Thank you for the Comprehensive instructions, which I have followed to the best of my ability. Unfortunately all attempts to "update" in accordance with your instructions failed. None the less I continued with what I had. When I opened HijackThis again the first two R1 lines that you asked to be checked did not appear and therefore I was only able to check and fix the other five. I have run Norton AntiVirus again this morning and it still indicates that the Trojan in Wininet.DLL remains on the system.
The Logs that you requested are as follows:
Logfile of HijackThis v1.99.1
Scan saved at 11:08:33, on 03/07/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\DJSNETCN.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\PROGRAM FILES\EPSON\EPSON CARDMONITOR\EPSON CARDMONITOR1.2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ADBLOCKING\NSMDTR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.tiscali.co.uk/broadbandR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.tiscali.co.uk/broadbandO2 - BHO: WaveHelper Class - {EA7F9A52-0A05-11D2-98C5-00104B7229C2} - C:\PROGRAM FILES\WAVETOP\BIN\WAVEIE.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PCCPFW] C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Internet Security\ISSVC.exe"
O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabAboutBuster 5.0 reference file 28
Scan started on [02/07/2005] at [19:06:46]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 19:06:47
AboutBuster 5.0 reference file 28
Scan started on [02/07/2005] at [19:32:45]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 19:32:46
AboutBuster 5.0 reference file 28
Scan started on [02/07/2005] at [19:37:22]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 19:37:22
Incident Status Location
Virus:W32/Smitfraud.A Disinfected Operating system
Adware:Adware/nCase No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\Program Files\ErrorGuard
Adware:Adware/ExactSearch No disinfected Windows Registry
Adware:Adware/PsGuard No disinfected C:\WINDOWS\Application Data\PSGuard.com
Virus:W32/Smitfraud.A Disinfected C:\WINDOWS\SYSTEM\WININET.DLL
Tony Howes
1502-4240-1125-0482-1088-9784*
Windows 98 4.10
WinAspi: File 'Wnaspi32.dll': Ver=1, 0, 0, 0, size=36864 bytes, created 23/04/99 22:22:00
Nero Version: 5.5.8.0
Recorder: <LITE-ON LTR-48125W> Version: VS04 - HA 0 TA 1 - 5.5.8.0
Adapter driver: <ESDI_506> HA 0
Drive buffer : 1984kB
Bus Type : default (0) -> ATAPI
CD-ROM: <TOSHIBA DVD-ROM SD-M1402>Version: 1008 - HA 0 TA 0 - 5.5.8.0
Adapter driver: <ESDI_506> HA 0
Bus Type : default (0) -> ATAPI
TOSHIBA DVD-ROM SD-M1402 (Target 0, D:): Autoinsert On, DMA On, Disconnect ?, SyncDataXfer ?
LITE-ON LTR-48125W (Target 1, E:): Autoinsert On, DMA Off, Disconnect ?, SyncDataXfer ?
Excluded drive IDs:
CmdQueuing : 1
CmdNotification: 2
WriteBufferSize: 20971520 (0) Byte
ShowDrvBufStat : 0
EraseSpeed : 0
BUFE : 0
Physical memory : 127MB (130484kB)
Free physical memory: 0MB (28kB)
Memory in use : 84 %
Uncached PFiles: 0x0
Use Static Write Speed Table: 0
Use Inquiry : 1
Global Bus Type: default (0)
Wizard: On
CD-Copy
27.10.2002
12:16:49 #1 Phase 90 File dlgbrnst.cpp, Line 1449
Buffer Underrun Protection activated
12:16:49 #2 Text 0 File Reader.cpp, Line 118
Reader running
12:16:49 #3 Text 0 File Writer.cpp, Line 129
Writer LITE-ON LTR-48125W running
12:16:49 #4 Text 0 File Burncd.cpp, Line 2636
Turn on Disc-At-Once, using CD-R/RW media
12:16:49 #5 Phase 48 File dlgbrnst.cpp, Line 1449
Analyzing CD
12:16:49 #6 CDCOPY -1 File CDCopy.cpp, Line 2462
The CD is copyrighted
12:16:58 #7 Text 0 File CDCopy.cpp, Line 2696
_Index0_ _______Index1_______ PostPause ___LastBlockOfTrack_
Track 1: 0 0 ( 0:02.00) 332483 332632 ( 73:57.07)
12:16:58 #8 Text 0 File CDCopy.cpp, Line 1019
Copy options: read subcode: OFF jitter correction: OFF copy on-the-fly: ON
read ISRC/MCN: ON ignore inv. TOC type: ON ignore audio read error: ON
source disc does not look like CD Extra
01. 0 - 332633 = 332633, data (2)
12:16:58 #9 Text 0 File ThreadedTransferInterface.cpp, Line 684
Setup items (original item values)
0: TRM_DATA_MODE2_FORM1_NOSUB (1 Data (mode 2))
2 indices, index0 (150) not provided
original CD pos #0 + 332633 (332633) = #332633/73:55.8
relocatable, CD pos for caching/writing not required/not required, no patch infos
--------------------------------------------------------------
12:17:00 #10 Text 0 File DlgWaitCD.cpp, Line 199
Last possible write address on media: 359844 (79:59.69)
Last address to be written: 332632 (73:57.07)
12:17:02 #11 Text 0 File DlgWaitCD.cpp, Line 1387
Recorder: LITE-ON LTR-48125W;
CDR code: 00 97 15 17; OSJ entry from: Ritek Co.
