Spyware Trouble Need Help

I have found that i have the same problem that Samantha had. Getting redirected to different homepages. I get delayed typing and/or freezing up. I have run hijackthis but have no clue on what to do next pls someone help. I will post the log and hopefully get answers and solutions to my problem/s.
Logfile of HijackThis v1.97.7

Scan saved at 9:16:01 PM, on 2/29/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE

C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\MOUSE\SYSTEM\EM_EXEC.EXE

C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE

C:\WINDOWS\SYSTEM\SKBPATCH.EXE

C:\PROGRAM FILES\MOTIVE\MOTIVEASSISTANT\MOTMON.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\SPYWARE\HIJACKTHIS1\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://acc.count-all.com/--/?cociz (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://acc.count-all.com/---/?cociz (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://acc.count-all.com/--/?cociz (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.sbc.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acc.count-all.com/-/?cociz (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://acc.count-all.com/--/?cociz (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?cociz (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?cociz (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acc.count-all.com/-/?cociz about:blank (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c00&s=searchbar&LC=0409

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://acc.count-all.com/--/?cociz (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://acc.count-all.com/--/?cociz (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?cociz (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?cociz (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = C:\WINDOWS\system32\securityID=816093-MS03-011&privacyAPI32=x401.html

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?cociz (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?cociz (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html

F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSINFO\info32.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe

O4 - HKLM\..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe

O4 - HKLM\..\Run: [USB Hub Keyboard Patch] SKBPATCH.EXE

O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\MotiveAssistant\motmon.exe

O4 - HKLM\..\Run: [winmain] winmain.exe

O4 - HKLM\..\Run: [Tapicfg.exe] C:\WINDOWS\SYSTEM\tapicfg.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Translate (HKLM)

O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37955.7341435185

O19 - User stylesheet: C:\WINDOWS\Web\win.def

O19 - User stylesheet: C:\WINDOWS\default.css (HKLM)

 

just to add to Robos info

you must fix this
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html

and this
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSINFO\info32.exe
which is a trojan that can steal passwords etc
info here

and
O4 - HKLM\..\Run: [winmain] winmain.exe

O4 - HKLM\..\Run: [Tapicfg.exe] C:\WINDOWS\SYSTEM\tapicfg.exe

O19 - User stylesheet: C:\WINDOWS\Web\win.def

O19 - User stylesheet: C:\WINDOWS\default.css (HKLM)

i would suggest using this to remove some of them
http://www.majorgeeks.com/download4086.html

after fixing these with hijack and running cw shredder reboot into safe mode
and delete any of the following still left
C:\WINDOWS\SYSTEM\tapicfg.exe
c:\windows\winmain.exe
c:\windows\web\win.def
c:\windows\default.css

you may need to show hidden system files to find this not sure about 98 but it should be under folder options somewhere

 

Changes To Info32.exe

NEED TO GET MORE INFO ON HOW TO CHANGE THE INFO32.EXE . I WENT TO WHERE IT SAYS HOW TO DO IT BUT I GOT LOST.. NEED MORE HELP MR GENERAL LEE....THIS IS WHAT I NEED HELP WITH THIS

F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSINFO\info32.exe
which is a trojan that can steal passwords etc
info here
********************************************************

 

I had the same prob. Used Spybot S&D it fixed my prob! Yeah MG!!!!

 

OK kelb thanks for the info
im not sure that will remove the trojan though so gkse if the above advice doesnt fix it you need to do this
should be ok in 98 (long time no see)
start button--run--type msconfig--enter--look for the win-ini tab at the top of the box and select it -- in the new window look for the line
run=info32.exe --select it then on the right hand side will be a modify button--use this to delete the info32.exe line so you are just left with run= apply this and ok
reboot into safe mode check your running applications CTRL-ALT-DEL and make sure its not listed if its there select it and end process -then do a search for this info32.exe and delete it you may need to show hidden system files to do this in a normal window--select tools--folder options and then look for that option it may be slightly different in 98 but it should be obvious what one to select--apply and ok


as for the other stuff did you run the shredder i advised and if so did you get all the other stuff sorted

 

Thx General Lee Stoned

Everything Seems Running Good Now I Dont Have That Delay I Had. Thx To Everyone Who Had Some Input Especially General Lee Stoned........
Cant Forget Those Majorgeeks..................................i'm Glad There Are Still People Willing To Help Others In Need..

 

*pats everyone back*

 

cheers robo

but you had already sorted 90% of the stuff so it was easy for me to come along and pick up the pieces and steal the glory

chalk another one to team majorgeeks