I ran some traffic generators tonight and then found that they had infected my computer with viruses and also installed some programs without my authorization.
I am running Windows Me. I have disabled system restore. I have AVG Free Edition virus scan. I ran HiJackThis - log follows:
Logfile of HijackThis v1.98.2
Scan saved at 2:30:06 AM, on 9/3/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\CREATIVE\MOUSE OPTICAL\MOUSE_ME.EXE
C:\WINDOWS\SYSTEM\WMIEXE32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINCLT.EXE
C:\TEMP\MSBB.EXE
C:\WINDOWS\ZEBMPQB.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.4.0.1\EBAYTBAR.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\PROGRAM FILES\WORDWEB\WWEB32.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\INSTALL.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 4.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\EYETIDE MEDIA\EYETIDE VIEWER\EYETIDECONTROLLER.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES1.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://hp.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: eBay Helper Object - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.4.0.1\EBAYBAND.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM301.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\SYSTEM\APUC.DLL
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\SYSTEM\NVMS.DLL
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\SYSTEM\MSCB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.4.0.1\EBAYBAND.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Mouse Optical\mouse_me.exe
O4 - HKLM\..\Run: [wmiexe] C:\WINDOWS\SYSTEM\wmiexe32.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [Winad Client] C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [zebmpqb] C:\WINDOWS\zebmpqb.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: eBay Toolbar.LNK = C:\Program Files\eBay\eBay Toolbar\4.4.0.1\ebaytbar.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.4.0.1\EBAYBAND.DLL
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.4.0.1\EBAYBAND.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD2\V4\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD2\V4\YHEXBMES.DLL
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\TRASH.EXE (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\TRASH.EXE (file missing) (HKCU)
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: Jungle Gin by pogo.com - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo.com - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Poppit! TM by pogo.com - http://poppit24.pogo.com/applet/poppit/poppit-ob-assets.cab
O16 - DPF: Backgammon by pogo.com - http://backgammon02.pogo.com/applet/backgammon/backgammon-ob-assets.cab
O16 - DPF: Tumble Bees by pogo.com - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab
O16 - DPF: Pop Fu by pogo.com - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Triviatron II by pogo.com - http://triviatron2.pogo.com/applet/triviatron2/triviatron2-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo.com - http://bingoe.pogo.com/applet/bingo/bingoe-ob-assets.cab
O16 - DPF: Word Whomp by pogo.com - http://whomp.pogo.com/applet/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo.com - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: Dominoes by pogo.com - http://domino01.pogo.com/applet/domino/domino-ob-assets.cab
O16 - DPF: Keno by pogo.com - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Jackpot Bingo by pogo.com - http://bingoj02.pogo.com/applet/bingo/bingoj-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo.com - http://temp36.pogo.com/applet/freecell/freecell-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo.com - http://showbiz2.pogo.com/applet/slots/showbiz2-ob-assets.cab
O16 - DPF: Checkers by pogo.com - http://checkers.pogo.com/applet/checkers2/checkers-ob-assets.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Hearts by pogo.com - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/Cult.cab
O16 - DPF: Spades by pogo.com - http://temp36.pogo.com/applet/spades/spades-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo.com - http://solitaire44.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Video Poker by pogo.com - http://vpoker05.pogo.com/applet/videopoker2/videopoker-ob-assets.cab
O16 - DPF: Cribbage by pogo.com - http://crib.pogo.com/applet/cribbage/cribbage-ob-assets.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v41/wordcube/wordcube.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {7BC394DE-07B8-412B-9F98-52E7E7A4ABD4} (Pencil Wars Control) - http://mirror.worldwinner.com/games/v42/territory/territory.cab
O16 - DPF: Squelchies by pogo.com - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.9.0.25/gin/gin-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.8.5.28/hearts/hearts-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://roulet.pogo.com/applet/roulette/roulette-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.8.3.26/poppit/poppit-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://play48.pogo.com/applet/animal/animal-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://temp29.pogo.com/applet/drawpoker/drawpoker-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.9.2.38/jumbee/jumbee-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.2.31/popfu/popfu-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire.pogo.com/applet-5.9.2.31/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-5.9.2.38/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.2.21/peaks/peaks-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game6.pogo.com/applet-5.8.6.20/turbo21/turbo21-ob-assets.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://temp39.pogo.com/applet/slots/alibaba-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://temp35.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.2.19/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://temp92.pogo.com/applet/slots/scifi-ob-assets.cab
