Please Help Hijack this Log attached

By Longbowuk
May 21, 2005
Topic Status:
Not open for further replies.
  1. i've ran adaware, spybot s&d, spy subtract and online virus scan from trend micro but still i get about:blank when i load internet explore hijack this log attached.

    Logfile of HijackThis v1.99.1
    Scan saved at 17:50:58, on 21/05/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\GDI32.DLL
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSET.EXE
    C:\WINDOWS\MSBY32.EXE
    C:\WINDOWS\SYSTEM\APIAI32.EXE
    C:\WINDOWS\SYSTEM\APIAI32.EXE
    C:\WINDOWS\SYSTEM\IEXB32.EXE
    C:\WINDOWS\SYSTEM\APIAI32.EXE
    C:\WINDOWS\SYSTEM\APIRN32.EXE
    C:\HJT\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
    R3 - Default URLSearchHook is missing
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Class - {C2EFCA32-D3CF-3801-B32F-6A7589AA0A8A} - C:\WINDOWS\NETDT.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [SYSET.EXE] C:\WINDOWS\SYSET.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ATLAL32.EXE] C:\WINDOWS\SYSTEM\ATLAL32.EXE
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [APIKY.EXE] C:\WINDOWS\SYSTEM\APIKY.EXE /s
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [MSBD32.EXE] C:\WINDOWS\SYSTEM\MSBD32.EXE /s
    O4 - HKLM\..\RunServices: [NTYD32.EXE] C:\WINDOWS\NTYD32.EXE /s
    O4 - HKLM\..\RunServices: [MFCYN32.EXE] C:\WINDOWS\SYSTEM\MFCYN32.EXE /s
    O4 - HKLM\..\RunServices: [WINAK.EXE] C:\WINDOWS\WINAK.EXE /s
    O4 - HKLM\..\RunServices: [JAVAQW32.EXE] C:\WINDOWS\JAVAQW32.EXE /s
    O4 - HKLM\..\RunServices: [WINMG.EXE] C:\WINDOWS\WINMG.EXE /s
    O4 - HKLM\..\RunServices: [MSFI32.EXE] C:\WINDOWS\MSFI32.EXE /s
    O4 - HKLM\..\RunServices: [SYSRO32.EXE] C:\WINDOWS\SYSTEM\SYSRO32.EXE /s
    O4 - HKLM\..\RunServices: [D3LG32.EXE] C:\WINDOWS\D3LG32.EXE /s
    O4 - HKLM\..\RunServices: [JAVACX32.EXE] C:\WINDOWS\SYSTEM\JAVACX32.EXE /s
    O4 - HKLM\..\RunServices: [NTTQ.EXE] C:\WINDOWS\NTTQ.EXE /s
    O4 - HKLM\..\RunServices: [NTBQ.EXE] C:\WINDOWS\SYSTEM\NTBQ.EXE /s
    O4 - HKLM\..\RunServices: [JAVANR32.EXE] C:\WINDOWS\JAVANR32.EXE /s
    O4 - HKLM\..\RunServices: [MSBU32.EXE] C:\WINDOWS\SYSTEM\MSBU32.EXE /s
    O4 - HKLM\..\RunServices: [IEXM32.EXE] C:\WINDOWS\IEXM32.EXE /s
    O4 - HKLM\..\RunServices: [ATLNC.EXE] C:\WINDOWS\ATLNC.EXE /s
    O4 - HKLM\..\RunServices: [IESW32.EXE] C:\WINDOWS\SYSTEM\IESW32.EXE /s
    O4 - HKLM\..\RunServices: [CRJP.EXE] C:\WINDOWS\CRJP.EXE /s
    O4 - HKLM\..\RunServices: [SDKNJ.EXE] C:\WINDOWS\SYSTEM\SDKNJ.EXE /s
    O4 - HKLM\..\RunServices: [JAVAAA.EXE] C:\WINDOWS\JAVAAA.EXE /s
    O4 - HKLM\..\RunServices: [APIVC32.EXE] C:\WINDOWS\SYSTEM\APIVC32.EXE /s
    O4 - HKLM\..\RunServices: [D3AV32.EXE] C:\WINDOWS\SYSTEM\D3AV32.EXE /s
    O4 - HKLM\..\RunServices: [MSKF.EXE] C:\WINDOWS\SYSTEM\MSKF.EXE /s
    O4 - HKLM\..\RunServices: [D3XQ32.EXE] C:\WINDOWS\SYSTEM\D3XQ32.EXE /s
    O4 - HKLM\..\RunServices: [SDKAZ.EXE] C:\WINDOWS\SYSTEM\SDKAZ.EXE /s
    O4 - HKLM\..\RunServices: [APPXX.EXE] C:\WINDOWS\APPXX.EXE /s
    O4 - HKLM\..\RunServices: [IPVD32.EXE] C:\WINDOWS\IPVD32.EXE /s
    O4 - HKLM\..\RunServices: [NETJZ32.EXE] C:\WINDOWS\SYSTEM\NETJZ32.EXE /s
    O4 - HKLM\..\RunServices: [APICM32.EXE] C:\WINDOWS\APICM32.EXE /s
    O4 - HKLM\..\RunServices: [IEZK32.EXE] C:\WINDOWS\IEZK32.EXE /s
    O4 - HKLM\..\RunServices: [APIED32.EXE] C:\WINDOWS\APIED32.EXE /s
    O4 - HKLM\..\RunServices: [ATLAV.EXE] C:\WINDOWS\SYSTEM\ATLAV.EXE /s
    O4 - HKLM\..\RunServices: [MSBY32.EXE] C:\WINDOWS\MSBY32.EXE /s
    O4 - HKLM\..\RunServices: [APPKT.EXE] C:\WINDOWS\APPKT.EXE /s
    O4 - HKLM\..\RunServices: [NTGD32.EXE] C:\WINDOWS\SYSTEM\NTGD32.EXE /s
    O4 - HKLM\..\RunServices: [APIZD.EXE] C:\WINDOWS\APIZD.EXE /s
    O4 - HKLM\..\RunServices: [APIAI32.EXE] C:\WINDOWS\SYSTEM\APIAI32.EXE /s
    O4 - HKLM\..\RunServices: [IEXB32.EXE] C:\WINDOWS\SYSTEM\IEXB32.EXE /s
    O4 - HKLM\..\RunServices: [APIRN32.EXE] C:\WINDOWS\SYSTEM\APIRN32.EXE /s
    O4 - HKCU\..\Run: [SpySweeper] "C:\PROGRAM FILES\PC HEALTHCHECK\SPYSWEEPER\SPYSWEEPER.EXE" /0
    O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
    O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
  2. black9

