My HijackThis Log

By akuMalawi
Mar 11, 2005
  1. Could you please help me with the HijacktThis file attached.
    I'm running XP.
    I could not open Windows Explorer and Internet Explorer so I went to Internet Options and disabled third party extensions.
    Now Windows Explorer is opening but IE still wont get launched.

    If I type in a url in Windows Explorer it loads the web page, But I cant launch IE from the desktop icon, run command, or start menu.

    Thanks in advance
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Boot in Safe Mode.
    Switch System restore OFF.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:


    Next, run HJT on its own and let it 'fix' if there:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

    ALL lines starting with: O1 - Hosts:

    O2 - BHO: (no name) - {3E438185-C3E0-44E2-AF74-B1FF62C48FD5} - C:\WINNT\System32\agko.dll
    O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winawckebqd.dll
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [scrsvc] C:\WINNT\System32\scrsvc.exe
    O4 - HKLM\..\Run: [bootpd.exe] C:\WINNT\System32\bootpd.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!
    O18 - Filter: text/html - {E3BC895D-872D-465E-9B8D-D4EB9BF8D0B0} - C:\WINNT\System32\agko.dll
    O18 - Filter: text/plain - {E3BC895D-872D-465E-9B8D-D4EB9BF8D0B0} - C:\WINNT\System32\agko.dll

    When done, delete the highlighted bold files.
    Delete ALL files and/or subdirectories from: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    Boot normal. When all OK, switch System Restore back on.

    You should then consider installing XP-SP1, and probably a whole load more web-updates.
    Do NOT install SP2 if you don't have any good backup-strategy.
  3. akuMalawi

    akuMalawi TS Rookie Topic Starter

    It worked

    Thanks a lot it worked.
    I noticed you use win2k. Any particular reason why (security wise).
    I'm wondering if upgrading to XP was a good idea after all.
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    I don't like Fisher-Price style programs, and I don't like a program or OS that you have to activate everytime you make a change to your hardware. I also consider XP highly unstable, which is confirmed by the myriads of problems that people have with XP. Just browse around on this forum alone, it is frightening.
    My install of W2K actually dates from October 2002. I've done all the Service Packs and all the MS-updates. It just never breaks down, at least with my type of computing. I take regular images, just in case, and in all these years I had to do a restore only twice, and that was due to some lousy software that I installed.
    Otherwise W2K is rock-solid. I never had any security issues, what with a router-cum-firewall, an Antivirus program and a software firewall. I have a 1MB wireless broadband connection that cannot be compromised, using Israeli encryption-technique.
    Hope this answer satisfies.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...