Could someone pls look at my hijackthis log?

Hello,

I am attaching my hijackthis log to this post.

Ok, first some background info...I have been diligently reading and following the instructions from the FAQs on how to clean / disinfect my system for the last 4 -5 days. My biggest problem is I cant seem to delete / remove the most annoying pop-up from ewizard that usually goes "warning you may be infected" or "warning your mail is full of ..." it constantly pops in a small box approx 1/8 size of the screen or so. Like I said I have followed step by step the "Basic Spyware, Trojan And Virus Removal tutorial" and the Hijackthis Tutorial. I think I have narrowed it down to a few items...however I am not sure if I am overlooking something or not.

In my log you will notice the following....

several R1 and R0 entries...these have been repeatedly cleaned and removed but keep coming back....mainly I believe do to this

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\KENNETH\LOCALS~1\Temp\se.dll,DllInstall

I have removed this while in safe mode and it keeps coming back usually shortly after a reboot...hence I think I must be missing something.

Also, there are several lines dealing with nhccca.dll --- both 02 and 018...however I have looked all over the web and cant find anything about them...my gut says to delete them as they may be a source of my problems but I would really like a backup confirmation on this. I have even run my log in Help2Go Detective and Hijack This analysis both which flagged this as a possible unconfirmed issue... big question mark.

Anyway, I am hoping your extensive knowledge and experience might be able to help educate me ( was a big neophyte up till about a week ago...now maybe only a novice and still learning ). Please any help would be greatly appreciated. Again, I want to stress finding your site and all the amazingly well written tutorials and advice have helped clear up a large portion of my problems already.

Hope to hear from you all soon, as time allows of course. Hope you all are having a good week.

 

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KENNETH\LOCALS~1\Temp\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KENNETH\LOCALS~1\Temp\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {90796F67-3CBD-46C5-8F1B-AADE15A84F6D} - C:\WINDOWS\system32\nhccca.dll

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\KENNETH\LOCALS~1\Temp\se.dll,DllInstall

O18 - Filter: text/html - {A9B1F227-239D-41D9-B9FD-1B0F3F7DA47C} - C:\WINDOWS\system32\nhccca.dll

O18 - Filter: text/plain - {A9B1F227-239D-41D9-B9FD-1B0F3F7DA47C} - C:\WINDOWS\system32\nhccca.dll


Again, make sure All Browser Windows are Closed when you Click FIX.


NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:


se.dll <--- Search for this file, Delete when found!

sp.html <--- Search for this file, Delete when found!

C:\WINDOWS\system32\nhccca.dll


NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.



Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now.

Good Luck!

 

Hello all,

Ok this may be a bit overdue but I was waiting to see if anything resurfaced. Again I want to thank all who responded and for this well put together/documented site as a whole. System has been clean for a week and have had no problem since the last cleaning. I think the nhccca.dll was the source propagater of the se.dll and through it the about:blank recurrence but having removed all of them has resolved that issue. Here is my current hijackthis log and it has remained clean for the last week.


Again, cant say it enough...thanks to all who put this site together and take time to moderate and assist those of us who dont know enough about these things.

 

Your log is clean!


FINAL STEP

Reset Web Settings & Default Security Settings:


To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.




You should see this article on How to Protect yourself from malware!