Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

wininet.dll infected can't fix


  • Please log in to reply

#1
klycett

klycett

    New Member

  • Member
  • Pip
  • 1 posts
Hi, I've been following other threads and done everything I can. Run Spyguard, Adaware, Panda, Xoftspy and my own FProt. Got rid of loads of pests but SmitRem and Fprot still reporting wininet.dll infected. Tried to find another copy on my hard drive, as advised by you guys, no other copy found. Tried to rename, won't let me 'windows is using'. Running Win 98. Please help as, though no reapperance of PSGuard right now, this is 3rd time of infection and it keeps coming back. I'm still getting my dial up starting up and shutting down at random so it seems there's still stuff in there!

Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:10:14, on 12/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\BT ON-AIR MODEM\MONITOR.EXE
C:\PROGRAM FILES\FSI\F-PROT\F-SCHED.EXE
C:\PROGRAM FILES\FSI\F-PROT\F-STOPW.EXE
C:\PROGRAM FILES\FSI\F-PROT\FPAVUPDM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MAGIC MAIL\MAGIC.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [K6CPU] C:\ibmtools\k6cpu.exe
O4 - HKLM\..\Run: [IBMCPU] C:\ibmtools\ibmcpu.exe
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl /init
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [BT On-Air] C:\PROGRA~1\BTON-A~1\Monitor.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\gcasServ.exe /i
O4 - HKLM\..\Run: [Qtime] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [gaSrv] C:\WINDOWS\gaSrv.exe
O4 - HKLM\..\Run: [ramexp] C:\WINDOWS\ramex.exe
O4 - HKLM\..\Run: [gaSrve] C:\WINDOWS\gaSrve.exe
O4 - HKLM\..\Run: [HDdLDgaSrve.exe] C:\WINDOWS\HDdLDgaSrve.exe
O4 - HKLM\..\Run: [nMsbQqtsk.exe] C:\WINDOWS\nMsbQqtsk.exe
O4 - HKLM\..\Run: [gCZcDqtsk.exe] C:\WINDOWS\gCZcDqtsk.exe
O4 - HKLM\..\Run: [bZoQsgaSrve.exe] C:\WINDOWS\bZoQsgaSrve.exe
O4 - HKLM\..\Run: [cqQtOgaSrve.exe] C:\WINDOWS\cqQtOgaSrve.exe
O4 - HKLM\..\Run: [Ojvqcrestun.exe] C:\WINDOWS\Ojvqcrestun.exe
O4 - HKLM\..\Run: [fHjVHramex.exe] C:\WINDOWS\fHjVHramex.exe
O4 - HKLM\..\Run: [MNLtUrestun.exe] C:\WINDOWS\MNLtUrestun.exe
O4 - HKLM\..\Run: [TIZBEramex.exe] C:\WINDOWS\TIZBEramex.exe
O4 - HKLM\..\Run: [uicitramex.exe] C:\WINDOWS\uicitramex.exe
O4 - HKLM\..\Run: [ZVaNBrestun.exe] C:\WINDOWS\ZVaNBrestun.exe
O4 - HKLM\..\Run: [QwbnWgaSrve.exe] C:\WINDOWS\QwbnWgaSrve.exe
O4 - HKLM\..\Run: [aCwgdgaSrve.exe] C:\WINDOWS\aCwgdgaSrve.exe