O16 - DPF: Triviatron II by pogo - http://triviatron2.pogo.com/applet/triviatron2/triviatron2-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.6.20/freecell/freecell-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.8.4.18/worldclass/worldclass-ob-assets.cab
O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebble/pebble-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.3.20/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.6.20/mahjong/mahjong-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.9.0.18/backgammon/backgammon-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://solitaire32.pogo.com/applet-5.8.3.26/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem03.pogo.com/applet/holdem/holdem-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet-5.9.2.21/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.1.28/slots/showbiz-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.6.20/pool2/pool-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.9.1.28/flinger/flinger-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.8.3.26/euchre/euchre-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.8.4.18/greenback/greenback-ob-assets.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4021/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/domino/domino-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.0.25/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.6.20/cribbage/cribbage-ob-assets.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.926476744993806&file=stamps.cab
O16 - DPF: Ricochet by pogo - http://game3.pogo.com/applet-5.9.0.18/ricochet/ricochet-ob-assets.cab
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com/applet-5.9.0.18/keno/keno-ob-assets.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1...r4_6/nminstall_en_4.62.33.0_MEGAPANEL_USA.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-5.9.3.29/canasta/canasta-ob-assets.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
My virus scan program moved most of the viruses into Virus Vault - log follows:
Results of Complete Test, date and time 9/3/2004 1:24:01 :
Testing C:\ volume HP_PAVILION serial 3612-0BDA
C:\WINDOWS\TEMP\me_YAEimQp Cannot open; not checked!
C:\WINDOWS\TEMP\me_3yGGuUbD7OeoBFy Cannot open; not checked!
C:\WINDOWS\TEMP\me_auPXy0GE70KD2BR Cannot open; not checked!
C:\WINDOWS\TEMP\me_MmAzohGo30wGr9v Cannot open; not checked!
C:\TEMP\INSTAL~4.EXE Trojan horse Dropper.Delf.3.L
C:\TEMP\BDL74125.EXE repaired
C:\_RESTORE\TEMP\A0185514.CPY Trojan horse Downloader.Dyfica.2.AA
C:\_RESTORE\TEMP\A0185528.CPY Trojan horse Downloader.Dyfica.2.AA
C:\_RESTORE\TEMP\A0185534.CPY Trojan horse Downloader.Dyfica.2.AA
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\D0000000.FCS Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\CHANDIR.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\CHANDIR.IDX Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\STORYDB.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\STORYDB.IDX Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\CHN.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\CHN.IDX Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\L0000148.FCS Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_DIE.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_DIE.IDX Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_DND.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_DND.IDX Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_EXT.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_EXT.IDX Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_RCV.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_RCV.IDX Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\D0000000.FCS Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\CHANDIR.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\CHN.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\L0000006.FCS Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_DIE.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_DND.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_EXT.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_RCV.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\STORYDB.DAT Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\STORYDB.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\CHANDIR.DAT Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\CHN.DAT Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_DIE.DAT Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_DND.DAT Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_EXT.DAT Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_RCV.DAT Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS.DAT Cannot open; not checked!
Test finished, duration 00:23:30.0 s
67777 objects tested, 5 found infected
Please help me get rid of these!
On another note, are there any free programs out there that will stop this stuff from happening???
