1. Adaware SE appears to delete the process and all of the files for Coolwwwsearch. But after every Interet use, I run Adaware and find 40 more files.
2. My desktop has been overtaken by a bitmap file: Warning! Your computer is infected., which appears line after line across my screen. I can find and delete the bitmap WP.exe file, but don't know the source. I also get a pop-up: Spyware Alert. Check your system for Viruses and Spyware. There's a Yes button and No button, which is the one I click every 5 minutes.
3. Within a minute of booting my computer, I get: Explorer. This program has performed an illegal operation and will be shut down, etc. If I press Close .. that's it for running any functions.
I've run Spybot and Adaware SE. Here's my Hijack This Log (I'm now using Mozilla Firefox as my browser):
Logfile of HijackThis v1.99.1
Scan saved at 8:13:22 PM, on 6/4/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\CARPSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\ZLOADER3.EXE
C:\WINDOWS\SYSTEM\SHELL32.DLL
C:\WINDOWS\SYSTEM\LLHUWHYTTN5L8.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
O2 - BHO: (no name) - {0388EC16-BA98-416f-9D9B-B9A031E427AF} - C:\WINDOWS\SYSTEM\t55nw72du6sgl8.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [WindowsFZ] C:\WINDOWS\ZLOADER3.EXE
O4 - HKLM\..\Run: [FX] C:\WINDOWS\SYSTEM\2FMTUC41CSLMFE.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\LLHUWHYTTN5L8.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {01569B00-A2DF-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {01569B00-A2DF-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {0D94C2C0-A2DF-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0D94C2C0-A2DF-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C90EB520-A455-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C90EB520-A455-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2676C180-A456-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2676C180-A456-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {67E4ADA0-ADEB-11D9-9AD2-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {67E4ADA0-ADEB-11D9-9AD2-444553540000} - (no file) (HKCU)
O16 - DPF: {6BE6BDA4-394F-11D3-B6AF-00105AA51E4C} - http://www.dash.com/DashInst.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinn...chess/chess.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c7.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O19 - User stylesheet: (file missing)