RES Adware:adware/mywebsearch No disinfected HKEY_CLASSES_ROOT\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A} Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908} Spyware:spyware/bargainbuddy No disinfected HKEY_CLASSES_ROOT\Interface\{71a27036-c7d8-11d2-bef8-525400dfb47a} Possible Virus. No disinfected C:\WINDOWS\SYSTEM\SSI_CI32.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\QJV.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\IPSETUP.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\NYWRSPT.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\MNDMO.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\IWWPHBK.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\CRL3DV2.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\QAV.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\PXNMAP.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\WSADMOD.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\HNOPNP.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\BIOWSEUI.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\NWONN16.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\OGBCINT.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\OWBCBCP.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\WNNMM.DLL Adware:Adware/Transponder No disinfected C:\WINDOWS\SYSTEM\biA.exe Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM\Cache\ezstub.exe Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\SYSTEM\Cache\ic_d.exe Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\Cache\videoinst.exe Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\SYSTEM\Cache\SSK_B5 WMG Media - Rev Share 3.EXE Adware:Adware/ILookup No disinfected C:\WINDOWS\SYSTEM\Cache\trgen-fran-default.exe Adware:Adware/ILookup No disinfected C:\WINDOWS\SYSTEM\Cache\trgen_fran-162813.exe Possible Virus. No disinfected C:\WINDOWS\SYSTEM\datadx.dll Possible Virus. No disinfected C:\WINDOWS\SYSTEM\danput8.dll Possible Virus. No disinfected C:\WINDOWS\SYSTEM\Cul3d.dll Possible Virus. No disinfected C:\WINDOWS\SYSTEM\WMASCR.DLL Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\SYSTEM\tsuninst.exe Possible Virus. No disinfected C:\WINDOWS\SYSTEM\ASSTREAM.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\VKAME.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\Ccwflt32.dll Possible Virus. No disinfected C:\WINDOWS\SYSTEM\mb43dmod.dll Possible Virus. No disinfected C:\WINDOWS\SYSTEM\cartc.dll Possible Virus. No disinfected C:\WINDOWS\SYSTEM\mwident.dll Possible Virus. No disinfected C:\WINDOWS\SYSTEM\mb4sdmod.dll Possible Virus. No disinfected C:\WINDOWS\SYSTEM\IS_NDI.DLL Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe Possible Virus. No disinfected C:\WINDOWS\SYSTEM\AOTXPRXY.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\MIC40.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\VEPODBC.DLL Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM\Shex.exe Possible Virus. No disinfected C:\WINDOWS\SYSTEM\poisdecd.dll Possible Virus. No disinfected C:\WINDOWS\SYSTEM\dvnet.dll Possible Virus. No disinfected C:\WINDOWS\SYSTEM\MIC42.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\NUWRSPT.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\dascript.dll Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\SYSTEM\dlylygu.exe Possible Virus. No disinfected C:\WINDOWS\SYSTEM\UJLMON.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\IAGUTIL.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\SNROBJ.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\SUSCRAP.DLL Possible Virus. No disinfected C:\WINDOWS\SYSTEM\aosc\!update-2154.0000 Possible Virus. No disinfected C:\WINDOWS\SYSTEM\NMRSES.DLL Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\BIA.INF Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\CERES.INF Possible Virus. No disinfected C:\WINDOWS\TEMP\pav72B7.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pav72E5.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pav8170.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pav8323.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pav9140.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pav91A5.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pav91C1.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pav9221.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pav9270.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pav9285.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pav92E3.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pav92E6.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pav9371.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pav93B5.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA003.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA041.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA043.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA282.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA283.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA292.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA2B0.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA2B1.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA2B3.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA2B4.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA2B6.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA2E6.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA354.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA355.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA381.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA382.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavA392.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB014.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB020.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB022.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB026.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB031.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB032.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB034.TMP Possible Virus. No disinfected C:\WINDOWS\TEMP\pavB041.TMP Adware:Adware/SearchTheWeb No disinfected C:\WINDOWS\All Users\Application Data\msw\BMan1.exe Adware:Adware/SearchTheWeb No disinfected C:\WINDOWS\All Users\Application Data\msw\MSW.exe Virus:Trj/Qoologic.G Disinfected C:\WINDOWS\pppqu.dat Virus:Trj/Qoologic.G Disinfected C:\WINDOWS\jjjanl.exe Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Buddy.exe Possible Virus. No disinfected C:\WINDOWS\dddfswg.dll Possible Virus. No disinfected C:\WINDOWS\pi1_60.exe Spyware:Spyware/BargainBuddy No disinfected C:\Temp\bb_click_wider.swf Spyware:Spyware/BargainBuddy No disinfected C:\Temp\bb_auto_wider.swf Spyware:Spyware/BargainBuddy No disinfected C:\Temp\logo.gif Spyware:Spyware/BetterInet No disinfected C:\HJT\backups\backup-20050716-152547-807.dll Virus:Trj/Qoologic.G Disinfected C:\HJT\backups\backup-20050715-225329-754-nnnd.exe Virus:Trj/Qoologic.G Disinfected C:\HJT\backups\backup-20050716-152547-113-nnnd.exe Virus:Trj/Mitglieder.DC Disinfected [1.zip][03_05_2005.exe] Logfile of HijackThis v1.99.1 Scan saved at 5:12:59 PM, on 7/16/2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\DEVLDR16.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\DIGSTREAM\DIGSTREAM.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\WUAUCLT.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\HJT\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/tech...a/LSSupCtl.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab