Hijack this.log still containing dangerous entries?

[gransbpa]

Hi there,

I had several problems (dialers dialing in, cookies automatically generating themselves, etc.). I run hijack this, and removed some entries, but I'm still having some problems, not sure my system is 'clean' now. Does anybody have an idea what is the matter? Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 17:10:06, on 19-12-03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\PINNACLE\INSTANTCDDVD\INSTANTWRITE\IWCTRL.EXE
C:\PROGRAM FILES\SMART PROTECTOR PRO\SMARTPROTECTORPRO.EXE
C:\PROGRAM FILES\SIEMENS\SANTIS WLAN\WLANMONITOR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

F1 - win.ini: run=hpfsched
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [SPSTEALT] "C:\PROGRAM FILES\SMART PROTECTOR PRO\SMARTPROTECTORPRO.EXE" /stealt
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: SANTIS USB and PC Card Utility.lnk = C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=

 

[carrr]

Short of these two entries, I don't see anyhting readily suspect:
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
Though these don't appear to point anywhere, delete them.

"but I'm still having some problems, not sure my system is 'clean' now"

How ' bout some details? Hard to diagnose without some specifics.

 

[gransbpa]

I'll do that. Thanks!

 

[SYAR2003]

I nearly don't see any fishy things here either .

A Cong Gratulations must be the least i can say "Almost".

The win.ini could be backdor trojan.
F1 - win.ini: run=hpfsched
( it certainly sounds like HP something ,but dont be sure)

Study this

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan.html

Regards from
syar thered nose

 

[ST0RMCHASER]

WINdows INItialization = win.ini

A Windows configuration file that describes the current state of the Windows environment. It contains hundreds of entries and is read by Windows on startup. It tells Windows such things as which programs to load or run automatically, if any, what the various screen, keyboard and mouse settings are, what the desktop looks like (icon spacing, wallpaper, colors, etc.) and what fonts are used.

 

[gransbpa]

Thanks, stormchaser and syar rednose, i'll check it out.