wininet.dll infected can't fix

Hi, I've been following other threads and done everything I can. Run Spyguard, Adaware, Panda, Xoftspy and my own FProt. Got rid of loads of pests but SmitRem and Fprot still reporting wininet.dll infected. Tried to find another copy on my hard drive, as advised by you guys, no other copy found. Tried to rename, won't let me 'windows is using'. Running Win 98. Please help as, though no reapperance of PSGuard right now, this is 3rd time of infection and it keeps coming back. I'm still getting my dial up starting up and shutting down at random so it seems there's still stuff in there!

Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:10:14, on 12/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\BT ON-AIR MODEM\MONITOR.EXE
C:\PROGRAM FILES\FSI\F-PROT\F-SCHED.EXE
C:\PROGRAM FILES\FSI\F-PROT\F-STOPW.EXE
C:\PROGRAM FILES\FSI\F-PROT\FPAVUPDM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MAGIC MAIL\MAGIC.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [K6CPU] C:\ibmtools\k6cpu.exe
O4 - HKLM\..\Run: [IBMCPU] C:\ibmtools\ibmcpu.exe
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl /init
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [BT On-Air] C:\PROGRA~1\BTON-A~1\Monitor.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\gcasServ.exe /i
O4 - HKLM\..\Run: [Qtime] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [gaSrv] C:\WINDOWS\gaSrv.exe
O4 - HKLM\..\Run: [ramexp] C:\WINDOWS\ramex.exe
O4 - HKLM\..\Run: [gaSrve] C:\WINDOWS\gaSrve.exe
O4 - HKLM\..\Run: [HDdLDgaSrve.exe] C:\WINDOWS\HDdLDgaSrve.exe
O4 - HKLM\..\Run: [nMsbQqtsk.exe] C:\WINDOWS\nMsbQqtsk.exe
O4 - HKLM\..\Run: [gCZcDqtsk.exe] C:\WINDOWS\gCZcDqtsk.exe
O4 - HKLM\..\Run: [bZoQsgaSrve.exe] C:\WINDOWS\bZoQsgaSrve.exe
O4 - HKLM\..\Run: [cqQtOgaSrve.exe] C:\WINDOWS\cqQtOgaSrve.exe
O4 - HKLM\..\Run: [Ojvqcrestun.exe] C:\WINDOWS\Ojvqcrestun.exe
O4 - HKLM\..\Run: [fHjVHramex.exe] C:\WINDOWS\fHjVHramex.exe
O4 - HKLM\..\Run: [MNLtUrestun.exe] C:\WINDOWS\MNLtUrestun.exe
O4 - HKLM\..\Run: [TIZBEramex.exe] C:\WINDOWS\TIZBEramex.exe
O4 - HKLM\..\Run: [uicitramex.exe] C:\WINDOWS\uicitramex.exe
O4 - HKLM\..\Run: [ZVaNBrestun.exe] C:\WINDOWS\ZVaNBrestun.exe
O4 - HKLM\..\Run: [QwbnWgaSrve.exe] C:\WINDOWS\QwbnWgaSrve.exe
O4 - HKLM\..\Run: [aCwgdgaSrve.exe] C:\WINDOWS\aCwgdgaSrve.exe
O4 - HKLM\..\Run: [uEoJmrestun.exe] C:\WINDOWS\uEoJmrestun.exe
