Not Good!
The CoolWWWSearch.aff.winshow appeared in the same file.
Below are the logs you requested. I edited the Kaspersky Scan log due to its overall length and repitition of the Bayfraud trojan.
-------------------------------------------------------------------
Logfile of HijackThis v1.99.0
Scan saved at 8:50:14 AM, on 1/16/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\HPBPRO.EXE
C:\WINDOWS\SYSTEM\HPBOID.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\THINKPAD\TPHKMGR.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\SYSTEM\IBMBAYSN.EXE
C:\THINKPAD\TPONSCR.EXE
C:\THINKPAD\TP98.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE
C:\PROGRAM FILES\FREERAM XP PRO 1.40.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE 6\NETSCP6.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\NETSCAPE.EXE
C:\PROGRAM FILES\ZIPITFAST2\ZIPITFAST.EXE
C:\WINDOWS\TEMP\ZTV1153\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.earthlink.net/partner/more/m ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.earthlink.net/partner/more/m ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.earthlink.net/partner/more/m ... earch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.earthlink.net/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.earthlink.net/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.earthlink.net/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.earthlink.net/partner/more/m ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://start.earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink Network, Inc.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [TpHotkey] C:\THINKPAD\tphkmgr.exe
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [IBMUltraBayHotSwapSound] c:\windows\SYSTEM\IBMBAYSN.EXE
O4 - HKLM\..\Run: [TP98UTIL] C:\THINKPAD\TP98.EXE /s
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WINDOWS\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WINDOWS\SYSTEM\hpboid.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [FreeRAM XP] "C:\PROGRAM FILES\FREERAM XP PRO 1.40.EXE" -win
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O4 - User Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/downloads/kws/ ... n_ansi.cab
------------------------------------
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, January 16, 2006 07:19:42
Operating System: Microsoft Windows 98 SE
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 15/01/2006
Kaspersky Anti-Virus database records: 171499
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
a:\
c:\
d:\
e:\
Scan Statistics:
Total number of scanned objects: 34521
Number of viruses found: 5
Number of infected objects: 90
Number of suspicious objects: 0
Duration of the scan process: 10729 sec
Infected Object Name - Virus Name
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From... Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From... Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From... Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From... Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From... Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From... Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From... Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From... Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From... Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From... Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From... Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From... Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From... Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From...
Infected: Trojan-Spy.HTML.Bayfraud.ib
.
.
.
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From "caroline kehne" <ckehne@accglobal.net>][Date Wed, 21 Apr 1999 17:43:38 -0400]/UNNAMED/[From "MGFISH" <mgfish@comcast.net>][Date Wed, 15 Dec 2004 10:52:47 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay/[From "caroline kehne" <ckehne@accglobal.net>][Date Wed, 21 Apr 1999 17:43:38 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\WINDOWS\Application Data\Mozilla\Profiles\rcobb\pfxv9t06.slt\Mail\mail\Ebay Infected: Trojan-Spy.HTML.Bayfraud.ib
c:\Program Files\Norton AntiVirus\Quarantine\09A22B91.exe Infected: not-a-virus:AdWare.Win32.JumpGate.a
c:\Program Files\Norton AntiVirus\Quarantine\0C1528DF.exe Infected: not-a-virus:AdWare.Win32.JumpGate.a
c:\Program Files\Norton AntiVirus\Norton AntiVirus\Quarantine\2C024774.pif Infected: Email-Worm.Win32.Magistr.b
c:\Program Files\Norton AntiVirus\Norton AntiVirus\Quarantine\6B2776A8 Infected: Net-Worm.Win32.Nimda
c:\My Download Files\zipset2.exe/data Infected: not-a-virus:AdWare.Win32.ShowBehind.a
c:\My Download Files\zipset2.exe Infected: not-a-virus:AdWare.Win32.ShowBehind.a
---------------------------------------
AboutBuster 6.0
Scan started on [1/15/06] at [4:39:37 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Streams(ADS) not scanned: System not NTFS
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 4:39:51 PM
-------------------------