problem... trojanhorse startpage.16.bd

Hello...

I have been trying to figure out my pc problem since 9 oclock this morning. Grr.. I must say that this website has been VERY helpful and thank you for all of the links, info etc.

I have read the rules of not posted my hijackthis log. I will say that I did as much as I possibly could do on Major Attitude's "Do not post until you have read this" I have prepared and tried to eliminate this problem as best as possible but when I was finished, it still brought me back to that same homepage... "about:blank"

So here is a briefing of what I was able to do. (I have windows me)
~I disabled the system restore but it did not ask me to reboot, so I did it on my own
~I tried to do step 2 which was click on start and run and ok after i have the word services.msc typed inside. It kept telling me that there was no such command and to try search. So I tried search and nothing came up.
~Step 3 I was able to do... that was vieweing hidden files.
~Step 4 I did which was create a folder called spyware tools for all of the antivirus /spyware removal programs.
I was able to install : Adaware se, Adaware vx2 cleaner plugin, ccleaner, spybot with search and destroy, mcafee avert stinger,cwshredder and that was it.
It would not allow me to install spywareblaster and wouldn't let me open the link to killme2.
From there I went into safe mode... unable to really see the screen because it was extremely dark and ran ccleaner, adaware, and spybot. That was as far as I could go because it wouldn't let me work online.

Prior to all of this, I did a hijackthis log and deleted the r1,2 problem files that I knew were part of this. That didn't work, when I did a hijackthis file about 6 hours later, the stuff showed up again.

So, with this information, what I can I start to do to try to make this work (besides burn the damn thing!) haha

Scorpion1024
PS... I ran AVG to know that I had this particular virus.
and just so everyone knows, I am a novice computer user so too much jargon is going to confuse me. Somehow I managed to get through the 6 pages of instructions of Major Attitude.

 

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an ATTACHMENT.
All instructions are covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting


Now post a Hijack This log as an ATTACHMENT to your message (Do NOT copy/paste the log into your post). Please close unnecessary running programs before you run HijackThis. You must close each of the following: your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc.

DO NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Here it is.
Thank you for your time!

Scorpion1024

 

Hi Scorpion,

Your HijackThis is WAAAAY out of date! Please D/L fresh one and rescan.

HijackThis v1.99.1

Note that your HijackThis MUST be extracted to its own safe folder – C:\Program Files\HijackThis !

I imagine BJGarrick will be checking back shortly!

PP

 

Ok here it is.

I am sorry about that. I thought I had the up to date version.


scorpion1024

 

Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O2 - BHO: (no name) - {675CEADB-B08C-40AA-8BAD-BA940A77B7A3} - C:\WINDOWS\SYSTEM\LFFB.DLL

O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE (file missing)


Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\SYSTEM\LFFB.DLL

C:\WINDOWS\TEMP\se.dll


NEXT:
Run CCleaner


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!