O4 - HKLM\..\Run: [fGwHCgaSrve.exe] C:\WINDOWS\fGwHCgaSrve.exe
O4 - HKLM\..\Run: [rsXODramex.exe] C:\WINDOWS\rsXODramex.exe
O4 - HKLM\..\Run: [ZlfMMgaSrve.exe] C:\WINDOWS\ZlfMMgaSrve.exe
O4 - HKLM\..\Run: [efAbNrestun.exe] C:\WINDOWS\efAbNrestun.exe
O4 - HKLM\..\Run: [mqbmbrestun.exe] C:\WINDOWS\mqbmbrestun.exe
O4 - HKLM\..\Run: [fEWCqramex.exe] C:\WINDOWS\fEWCqramex.exe
O4 - HKLM\..\Run: [xtiFBgaSrve.exe] C:\WINDOWS\xtiFBgaSrve.exe
O4 - HKLM\..\Run: [rIWcWramex.exe] C:\WINDOWS\rIWcWramex.exe
O4 - HKLM\..\Run: [laSSLrestun.exe] C:\WINDOWS\laSSLrestun.exe
O4 - HKLM\..\Run: [fnIjarestun.exe] C:\WINDOWS\fnIjarestun.exe
O4 - HKLM\..\Run: [gPghfrestun.exe] C:\WINDOWS\gPghfrestun.exe
O4 - HKLM\..\Run: [eDVgerestun.exe] C:\WINDOWS\eDVgerestun.exe
O4 - HKLM\..\Run: [TFQmprestun.exe] C:\WINDOWS\TFQmprestun.exe
O4 - HKLM\..\Run: [biylogaSrve.exe] C:\WINDOWS\biylogaSrve.exe
O4 - HKLM\..\Run: [CPhRUgaSrve.exe] C:\WINDOWS\CPhRUgaSrve.exe
O4 - HKLM\..\Run: [hDGilramex.exe] C:\WINDOWS\hDGilramex.exe
O4 - HKLM\..\Run: [VxHwErestun.exe] C:\WINDOWS\VxHwErestun.exe
O4 - HKLM\..\Run: [UrxvDramex.exe] C:\WINDOWS\UrxvDramex.exe
O4 - HKLM\..\Run: [ULOtBrestun.exe] C:\WINDOWS\ULOtBrestun.exe
O4 - HKLM\..\Run: [QebBMgaSrve.exe] C:\WINDOWS\QebBMgaSrve.exe
O4 - HKLM\..\Run: [bfeqygaSrve.exe] C:\WINDOWS\bfeqygaSrve.exe
O4 - HKLM\..\Run: [FTKGegaSrve.exe] C:\WINDOWS\FTKGegaSrve.exe
O4 - HKLM\..\Run: [WUOvPramex.exe] C:\WINDOWS\WUOvPramex.exe
O4 - HKLM\..\Run: [VIwCWramex.exe] C:\WINDOWS\VIwCWramex.exe
O4 - HKLM\..\Run: [RVJjLrestun.exe] C:\WINDOWS\RVJjLrestun.exe
O4 - HKLM\..\Run: [umjqHgaSrve.exe] C:\WINDOWS\umjqHgaSrve.exe
O4 - HKLM\..\Run: [WjfgIramex.exe] C:\WINDOWS\WjfgIramex.exe
O4 - HKLM\..\Run: [ibSFRramex.exe] C:\WINDOWS\ibSFRramex.exe
O4 - HKLM\..\Run: [vVSTCgaSrve.exe] C:\WINDOWS\vVSTCgaSrve.exe
O4 - HKLM\..\Run: [WOFJbrestun.exe] C:\WINDOWS\WOFJbrestun.exe
O4 - HKLM\..\Run: [CjZfGgaSrve.exe] C:\WINDOWS\CjZfGgaSrve.exe
O4 - HKLM\..\Run: [iTpbBgaSrve.exe] C:\WINDOWS\iTpbBgaSrve.exe
O4 - HKLM\..\Run: [ieDePrestun.exe] C:\WINDOWS\ieDePrestun.exe
O4 - HKLM\..\Run: [jqZKcgaSrve.exe] C:\WINDOWS\jqZKcgaSrve.exe
O4 - HKLM\..\Run: [YsTJoramex.exe] C:\WINDOWS\YsTJoramex.exe
O4 - HKLM\..\Run: [RRkqBgaSrve.exe] C:\WINDOWS\RRkqBgaSrve.exe
O4 - HKLM\..\Run: [YmQoHramex.exe] C:\WINDOWS\YmQoHramex.exe
O4 - HKLM\..\Run: [GqTvarestun.exe] C:\WINDOWS\GqTvarestun.exe
O4 - HKLM\..\Run: [bUcalgaSrve.exe] C:\WINDOWS\bUcalgaSrve.exe
O4 - HKLM\..\Run: [CfEBdramex.exe] C:\WINDOWS\CfEBdramex.exe
O4 - HKLM\..\Run: [IIOPcrestun.exe] C:\WINDOWS\IIOPcrestun.exe
O4 - HKLM\..\Run: [EmHoframex.exe] C:\WINDOWS\EmHoframex.exe
O4 - HKLM\..\Run: [HccMiramex.exe] C:\WINDOWS\HccMiramex.exe
O4 - HKLM\..\Run: [CIOldramex.exe] C:\WINDOWS\CIOldramex.exe
O4 - HKLM\..\Run: [QcWeygaSrve.exe] C:\WINDOWS\QcWeygaSrve.exe
O4 - HKLM\..\Run: [lbffBrestun.exe] C:\WINDOWS\lbffBrestun.exe
O4 - HKLM\..\Run: [ddWFXrestun.exe] C:\WINDOWS\ddWFXrestun.exe
O4 - HKLM\..\Run: [mcaEEramex.exe] C:\WINDOWS\mcaEEramex.exe
O4 - HKLM\..\Run: [brmCVramex.exe] C:\WINDOWS\brmCVramex.exe
O4 - HKLM\..\Run: [TFkAOgaSrve.exe] C:\WINDOWS\TFkAOgaSrve.exe
O4 - HKLM\..\Run: [THwjWramex.exe] C:\WINDOWS\THwjWramex.exe
O4 - HKLM\..\Run: [ElfJEgaSrve.exe] C:\WINDOWS\ElfJEgaSrve.exe
O4 - HKLM\..\Run: [MhOxIgaSrv.exe] C:\WINDOWS\MhOxIgaSrv.exe
O4 - HKLM\..\Run: [FQZKXramex.exe] C:\WINDOWS\FQZKXramex.exe
O4 - HKLM\..\Run: [dcdLRgaSrve.exe] C:\WINDOWS\dcdLRgaSrve.exe
O4 - HKLM\..\Run: [ObpwAgaSrv.exe] C:\WINDOWS\ObpwAgaSrv.exe
O4 - HKLM\..\Run: [EihNwqtsk.exe] C:\WINDOWS\EihNwqtsk.exe
O4 - HKLM\..\Run: [qvqUHrelsd.exe] C:\WINDOWS\qvqUHrelsd.exe
O4 - HKLM\..\Run: [Timer] C:\WINDOWS\fw_304.exe /i
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [FRISK FP-Scheduler] c:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-STOPW.EXE] "c:\Program Files\FSI\F-Prot\F-STOPW.EXE"
O4 - HKLM\..\Run: [FRISK_MONITOR] "c:\Program Files\FSI\F-Prot\fpavupdm.exe" /RAP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [AOL Instant Messenger ™] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O4 - Startup: Shortcut to Magic.lnk = C:\Program Files\Magic Mail\Magic.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .dcr: C:\PROGRA~1\NETSCAPE\NAVIGA~1\PROGRAM\PLUGINS\np32dsw.dll
O12 - Plugin for .scr: C:\PROGRA~1\NETSCAPE\NAVIGA~1\PROGRAM\PLUGINS\NpAudio.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .swf: C:\PROGRA~1\NETSCAPE\NAVIGA~1\PROGRAM\PLUGINS\NPSWF32.dll
O13 - WWW. Prefix: http://
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab

Many thanks, Kevin L

Edited by klycett, 12 October 2005 - 03:25 AM.

#1
klycett

Posted 12 October 2005 - 03:22 AM

Advertisements

#2
coachwife6

Posted 16 October 2005 - 08:04 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us