O4 - HKLM\..\Run: [uEoJmrestun.exe] C:\WINDOWS\uEoJmrestun.exe
O4 - HKLM\..\Run: [fGwHCgaSrve.exe] C:\WINDOWS\fGwHCgaSrve.exe
O4 - HKLM\..\Run: [rsXODramex.exe] C:\WINDOWS\rsXODramex.exe
O4 - HKLM\..\Run: [ZlfMMgaSrve.exe] C:\WINDOWS\ZlfMMgaSrve.exe
O4 - HKLM\..\Run: [efAbNrestun.exe] C:\WINDOWS\efAbNrestun.exe
O4 - HKLM\..\Run: [mqbmbrestun.exe] C:\WINDOWS\mqbmbrestun.exe
O4 - HKLM\..\Run: [fEWCqramex.exe] C:\WINDOWS\fEWCqramex.exe
O4 - HKLM\..\Run: [xtiFBgaSrve.exe] C:\WINDOWS\xtiFBgaSrve.exe
O4 - HKLM\..\Run: [rIWcWramex.exe] C:\WINDOWS\rIWcWramex.exe
O4 - HKLM\..\Run: [laSSLrestun.exe] C:\WINDOWS\laSSLrestun.exe
O4 - HKLM\..\Run: [fnIjarestun.exe] C:\WINDOWS\fnIjarestun.exe
O4 - HKLM\..\Run: [gPghfrestun.exe] C:\WINDOWS\gPghfrestun.exe
O4 - HKLM\..\Run: [eDVgerestun.exe] C:\WINDOWS\eDVgerestun.exe
O4 - HKLM\..\Run: [TFQmprestun.exe] C:\WINDOWS\TFQmprestun.exe
O4 - HKLM\..\Run: [biylogaSrve.exe] C:\WINDOWS\biylogaSrve.exe
O4 - HKLM\..\Run: [CPhRUgaSrve.exe] C:\WINDOWS\CPhRUgaSrve.exe
O4 - HKLM\..\Run: [hDGilramex.exe] C:\WINDOWS\hDGilramex.exe
O4 - HKLM\..\Run: [VxHwErestun.exe] C:\WINDOWS\VxHwErestun.exe
O4 - HKLM\..\Run: [UrxvDramex.exe] C:\WINDOWS\UrxvDramex.exe
O4 - HKLM\..\Run: [ULOtBrestun.exe] C:\WINDOWS\ULOtBrestun.exe
O4 - HKLM\..\Run: [QebBMgaSrve.exe] C:\WINDOWS\QebBMgaSrve.exe
O4 - HKLM\..\Run: [bfeqygaSrve.exe] C:\WINDOWS\bfeqygaSrve.exe
O4 - HKLM\..\Run: [FTKGegaSrve.exe] C:\WINDOWS\FTKGegaSrve.exe
O4 - HKLM\..\Run: [WUOvPramex.exe] C:\WINDOWS\WUOvPramex.exe
O4 - HKLM\..\Run: [VIwCWramex.exe] C:\WINDOWS\VIwCWramex.exe
O4 - HKLM\..\Run: [RVJjLrestun.exe] C:\WINDOWS\RVJjLrestun.exe
O4 - HKLM\..\Run: [umjqHgaSrve.exe] C:\WINDOWS\umjqHgaSrve.exe
O4 - HKLM\..\Run: [WjfgIramex.exe] C:\WINDOWS\WjfgIramex.exe
O4 - HKLM\..\Run: [ibSFRramex.exe] C:\WINDOWS\ibSFRramex.exe
O4 - HKLM\..\Run: [vVSTCgaSrve.exe] C:\WINDOWS\vVSTCgaSrve.exe
O4 - HKLM\..\Run: [WOFJbrestun.exe] C:\WINDOWS\WOFJbrestun.exe
O4 - HKLM\..\Run: [CjZfGgaSrve.exe] C:\WINDOWS\CjZfGgaSrve.exe
O4 - HKLM\..\Run: [iTpbBgaSrve.exe] C:\WINDOWS\iTpbBgaSrve.exe
O4 - HKLM\..\Run: [ieDePrestun.exe] C:\WINDOWS\ieDePrestun.exe
O4 - HKLM\..\Run: [jqZKcgaSrve.exe] C:\WINDOWS\jqZKcgaSrve.exe
O4 - HKLM\..\Run: [YsTJoramex.exe] C:\WINDOWS\YsTJoramex.exe
O4 - HKLM\..\Run: [RRkqBgaSrve.exe] C:\WINDOWS\RRkqBgaSrve.exe
O4 - HKLM\..\Run: [YmQoHramex.exe] C:\WINDOWS\YmQoHramex.exe
O4 - HKLM\..\Run: [GqTvarestun.exe] C:\WINDOWS\GqTvarestun.exe
