trojan horse startpage pt2

  march 08:56 01 May 2005
Locked

carrying on from my previous thread, running winds98se,internet explorer 5.5, spywareblaster installed along with avg antivirus,

click here


followed stalion's advice to run,a2,adaware,cwshredder,

I am at this stage; when I try to access internet avg antivirus appears with this;

Virus Detected,trojan horse startpage.19.j

I click on heal&it says 'heal successful'
then on the taskbar appears

'rundll' error loading c:\windows\temp\se.dll
access is denied, ok

I select ok & it closes, I can access the internet ok but cannot get rid of 'about blank' in explorer or remove 'search assistant uninstall'from add\remove programs

after looking under regedit for search assistant then under'explorer, in a folder named'doc find spec mru' is 'search assistant'

could I safely delete this to see if it will remove search assistant from the computer?

thought I would ask to see if anyone thinks this might work before I follow stalion's advice to post an 'hijack this log, thread


really grateful to stalion and anyone who can help me; thankyou

  VoG II 09:07 01 May 2005

You could try click here but the best bet is to paste a HJT log and await expert instructions. click here and please follow the instructions carefully.

There is an 800 word limit for each post on this site. This means that you will have to post your log in 3 or 4 sections or you will get an error message.

It would help if you could double-space the log by adding a blank line every other line. This will help to make it readable.

  march 09:40 01 May 2005

ok VoG™ hope I've done this right(really nervous)


part 1

Logfile of HijackThis v1.97.7
Scan saved at 09:22:30, on 01/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PQSC\PROGRAM\CPCTRAY.EXE

C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0

\BIN\INSTANTACCESS.EXE

C:\WINDOWS\MK9805.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE

C:\WINDOWS\SYSTEM\W98EJECT.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\MY DOCUMENTS\HIJACKTHIS.EXE

  march 09:41 01 May 2005

pt 2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT
5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {77A3BC01-B9A2-11D9-893B-00D0544B1D05} - C:\WINDOWS\SYSTEM\APFE.DLL

O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\CPCTRAY.EXE

O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE

O4 - HKLM\..\Run: [CHotKey] mk9805.exe

  march 09:42 01 May 2005

pt 3

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE

O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - click here

  march 09:43 01 May 2005

thats all copied & pasted hope it's been done right

waiting for advice

thanks to VoG™

  VoG II 09:45 01 May 2005

Well done march.

I've sent a message to Nellie2 who is an expert on these things. Please be patient - she is a very busy lady.

  march 09:48 01 May 2005

thanks VoG™

will wait as you say, thankyou for getting in touch with Nellie2 for me,

march

  march 10:27 01 May 2005

just to let you know, have to go out for a couple of hours will look for any reply later

in the meantime thankyou

  Nellie2 11:24 01 May 2005

I'm sorry to be a nusciance but you have used a very out of date version of hijackthis, could you delete the copy that you have and download v1.99.1 from click here (it is a self extracting zip) and then post a fresh log please using that version.

  march 13:03 01 May 2005

Nellie2

thankyou for your response, I have done as you said & downloaded the program and it comes up with '1 file unzipped successfully'I clicked ok but nothing happened what have I done wrong?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Nokia 8 vs Galaxy S8

Best new design books 2017: From vintage infographics to the the psychology of type

iMac 21.5-inch (2017) review

Nokia 8 : design, caractéristiques techniques, date de sortie