Hijacking

HI THERE, Even after I use SpyBot, Ad-Aware, Hi-jack this etc, I'm still having my home page hi-jacked. Can someone tell me please, how to stop this. Also, can you tell me the quickest way to post a logfile here, which I'm sure you'll be asking for.
Many Thnaks..
GPS. is this the logfile?...
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank "
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank "

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html "
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\WINDOWS\TEMP\sp.html "

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html "
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\WINDOWS\TEMP\sp.html "

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html "
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\WINDOWS\TEMP\sp.html "

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html "
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\WINDOWS\TEMP\sp.html "

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html "
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\WINDOWS\TEMP\sp.html "

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html "
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\WINDOWS\TEMP\sp.html "

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html "
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\WINDOWS\TEMP\sp.html "

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html "
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\WINDOWS\TEMP\sp.html "

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html "
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\WINDOWS\TEMP\sp.html "


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{0FC099C1-D4D6-11D8-AAD8-5254431985A1}


CoolWebSearch Object recognized!
Type : File
Data : hphla.dll
Object : c:\windows\system\
FileSize : 30 KB
Created on : 13/07/04 13:08:16
Last accessed : 14/07/04 23:00:00
Last modified : 13/07/04 13:08:18



CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{0FC099C2-D4D6-11D8-AAD8-5254B3CB1BD6}


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/html


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLS\Filter\text/plain


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FC099C2-D4D6-11D8-AAD8-5254B3CB1BD6}


Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 15
Objects found so far: 16


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@counter7.sextracker[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 15/07/04 07:00:05
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 07:00:06



Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@paycounter[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 15/07/04 06:55:19
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 06:55:20



Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@sexlist[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 15/07/04 07:24:43
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 07:24:44



Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@counter2.sextracker[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 15/07/04 07:00:05
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 07:00:06



Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@sextracker[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 15/07/04 07:00:05
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 07:00:06



Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@hg1.hitbox[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 15/07/04 07:33:21
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 07:33:22



Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@hitbox[2].txt
Object : C:\WINDOWS\Cookies\

Created on : 15/07/04 07:33:21
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 07:33:22



Tracking Cookie Object recognized!
Type : File
Data : gerdcurli@xxxcounter[1].txt
Object : C:\WINDOWS\Cookies\

Created on : 15/07/04 07:34:53
Last accessed : 14/07/04 23:00:00
Last modified : 15/07/04 07:34:54


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

LogFile

Hi Pete, thanks for such a swift reply, as usual.
Here is the logfile you asked me to paste:-

Logfile of HijackThis v1.98.0
Scan saved at 13:06:27, on 15/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\ADOBE\PHOTOSHOP 7.0\PHOTOSHOP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {B2F2DA9C-D635-11D8-AAD8-52542B7B1603} - C:\WINDOWS\SYSTEM\HPHLA.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1601.0\MSGR.EN-US.EN-GB\MSNTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" "+b1 "
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O18 - Filter: text/html - {B2F2DA9B-D635-11D8-AAD8-5254A4928E77} - C:\WINDOWS\SYSTEM\HPHLA.DLL
O18 - Filter: text/plain - {B2F2DA9B-D635-11D8-AAD8-5254A4928E77} - C:\WINDOWS\SYSTEM\HPHLA.DLL

regards,
G

 

First, download and install Reglite. Open and copy/paste the following string in the address window then click go.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Double click on the AppInit_DLLs entry to open a "Data Editor" properties window. If the Value line contains a .dll filename, copy/paste it here.

Additionally, download the current version of CWShredder, v1.59.1. You'll need it later.

 

Try cwsredder first
Fist Download, then close all open windows and run CWShredder 1.59.1
http://www.net-integration.net/tools/hijackthis.html#cwshredder <<from there
Click Fix, don't just scan. You have several CoolWebSearch components which it should remove.
If you already have it, just download another copy and overwrite the old one..To ensure its the latest version. currently its ver 1.59.1 as of 6/28/2004

Then restart the PC

come back then scan and repost another Hijackthis Log