O4 - HKLM\..\Run: [bUcalgaSrve.exe] C:\WINDOWS\bUcalgaSrve.exe
O4 - HKLM\..\Run: [CfEBdramex.exe] C:\WINDOWS\CfEBdramex.exe
O4 - HKLM\..\Run: [IIOPcrestun.exe] C:\WINDOWS\IIOPcrestun.exe
O4 - HKLM\..\Run: [EmHoframex.exe] C:\WINDOWS\EmHoframex.exe
O4 - HKLM\..\Run: [HccMiramex.exe] C:\WINDOWS\HccMiramex.exe
O4 - HKLM\..\Run: [CIOldramex.exe] C:\WINDOWS\CIOldramex.exe
O4 - HKLM\..\Run: [QcWeygaSrve.exe] C:\WINDOWS\QcWeygaSrve.exe
O4 - HKLM\..\Run: [lbffBrestun.exe] C:\WINDOWS\lbffBrestun.exe
O4 - HKLM\..\Run: [ddWFXrestun.exe] C:\WINDOWS\ddWFXrestun.exe
O4 - HKLM\..\Run: [mcaEEramex.exe] C:\WINDOWS\mcaEEramex.exe
O4 - HKLM\..\Run: [brmCVramex.exe] C:\WINDOWS\brmCVramex.exe
O4 - HKLM\..\Run: [TFkAOgaSrve.exe] C:\WINDOWS\TFkAOgaSrve.exe
O4 - HKLM\..\Run: [THwjWramex.exe] C:\WINDOWS\THwjWramex.exe
O4 - HKLM\..\Run: [ElfJEgaSrve.exe] C:\WINDOWS\ElfJEgaSrve.exe
O4 - HKLM\..\Run: [MhOxIgaSrv.exe] C:\WINDOWS\MhOxIgaSrv.exe
O4 - HKLM\..\Run: [FQZKXramex.exe] C:\WINDOWS\FQZKXramex.exe
O4 - HKLM\..\Run: [dcdLRgaSrve.exe] C:\WINDOWS\dcdLRgaSrve.exe
O4 - HKLM\..\Run: [ObpwAgaSrv.exe] C:\WINDOWS\ObpwAgaSrv.exe
O4 - HKLM\..\Run: [EihNwqtsk.exe] C:\WINDOWS\EihNwqtsk.exe
O4 - HKLM\..\Run: [qvqUHrelsd.exe] C:\WINDOWS\qvqUHrelsd.exe
O4 - HKLM\..\Run: [Timer] C:\WINDOWS\fw_304.exe /i
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [FRISK FP-Scheduler] c:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-STOPW.EXE] "c:\Program Files\FSI\F-Prot\F-STOPW.EXE"
O4 - HKLM\..\Run: [FRISK_MONITOR] "c:\Program Files\FSI\F-Prot\fpavupdm.exe" /RAP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [AOL Instant Messenger ™] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O4 - Startup: Shortcut to Magic.lnk = C:\Program Files\Magic Mail\Magic.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .dcr: C:\PROGRA~1\NETSCAPE\NAVIGA~1\PROGRAM\PLUGINS\np32dsw.dll
O12 - Plugin for .scr: C:\PROGRA~1\NETSCAPE\NAVIGA~1\PROGRAM\PLUGINS\NpAudio.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .swf: C:\PROGRA~1\NETSCAPE\NAVIGA~1\PROGRAM\PLUGINS\NPSWF32.dll
O13 - WWW. Prefix: http://
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab

Many thanks, Kevin L

Edited by klycett, 12 October 2005 - 03:25 AM.

  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi klycett: Welcome to GTG. :) Are you still having trouble? If so, please run hijack this again and post a new log in this thread. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP