hijacked?

suziQ · #1 (**permalink**) 02-11-2005, 12:23 AM

hi hope you can help
been having rundll probs for a while gettiing message "error loading sre.dll the system cannot find the file specified" but as pc worked ok didn't worry (mistake?) recently when I go online error messege received "error loading c:\\windows\temp\se.dll" and a virus warning is flagged, this is healed by AVG7, the homepage is now set to 'about:blank' and no matter how often this is reset it still keeps defaulting to this. I have updated both AVG7 and SpybotS&D and scanned PC and fixed/healed any problems found but this has not fixed the problems. I have reached the limit of my scant knowledge and have been searching around, downloaded CWShredder and ran this, says I don't have CWS files on pc but free scan with spyferret says I do! Very confused now. you recommend sending you a hijacthis log so here goes

Logfile of HijackThis v1.99.1
Scan saved at 21

06, on 01/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL 4\KPF4SS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL 4\KPF4GUI.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gump.net/search/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [Atitask] Atiptaaa.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [sre] rundll32.exe sre.dll,Register
O4 - HKLM\..\Run: [Startup] WinlogonStartup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [KPF4] C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HotSync.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {4DF1F1E0-93AC-11D9-9137-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4DF1F1E0-93AC-11D9-9137-444553540000} - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.c...ll/Xscan53.cab

many thanks in anticipation
SuziQ

Neal · #2 (**permalink**) 02-11-2005, 04:01 AM

Hi and welcome to DAL,

Rest assured you do have coolwebsearch infection.

Please read the complete post first, you should copy and paste this post to a new text Document or print it.

Download and install http://www.ccleaner.com/ccdownload.php
Download and unzip to your Desktop---don't run the tool yet

http://www.bleepingcomputer.com/file...re/KillBox.zip
We will use Killbox later.

Download and install Adaware, uncheck "show help file" and "perform full system scan" at the end of the installing routine, perform the update and close Adaware. You will need it later

Download: "StartDreck", from here:
http://www.niksoft.at/download/startdreck.htm

Unzip to its own folder and start the program,

Press 'Config'
Press 'Unmark All'

Check the following boxes only:
Registry -> Run Keys
Files> Autostart Folders
System/drivers> Running processes
Press 'Ok'

Press 'Save' and select the location to save the log file
(default is the same folder as the application)
Exit StartDreck
And Post the log in this thread and a new HJT this log please.

suziQ · #3 (**permalink**) 02-11-2005, 09:57 PM

hi there - impressd by the speed of reply. Hopefully I've got it right (I'm a real novice- dare I say a total user) and downloaded all the things you said, I just hope that its done what you expected 'cause I wouldn't have a clue %{ Right here goes, here is the Startdreck log:

StartDreck (build 2.1.7 public stable) - 2005-11-02 @ 20:30:57 (GMT +00:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 5.00.2614.3500
Logged in as Mr & Mrs Hewitt at U2_C466

»Registry
»Run Keys
»Current User
»Run
*SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
»RunOnce
»Default User
»Run
*SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*SystemTray=SysTray.Exe
*ATIGART=c:\ati\gart\atigart.exe
*Atitask=Atiptaaa.exe
*AtiCwd32=Aticwd32.exe
*AtiQiPcl=AtiQiPcl.exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*AVG7_CC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
*AVG7_EMC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
*AVG7_AMSVR=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR. EXE
*InCD=C:\Program Files\Ahead\InCD\InCD.exe
*sre=rundll32.exe sre.dll,Register
*Startup=WinlogonStartup
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=C:\WINDOWS\SYSTEM\mstask.exe
*KPF4=C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\HotSync Manager.lnk
»Default User
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\HotSync Manager.lnk
»Local Machine
»System/Drivers
»Running Processes
+FFEF54FB=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFFAEF7=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFF9D9B=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFFF55B=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFE229B=C:\WINDOWS\SYSTEM\MSTASK.EXE
+FFFE161B=C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL 4\KPF4SS.EXE
+FFFE523B=C:\WINDOWS\EXPLORER.EXE
+FFFD1F77=C:\WINDOWS\TASKMON.EXE
+FFFD2B8F=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFFD554B=C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
+FFFD4FAB=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
+FFFDFFDF=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
+FFFDD0B3=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
+FFFDD3BB=C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
+FFFC1D43=C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
+FFFCAF87=C:\PROGRAM FILES\PALM\HOTSYNC.EXE
+FFFB3983=C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL 4\KPF4GUI.EXE
+FFFBDB53=C:\WINDOWS\SYSTEM\WMIEXE.EXE
+FFF929B7=C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
+FFF9BCFF=C:\WINDOWS\SYSTEM\TAPISRV.EXE
+FFF75DEF=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFF65C67=C:\WINDOWS\SYSTEM\SPOOL32.EXE
+FFF7ACF3=C:\WINDOWS\SYSTEM\RNAAPP.EXE
+FFF8AEFF=C:\WINDOWS\SYSTEM\PSTORES.EXE
+FFF9213F=C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
+FFF8A2E3=C:\PROGRAM FILES\STARTDRECK217\STARTDRECK.EXE
»Application specific