Thank you!!!
tlopez87
I am running Windows Me. I have disabled system restore. I have AVG Free Edition virus scan. I ran HiJackThis - log follows:
Logfile of HijackThis v1.98.2
Scan saved at 2:30:06 AM, on 9/3/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\CREATIVE\MOUSE OPTICAL\MOUSE_ME.EXE
C:\WINDOWS\SYSTEM\WMIEXE32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINCLT.EXE
C:\TEMP\MSBB.EXE
C:\WINDOWS\ZEBMPQB.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.4.0.1\EBAYTBAR.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\PROGRAM FILES\WORDWEB\WWEB32.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\INSTALL.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 4.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\EYETIDE MEDIA\EYETIDE VIEWER\EYETIDECONTROLLER.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES1.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://hp.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: eBay Helper Object - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.4.0.1\EBAYBAND.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM301.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\SYSTEM\APUC.DLL
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\SYSTEM\NVMS.DLL
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\SYSTEM\MSCB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.4.0.1\EBAYBAND.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Mouse Optical\mouse_me.exe
O4 - HKLM\..\Run: [wmiexe] C:\WINDOWS\SYSTEM\wmiexe32.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM\..\Run: [Winad Client] C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [zebmpqb] C:\WINDOWS\zebmpqb.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: eBay Toolbar.LNK = C:\Program Files\eBay\eBay Toolbar\4.4.0.1\ebaytbar.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.4.0.1\EBAYBAND.DLL
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.4.0.1\EBAYBAND.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD2\V4\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD2\V4\YHEXBMES.DLL
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\TRASH.EXE (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\TRASH.EXE (file missing) (HKCU)
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: Jungle Gin by pogo.com - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo.com - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Poppit! TM by pogo.com - http://poppit24.pogo.com/applet/poppit/poppit-ob-assets.cab
O16 - DPF: Backgammon by pogo.com - http://backgammon02.pogo.com/applet/backgammon/backgammon-ob-assets.cab
O16 - DPF: Tumble Bees by pogo.com - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab
O16 - DPF: Pop Fu by pogo.com - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Triviatron II by pogo.com - http://triviatron2.pogo.com/applet/triviatron2/triviatron2-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo.com - http://bingoe.pogo.com/applet/bingo/bingoe-ob-assets.cab
O16 - DPF: Word Whomp by pogo.com - http://whomp.pogo.com/applet/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo.com - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: Dominoes by pogo.com - http://domino01.pogo.com/applet/domino/domino-ob-assets.cab
O16 - DPF: Keno by pogo.com - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Jackpot Bingo by pogo.com - http://bingoj02.pogo.com/applet/bingo/bingoj-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo.com - http://temp36.pogo.com/applet/freecell/freecell-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo.com - http://showbiz2.pogo.com/applet/slots/showbiz2-ob-assets.cab
O16 - DPF: Checkers by pogo.com - http://checkers.pogo.com/applet/checkers2/checkers-ob-assets.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Hearts by pogo.com - http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/Cult.cab
O16 - DPF: Spades by pogo.com - http://temp36.pogo.com/applet/spades/spades-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo.com - http://solitaire44.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Video Poker by pogo.com - http://vpoker05.pogo.com/applet/videopoker2/videopoker-ob-assets.cab
O16 - DPF: Cribbage by pogo.com - http://crib.pogo.com/applet/cribbage/cribbage-ob-assets.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v41/wordcube/wordcube.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {7BC394DE-07B8-412B-9F98-52E7E7A4ABD4} (Pencil Wars Control) - http://mirror.worldwinner.com/games/v42/territory/territory.cab
O16 - DPF: Squelchies by pogo.com - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.9.0.25/gin/gin-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.8.5.28/hearts/hearts-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://roulet.pogo.com/applet/roulette/roulette-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.8.3.26/poppit/poppit-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://play48.pogo.com/applet/animal/animal-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://temp29.pogo.com/applet/drawpoker/drawpoker-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.9.2.38/jumbee/jumbee-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.2.31/popfu/popfu-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire.pogo.com/applet-5.9.2.31/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-5.9.2.38/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.2.21/peaks/peaks-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game6.pogo.com/applet-5.8.6.20/turbo21/turbo21-ob-assets.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://temp39.pogo.com/applet/slots/alibaba-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://temp35.pogo.com/applet/videopoker2/jokerswild-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.2.19/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://temp92.pogo.com/applet/slots/scifi-ob-assets.cab