    black9 Newcomer, in training Posts: 41

    honestly with that much stuff the easyest thing to do is take it all out from hijackthis and if you want a program to boot with your computer just reinstall it and theres a good chance you have gotten ride of your problem. Its hard to look at it and tell you what to do because it depends on what you want open when you boot your computer up :) hope that helps

    cheers
  3. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Hello and welcome to Techspot.

    Please DO NOT let Hijackthis fix everything as more than likely this will crash your system.

    Go HERE and follow the instructions carefully. Print them out if you can.

    Once you have done that, go HERE for instructions on how to post your Hijackthis log.

    Regards Howard :wave: :wave:
  4. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    There is no easy way to say this, but how THICK are you?
    No Antivirus program on your PC whatsoever!

    With the exception of these:
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    ALL other O4 - HKLM\..\RunServices: are infections!

    Rather than trying to fix your mess, you should save your personal data, then get a bootfloppy.
    Boot from it, and type format c: /u
    Then reinstall.
  5. Longbowuk

    Longbowuk Newcomer, in training Topic Starter

    It's actualy a freinds computer i'm trying to fix after running adware about 10 times it failed about 5 times to remove anything just hung at deleting objects the computer actualy had Norton AntiVirus 2005 on with everything ticked to on and it has just come back from a PC-World Health Check. The user is actualy a novice computer user and you can't really blame them.

    And i would just format, however they don't have or have lost the driver discs.....
  6. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Go to this post here first, and follow the instructions EXACTLY, especially about UPDATING and HJT-location.
    How to remove Begin2Search/Coolwebsearch and Other Nasties

    Download all those programs, burn them on a CD, and take that to your buddy.
    Then follow the instructions TO THE LETTER, as if you would have HomeSearch Assistant.
    When you get to it, you should run the aboutBuster program at least twice!

    Under NO circumstance should you use or open Internet explorer on that PC!

    When done, see How to post your Hijackthis log-files. and post a fresh log.
  7. black9

    black9 Newcomer, in training Posts: 41

    really? i've fix everything several times and it just stops all the programs that boot up with my computer and resets my home page on iexplore and maybe resets a few small things on my computer like that. But it doesn't tamper with my windows. Has it given you another outcome? sorry about the bad spelling.
  8. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    black9

    That advise is NOT general, it is ONLY for longbowuk with HIS particular problem on only THAT PC!
  9. HughJass

    HughJass Newcomer, in training Posts: 137

    2 words!

    format c:
  10. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    HughJass
    go play in your sandbox if you have nothing more constructive to offer!
    Agewise you should still fit in it.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.