ATIP Data:
Special Info [hex] 1: C0 00 90, 2: 61 0F 11 (LI 97:15.17), 3: 4F 3B 46 (LO 79:59.70)
Additional Info [hex] 1: 00 00 80 (invalid), 2: 00 80 00 (invalid), 3: 00 80 80 (invalid)
12:17:02 #12 Text 0 File ThreadedTransferInterface.cpp, Line 834
Prepare recorder LITE-ON LTR-48125W for write in cue-sheet-DAO
DAO infos:
==========
MCN:
TOCTYPE: 0x20 Close CD
Tracks 1 to 1:
TRM_DATA_RAW_MODE2, 2352/0x0, ISRC "", FilePos 0 352800 782705616
12:17:02 #13 Text 0 File ThreadedTransferInterface.cpp, Line 684
Setup items (after recorder preparation)
0: TRM_DATA_MODE2_FORM1_NOSUB (1 Data (mode 2))
2 indices, index0 (150) not provided
original CD pos #0 + 332633 (332633) = #332633/73:55.8
relocatable, CD pos for caching/writing not required/not required, no patch infos
-> TRM_DATA_RAW_MODE2, 2352, config 0, wanted index0 0 blocks, length 332633 blocks [LITE-ON LTR-48125W ]
--------------------------------------------------------------
12:17:02 #14 Phase 36 File dlgbrnst.cpp, Line 1449
Burn process started at 32x (4,800 KB/s)
12:17:02 #15 Text 0 File ThreadedTransferInterface.cpp, Line 1960
Verifying CD position of item 0 (relocatable, no CD pos, no patch infos, orig at #0): write at #0
12:17:02 #16 Text 0 File Mmc.cpp, Line 11267
StartDAO : CD-Text - Off
12:17:02 #17 Text 0 File Mmc.cpp, Line 15521
Set BUFE: supported -> ON
12:17:02 #18 Text 0 File Mmc.cpp, Line 11510
CueData, Len=32
41 00 00 34 00 00 00 00
41 01 00 21 00 00 00 00
41 01 01 21 00 00 02 00
41 aa 01 34 00 49 39 08
12:23:49 #19 TRANSFER -25 File Reader.cpp, Line 349
Error reading Data
12:23:53 #20 Text 0 File ThreadedTransfer.cpp, Line 222
all writers idle, stopping conversion
12:24:02 #21 Phase 38 File dlgbrnst.cpp, Line 1449
Burn process failed at 32x (4,800 KB/s)
12:24:03 #22 Text 0 File Scsicmd.cpp, Line 386
SCSI not using temporary buffers
20 out of 20 temporary buffers allocated
Existing drivers:
File 'IoSubSys\SCSI1HLP.VXD': Ver=4.10.1998, size=19270 bytes, created 23/04/99 22:22:00
File 'IoSubsys\NEROCD95.VXD': Ver=4, 5, 0, 10, size=37493 bytes, created 30/08/01 15:30:04
File 'IoSubsys\CDFS.VXD': Ver=4.10.1998, size=59133 bytes, created 23/04/99 22:22:00
File 'IoSubsys\ESDI_506.PDR': Ver=4.10.2222, size=24406 bytes, created 23/04/99 22:22:00
File '..\System\Vmm32\Ios.vxd': Ver=4.10.2222, size=69570 bytes, created 23/04/99 22:22:00
File 'IoSubsys\Disktsd.vxd': Ver=4.10.2222, size=18809 bytes, created 23/04/99 22:22:00
File 'IoSubsys\BSUDF.VXD': Ver=3.27.1, size=205484 bytes, created 16/04/02 16:46:54
File 'IoSubsys\CDRBSVSD.VXD': Ver=1.1.1, size=8783 bytes, created 20/09/99 01:11:00
I hope that from the above you are able to point me to the final solution.
Thank you for your help to date.