Tech Support Forum - View Single Post

Ohiostatewoody5 · 03-06-2006, 08:33 PM

Im getting quite a few popups and i get download box that wants me to download iframes3 i think its from ad.yieldmanager or something like that.
when i check ctrl alt delete i have quite a few iexplores going.

here is my hijack this log and the kasper results

Logfile of HijackThis v1.99.1
Scan saved at 9:30:57 PM, on 3/6/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SLEEPY\SLPTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\SLEEPY\MONITOR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AdmTask] C:\Program Files\AdmTask\admtask.exe /m
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [AdmTask] C:\Program Files\AdmTask\admtask.exe /s
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .ipp: C:\PROGRA~1\INTERN~1\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\PROGRA~1\INTERN~1\Plugins\npimth32.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {4E71E6DD-FB37-4641-A96E-4456399A6DB0} (CodeBabyObject Object) - http://jade.bioware.com/codebaby/codebaby.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/int...ctXInstall.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.charter.com/diskless/bin/tgctlcm.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...bscan_ansi.cab

Kasper Results

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, March 06, 2006 21:17:39
Operating System: Microsoft Windows 98 SE
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/03/2006
Kaspersky Anti-Virus database records: 180584
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
a:\
c:\
d:\
e:\
f:\

Scan Statistics:
Total number of scanned objects: 39437
Number of viruses found: 32
Number of infected objects: 66
Number of suspicious objects: 2
Duration of the scan process: 3303 sec

Infected Object Name - Virus Name
c:\WINDOWS\SYSTEM\MKCMS.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\DINHPAST.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\MARD3X40.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\bk.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa
c:\WINDOWS\SYSTEM\bk.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa
c:\WINDOWS\SYSTEM\bk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa
c:\WINDOWS\SYSTEM\RFSAPI32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\qodsregk.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m
c:\WINDOWS\SYSTEM\MHJT3032.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\lrpsd11n.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\SVROBJ.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\dlvx_xx07.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip/soproc.exe Suspicious: Password-protected-EXE
c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip Suspicious: Password-protected-EXE
c:\WINDOWS\Downloaded Program Files\turbo.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.as
c:\WINDOWS\Downloaded Program Files\WUInst.dll Infected: not-a-virus:AdWare.Win32.SaveNow.ab
c:\WINDOWS\Downloaded Program Files\ashton.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.as
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D51-ACAD-11DA-960C-00E07D\0DC22D57-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.Maxifiles.j
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D51-ACAD-11DA-960C-00E07D\0DC22D5A-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.Maxifiles.w
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D51-ACAD-11DA-960C-00E07D\0DC22D5B-ACAD-11DA-960C-00E07D/Catcher.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.w
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D51-ACAD-11DA-960C-00E07D\0DC22D5B-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.Maxifiles.w
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D51-ACAD-11DA-960C-00E07D\0DC22D5C-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.Maxifiles.s
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D7F-ACAD-11DA-960C-00E07D\0DC22D80-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.Perfnav.a
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D83-ACAD-11DA-960C-00E07D\0DC22D84-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.WebRebates.b
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D83-ACAD-11DA-960C-00E07D\0DC22D85-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.HelpExpress
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D94-ACAD-11DA-960C-00E07D\0DC22D96-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.Softomate.k
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DA6-ACAD-11DA-960C-00E07D\0DC22DA7-ACAD-11DA-960C-00E07D Infected: not-a-virus:Server-Proxy.Win32.MarketScode.c
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DA6-ACAD-11DA-960C-00E07D\0DC22DA8-ACAD-11DA-960C-00E07D Infected: not-a-virus:Server-Proxy.Win32.MarketScode.c
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DAA-ACAD-11DA-960C-00E07D\0DC22DAB-ACAD-11DA-960C-00E07D/InpB/TvmBho.dll Infected: not-a-virus:AdWare.Win32.TotalVelocity.k
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DAA-ACAD-11DA-960C-00E07D\0DC22DAB-ACAD-11DA-960C-00E07D/InpB/TvmCore.dll Infected: not-a-virus:AdWare.Win32.TotalVelocity.m
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DAA-ACAD-11DA-960C-00E07D\0DC22DAB-ACAD-11DA-960C-00E07D/InpB/Tvm.exe Infected: not-a-virus:AdWare.Win32.TotalVelocity.k
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DAA-ACAD-11DA-960C-00E07D\0DC22DAB-ACAD-11DA-960C-00E07D/InpB Infected: not-a-virus:AdWare.Win32.TotalVelocity.k
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DAA-ACAD-11DA-960C-00E07D\0DC22DAB-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.TotalVelocity.k
c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DB4-ACAD-11DA-960C-00E07D\0DC22DB5-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.SaveNow.bo
c:\WINDOWS\browserxtras\pn\remove.exe/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval.f
c:\WINDOWS\browserxtras\pn\remove.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval.f
c:\WINDOWS\browserxtras\pn\remove.exe Infected: Trojan-Downloader.Win32.Keenval.f
c:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw
c:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg
c:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg
c:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg
c:\WINDOWS\pf78.exe Infected: Trojan.Win32.VB.tg
c:\My Documents\CPmIRCv21.zip/cpmirc21.exe/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603
c:\My Documents\CPmIRCv21.zip/cpmirc21.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603
c:\My Documents\CPmIRCv21.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.603
c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0018.BIN/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.v
c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0018.BIN/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a
c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.BargainBuddy.a
c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0025.BIN/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a
c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0025.BIN/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore
c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.Ucmore
c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0027.BIN/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.e
c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0027.BIN/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl
c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0027.BIN/data0001.cab/Weather/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow
c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0027.BIN/data0001.cab/Weather/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl
c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0027.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.bl
c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bl
c:\My Documents\My Deliveries\cnet\setupmp3towav.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl
c:\My Documents\ssbuilder3.exe/data0013 Infected: not-a-virus:AdWare.Win32.ComedyPlanet.b
c:\My Documents\ssbuilder3.exe Infected: not-a-virus:AdWare.Win32.ComedyPlanet.b
c:\My Documents\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
c:\My Documents\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo
c:\Program Files\Support.com\backup\ho\hosts\3397_50ca3e631_/hosts Infected: Trojan-Clicker.Win32.Qhost.a
c:\Program Files\Support.com\backup\ho\hosts\3397_50ca3e631_ Infected: Trojan-Clicker.Win32.Qhost.a
c:\NNSCAA638.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet
c:\ZICORN001.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m
c:\ventfe1.exe/data0002 Infected: not-a-virus:AdWare.Win32.BookedSpace.e
c:\ventfe1.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.e