and as you requested a new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 20:35:07, on 02/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL 4\KPF4SS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL 4\KPF4GUI.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gump.net/search/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [Atitask] Atiptaaa.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [sre] rundll32.exe sre.dll,Register
O4 - HKLM\..\Run: [Startup] WinlogonStartup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [KPF4] C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HotSync.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {4DF1F1E0-93AC-11D9-9137-444553540000} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4DF1F1E0-93AC-11D9-9137-444553540000} - (no file) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.c...ll/Xscan53.cab

I guess if this is as expected I get to use the rest of the 'toolkit' Oh Goody!!
SuziQ

Neal · #4 (**permalink**) 02-11-2005, 11:24 PM

Hi,

Well dang Startdreck did not show me what I was looking for which was a hidden dll file.

So let;s procede.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
You can reenable TeaTimer once your system is clean.

If you don't have a way to unzip a folder then go here and download free trial version of winzip:

winzip

Next,
Download the Intermute stand-alone version of CWShredder from here: cwshredder.net/bin/CWShredder.exe
Install it and check for updates then exit, we will use it later.

Next,
Please download CWShredder from here( this is the older version), then exit no run yet http://www.thatcomputerguy.us/downloads-cat4.html

Download About:Buster from here:

http://majorgeeks.com/download4289.html

Unzip it to its own DESKTOP folder, right click open area on the desktop, click new, the new folder, name the folder Aboutbuster . It is VITAL that it be unzipped/extract all

Please open/run the program and check for updates. After you update it exit.
Do not run the actual scan/fix until instructed below.

disconnect from the internet---pull the plug etc. very important

Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.

Scan with Hijackthis again and put a check next to these items and making sure all browser windows are closed before clicking fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O4 - HKLM\..\Run: [sre] rundll32.exe sre.dll,Register
O4 - HKLM\..\Run: [Startup] WinlogonStartup

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Again make sure all browser windows are closed and click FIX

Still in safe mode

Now, run About:Buster as many times as it takes to not find anything

Next, run both CWShredder
-Click on the: ‘Fix’ Button on the first one and let it run, then click on fix for the second one and let it finish.
-Follow the prompts, and press OK

Now run CCleaner useing the windows tab only

Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal Start

Post a new HJT log for further review

suziQ · #5 (**permalink**) 03-11-2005, 11:48 PM

Hi Neal

Well summats changed I don't get the error logs about sre.dll or se.dll which is definately an improvement. still get About:blank (tho' the page is now truely blank) on logging on to net.

the next HJT log as requested - this is a stubborn wee beastie isn't it

Logfile of HijackThis v1.99.1
Scan saved at 22:29:21, on 03/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL 4\KPF4SS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL 4\KPF4GUI.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gump.net/search/index.html
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [Atitask] Atiptaaa.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [KPF4] C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HotSync.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.c...ll/Xscan53.cab

caio for now

SuziQ

Neal · #6 (**permalink**) 04-11-2005, 02:54 AM

Nice job there, your log is clean.

Try changeing your homepage back to the way it was or something else.

Do you know how to do that?

Go to tools>internet options and type in your home page you had or type in http://www.google.com/ then click apply then ok