Spyware/s-redirect/virus problems, please help

Hello, I was refered to this board and I am hopeful that you can help me with my problems.

I am working with Windows 98 and will be happy to supply any other details about my computer specs if necessary.

A couple of weeks ago I ran into this s-redirect bug which would take my browser settings in Internet Explorer (version 6.0) and write over my homepage preferences and continuously send me to this s-redirect site. At first I just wanted to post a hijackthis log and hope someone could fix my problem, but I think I have many more problems than what I originally suspected.

I saw the "tutorial" provided by geekstogo prior to posting an hijackthis log, and followed their suggestions to the best of my ability. Here is what I've done so far and the results.

1. I downloaded AdAware SE, downloaded all updated components, adjusted the settings as indicated in the geekstogo tutorial and ran a scan using those settings. It found 17 critical objects which I quarantined and deleted. After that I rebooted and repeated the AdAware scan, and found no critical objects. So far so good.

2. I downloaded CWShredder and ran the program. No problems found. Still so far so good.

3. I downloaded Spybot-Search and Destroy and searched but there were no new updates. I checked for problems and there was only 1, which I was able to fix. Still so far so good.

4. I downloaded AVG Anti-Virus. I scanned the computer and it found a whole pile of viruses (about 90 total). About 40 of them I was able to delete on my own. However, there are about 50 which are embedded and won't let me delete. They are as follows:
-Java/Byte Verify (about 46 of approximately 50 viruses that remain)
-Trojan Horse Startpage.17.F
-Java/Open Stream
-Trojan Horse PSW.Hooker.A
-Trojan Horse Proxy.9.AN
Now I know I have big problems.

At this point I'm not really sure what my options are. I went ahead and ran hijackthis and created a log, but is that even worth dealing with at this point? I have no idea how to deal with the embedded viruses that have been identified by AVG Anti-Virus. If anyone has any recommendations for me at this point, I would greatly appreciate it.

Thanks.

If the hijackthis log can help diagnosing my problems, here it is:

Logfile of HijackThis v1.99.1
Scan saved at 7:47:02 PM, on 3/5/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\WINCJ.EXE
C:\WINDOWS\SYSTEM\WINOS32.EXE
C:\WINDOWS\ADDRE32.EXE
C:\WINDOWS\ADDYT32.EXE
C:\WINDOWS\SYSTEM\JAVAFK32.EXE
C:\WINDOWS\WINSM.EXE
C:\WINDOWS\APIKB.EXE
C:\WINDOWS\ATLAL.EXE
C:\WINDOWS\SYSTEM\MFCHA32.EXE
C:\WINDOWS\WINJT.EXE
C:\WINDOWS\SYSTEM\WINNH32.EXE
C:\WINDOWS\SYSTEM\WINJS.EXE
C:\WINDOWS\SDKSW32.EXE
C:\WINDOWS\MSVH.EXE
C:\WINDOWS\IEWL.EXE
C:\WINDOWS\SYSTEM\NTVO32.EXE
C:\WINDOWS\IEPM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TerraCom, Inc.
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\uijnwb7n.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\uijnwb7n.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {B9D73454-1C5A-449E-41EE-D9FF73648196} - C:\WINDOWS\SYSTEM\SDKSF32.DLL (file missing)
O2 - BHO: Class - {6A69821F-18F4-B763-5240-1F762A039561} - C:\WINDOWS\SYSUJ32.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [WINUI.EXE] C:\WINDOWS\WINUI.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ADDYT32.EXE] C:\WINDOWS\ADDYT32.EXE
O4 - HKLM\..\RunServices: [WINOS32.EXE] C:\WINDOWS\SYSTEM\WINOS32.EXE
O4 - HKLM\..\RunServices: [WINCJ.EXE] C:\WINDOWS\WINCJ.EXE
O4 - HKLM\..\RunServices: [JAVAFK32.EXE] C:\WINDOWS\SYSTEM\JAVAFK32.EXE
O4 - HKLM\..\RunServices: [ADDRE32.EXE] C:\WINDOWS\ADDRE32.EXE
O4 - HKLM\..\RunServices: [APIKB.EXE] C:\WINDOWS\APIKB.EXE
O4 - HKLM\..\RunServices: [WINSM.EXE] C:\WINDOWS\WINSM.EXE
O4 - HKLM\..\RunServices: [WINNH32.EXE] C:\WINDOWS\SYSTEM\WINNH32.EXE
O4 - HKLM\..\RunServices: [ATLAL.EXE] C:\WINDOWS\ATLAL.EXE
O4 - HKLM\..\RunServices: [WINJT.EXE] C:\WINDOWS\WINJT.EXE
O4 - HKLM\..\RunServices: [WINJS.EXE] C:\WINDOWS\SYSTEM\WINJS.EXE
O4 - HKLM\..\RunServices: [MFCHA32.EXE] C:\WINDOWS\SYSTEM\MFCHA32.EXE
O4 - HKLM\..\RunServices: [SDKSW32.EXE] C:\WINDOWS\SDKSW32.EXE
O4 - HKLM\..\RunServices: [MSVH.EXE] C:\WINDOWS\MSVH.EXE
O4 - HKLM\..\RunServices: [NTVO32.EXE] C:\WINDOWS\SYSTEM\NTVO32.EXE
O4 - HKLM\..\RunServices: [IEWL.EXE] C:\WINDOWS\IEWL.EXE
O4 - HKLM\..\RunServices: [IEPM.EXE] C:\WINDOWS\IEPM.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [PES-] C:\WINDOWS\SYSTEM32\PES-.EXE
O4 - HKCU\..\Run: [MSNTMSSY32] C:\WINDOWS\SYSTEM32\MSNTMSSY32.EXE
O4 - HKCU\..\Run: [PE64] C:\WINDOWS\SYSTEM32\PE64.EXE
O4 - HKCU\..\Run: [3264] C:\WINDOWS\SYSTEM32\3264.EXE
O4 - Startup: Windows Guardian.lnk = C:\Program Files\the HelpSpot!\Fawgrd32.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .wma: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll

Thanks again.

#1
JosephC

Posted 05 March 2005 - 08:05 PM

Advertisements

#2
JosephC

Posted 06 March 2005 - 09:42 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us