Scan process completed.

03-06-2006, 08:33 PM	#7 (permalink)
Ohiostatewoody5 Registered User Join Date: Mar 2006 Posts: 27 OS: Win98	Im getting quite a few popups and i get download box that wants me to download iframes3 i think its from ad.yieldmanager or something like that. when i check ctrl alt delete i have quite a few iexplores going. here is my hijack this log and the kasper results Logfile of HijackThis v1.99.1 Scan saved at 9:30:57 PM, on 3/6/06 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\SLEEPY\SLPTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\PROGRAM FILES\SLEEPY\MONITOR.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\AIM\AIM.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\NOTEPAD.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [AdmTask] C:\Program Files\AdmTask\admtask.exe /m O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\RunServices: [AdmTask] C:\Program Files\AdmTask\admtask.exe /s O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .ipp: C:\PROGRA~1\INTERN~1\Plugins\npimth32.dll O12 - Plugin for .ipt: C:\PROGRA~1\INTERN~1\Plugins\npimth32.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {4E71E6DD-FB37-4641-A96E-4456399A6DB0} (CodeBabyObject Object) - http://jade.bioware.com/codebaby/codebaby.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/int...ctXInstall.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.charter.com/diskless/bin/tgctlcm.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Verizo...oadControl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...bscan_ansi.cab Kasper Results ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Monday, March 06, 2006 21:17:39 Operating System: Microsoft Windows 98 SE Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 7/03/2006 Kaspersky Anti-Virus database records: 180584 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: a:\ c:\ d:\ e:\ f:\ Scan Statistics: Total number of scanned objects: 39437 Number of viruses found: 32 Number of infected objects: 66 Number of suspicious objects: 2 Duration of the scan process: 3303 sec Infected Object Name - Virus Name c:\WINDOWS\SYSTEM\MKCMS.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap c:\WINDOWS\SYSTEM\DINHPAST.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap c:\WINDOWS\SYSTEM\MARD3X40.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap c:\WINDOWS\SYSTEM\bk.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa c:\WINDOWS\SYSTEM\bk.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa c:\WINDOWS\SYSTEM\bk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa c:\WINDOWS\SYSTEM\RFSAPI32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap c:\WINDOWS\SYSTEM\qodsregk.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m c:\WINDOWS\SYSTEM\MHJT3032.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap c:\WINDOWS\SYSTEM\lrpsd11n.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ap c:\WINDOWS\SYSTEM\SVROBJ.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap c:\WINDOWS\SYSTEM\dlvx_xx07.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ap c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip/soproc.exe Suspicious: Password-protected-EXE c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip Suspicious: Password-protected-EXE c:\WINDOWS\Downloaded Program Files\turbo.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.as c:\WINDOWS\Downloaded Program Files\WUInst.dll Infected: not-a-virus:AdWare.Win32.SaveNow.ab c:\WINDOWS\Downloaded Program Files\ashton.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.as c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D51-ACAD-11DA-960C-00E07D\0DC22D57-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.Maxifiles.j c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D51-ACAD-11DA-960C-00E07D\0DC22D5A-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.Maxifiles.w c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D51-ACAD-11DA-960C-00E07D\0DC22D5B-ACAD-11DA-960C-00E07D/Catcher.