O16 - DPF: Triviatron II by pogo - http://triviatron2.pogo.com/applet/triviatron2/triviatron2-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.6.20/freecell/freecell-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.8.4.18/worldclass/worldclass-ob-assets.cab
O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.com/applet/pebble/pebble-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.3.20/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.6.20/mahjong/mahjong-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.9.0.18/backgammon/backgammon-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://solitaire32.pogo.com/applet-5.8.3.26/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem03.pogo.com/applet/holdem/holdem-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet-5.9.2.21/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.1.28/slots/showbiz-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.6.20/pool2/pool-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.9.1.28/flinger/flinger-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.8.3.26/euchre/euchre-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.8.4.18/greenback/greenback-ob-assets.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4021/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/domino/domino-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.0.25/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.6.20/cribbage/cribbage-ob-assets.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.926476744993806&file=stamps.cab
O16 - DPF: Ricochet by pogo - http://game3.pogo.com/applet-5.9.0.18/ricochet/ricochet-ob-assets.cab
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com/applet-5.9.0.18/keno/keno-ob-assets.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1...r4_6/nminstall_en_4.62.33.0_MEGAPANEL_USA.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-5.9.3.29/canasta/canasta-ob-assets.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
My virus scan program moved most of the viruses into Virus Vault - log follows:
Results of Complete Test, date and time 9/3/2004 1:24:01 :
Testing C:\ volume HP_PAVILION serial 3612-0BDA
C:\WINDOWS\TEMP\me_YAEimQp Cannot open; not checked!
C:\WINDOWS\TEMP\me_3yGGuUbD7OeoBFy Cannot open; not checked!
C:\WINDOWS\TEMP\me_auPXy0GE70KD2BR Cannot open; not checked!
C:\WINDOWS\TEMP\me_MmAzohGo30wGr9v Cannot open; not checked!
C:\TEMP\INSTAL~4.EXE Trojan horse Dropper.Delf.3.L
C:\TEMP\BDL74125.EXE repaired
C:\_RESTORE\TEMP\A0185514.CPY Trojan horse Downloader.Dyfica.2.AA
C:\_RESTORE\TEMP\A0185528.CPY Trojan horse Downloader.Dyfica.2.AA
C:\_RESTORE\TEMP\A0185534.CPY Trojan horse Downloader.Dyfica.2.AA
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\D0000000.FCS Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\CHANDIR.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\CHANDIR.IDX Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\STORYDB.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\STORYDB.IDX Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\CHN.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\CHN.IDX Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\L0000148.FCS Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_DIE.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_DIE.IDX Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_DND.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_DND.IDX Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_EXT.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_EXT.IDX Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_RCV.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS_RCV.IDX Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS.DAT Cannot open; not checked!
C:\Program Files\KODAK\KODAK Software Updater\7288971\USERS\DEFAULT\DATA\PRS.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\D0000000.FCS Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\CHANDIR.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\CHN.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\L0000006.FCS Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_DIE.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_DND.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_EXT.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_RCV.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\STORYDB.DAT Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\STORYDB.IDX Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\CHANDIR.DAT Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\CHN.DAT Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_DIE.DAT Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_DND.DAT Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_EXT.DAT Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS_RCV.DAT Cannot open; not checked!
C:\Program Files\BACKWEB\BACKWEB\DATA\PRS.DAT Cannot open; not checked!
Test finished, duration 00:23:30.0 s
67777 objects tested, 5 found infected
Please help me get rid of these!
On another note, are there any free programs out there that will stop this stuff from happening???
Thank you!!!
tlopez87