Ad-aware SE
Spybot Search and Destroy
Avast! (Alwil)
smitrem.exe
These seemed to help, but certain files/registries couldn't be accessed because they were in use. (I even ran the programs in Safe Mode, or upon reboot.) I did manage to replace my infected Wininet.dll file with a clean copy from my OS disk (replaced file while in DOS mode). However, some problems are resurfacing, and I have to clean things up again. Spybot S&D also shows registry entries that I can't fix.
Any help would be appreciated, thanks! Here's my HJT logfile:
Logfile of HijackThis v1.99.1
Scan saved at 9:56:07 PM, on 10/26/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\VOYETRA\AUDIOSTATION 32\VTRAY.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\3COM\MODEMMGR\PROGRAM\MDMMGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.virtualrealityz.com/?7
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.virtualrealityz.com/?6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.virtualrealityz.com/?3
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virtualrealityz.com/?1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.virtualrealityz.com/?4
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.virtualrealityz.com/?2
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [VoyetraTray] C:\PROGRAM FILES\VOYETRA\AUDIOSTATION 32\VTRAY.EXE /s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [cAg0u] C:\WINDOWS\SYSTEM\D9B948C0.hta
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - Startup: 3Com Modem Manager.lnk = C:\Program Files\3COM\MODEMMGR\Program\mdmMgr.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O14 - IERESET.INF: START_PAGE_URL=http://business.dellnet.com/