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.w c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D51-ACAD-11DA-960C-00E07D\0DC22D5B-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.Maxifiles.w c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D51-ACAD-11DA-960C-00E07D\0DC22D5C-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.Maxifiles.s c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D7F-ACAD-11DA-960C-00E07D\0DC22D80-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.Perfnav.a c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D83-ACAD-11DA-960C-00E07D\0DC22D84-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.WebRebates.b c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D83-ACAD-11DA-960C-00E07D\0DC22D85-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.HelpExpress c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22D94-ACAD-11DA-960C-00E07D\0DC22D96-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.Softomate.k c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DA6-ACAD-11DA-960C-00E07D\0DC22DA7-ACAD-11DA-960C-00E07D Infected: not-a-virus:Server-Proxy.Win32.MarketScode.c c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DA6-ACAD-11DA-960C-00E07D\0DC22DA8-ACAD-11DA-960C-00E07D Infected: not-a-virus:Server-Proxy.Win32.MarketScode.c c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DAA-ACAD-11DA-960C-00E07D\0DC22DAB-ACAD-11DA-960C-00E07D/InpB/TvmBho.dll Infected: not-a-virus:AdWare.Win32.TotalVelocity.k c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DAA-ACAD-11DA-960C-00E07D\0DC22DAB-ACAD-11DA-960C-00E07D/InpB/TvmCore.dll Infected: not-a-virus:AdWare.Win32.TotalVelocity.m c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DAA-ACAD-11DA-960C-00E07D\0DC22DAB-ACAD-11DA-960C-00E07D/InpB/Tvm.exe Infected: not-a-virus:AdWare.Win32.TotalVelocity.k c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DAA-ACAD-11DA-960C-00E07D\0DC22DAB-ACAD-11DA-960C-00E07D/InpB Infected: not-a-virus:AdWare.Win32.TotalVelocity.k c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DAA-ACAD-11DA-960C-00E07D\0DC22DAB-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.TotalVelocity.k c:\WINDOWS\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0DC22DB4-ACAD-11DA-960C-00E07D\0DC22DB5-ACAD-11DA-960C-00E07D Infected: not-a-virus:AdWare.Win32.SaveNow.bo c:\WINDOWS\browserxtras\pn\remove.exe/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval.f c:\WINDOWS\browserxtras\pn\remove.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval.f c:\WINDOWS\browserxtras\pn\remove.exe Infected: Trojan-Downloader.Win32.Keenval.f c:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw c:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg c:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg c:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg c:\WINDOWS\pf78.exe Infected: Trojan.Win32.VB.tg c:\My Documents\CPmIRCv21.zip/cpmirc21.exe/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 c:\My Documents\CPmIRCv21.zip/cpmirc21.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 c:\My Documents\CPmIRCv21.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.603 c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0018.BIN/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.v c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0018.BIN/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.BargainBuddy.a c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0025.BIN/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0025.BIN/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.Ucmore c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0027.BIN/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.e c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0027.BIN/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0027.BIN/data0001.cab/Weather/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0027.BIN/data0001.cab/Weather/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0027.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.bl c:\My Documents\My Deliveries\cnet\setupmp3towav.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bl c:\My Documents\My Deliveries\cnet\setupmp3towav.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl c:\My Documents\ssbuilder3.exe/data0013 Infected: not-a-virus:AdWare.Win32.ComedyPlanet.b c:\My Documents\ssbuilder3.exe Infected: not-a-virus:AdWare.Win32.ComedyPlanet.b c:\My Documents\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo c:\My Documents\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo c:\Program Files\Support.com\backup\ho\hosts\3397_50ca3e631_/hosts Infected: Trojan-Clicker.Win32.Qhost.a c:\Program Files\Support.com\backup\ho\hosts\3397_50ca3e631_ Infected: Trojan-Clicker.Win32.Qhost.a c:\NNSCAA638.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet c:\ZICORN001.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m c:\ventfe1.exe/data0002 Infected: not-a-virus:AdWare.Win32.BookedSpace.e c:\ventfe1.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.e Scan process completed.