i've ran adaware, spybot s&d, spy subtract and online virus scan from trend micro but still i get about:blank when i load internet explore hijack this log attached.
Logfile of HijackThis v1.99.1
Scan saved at 17:50:58, on 21/05/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\GDI32.DLL
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSET.EXE
C:\WINDOWS\MSBY32.EXE
C:\WINDOWS\SYSTEM\APIAI32.EXE
C:\WINDOWS\SYSTEM\APIAI32.EXE
C:\WINDOWS\SYSTEM\IEXB32.EXE
C:\WINDOWS\SYSTEM\APIAI32.EXE
C:\WINDOWS\SYSTEM\APIRN32.EXE
C:\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {C2EFCA32-D3CF-3801-B32F-6A7589AA0A8A} - C:\WINDOWS\NETDT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SYSET.EXE] C:\WINDOWS\SYSET.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATLAL32.EXE] C:\WINDOWS\SYSTEM\ATLAL32.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [APIKY.EXE] C:\WINDOWS\SYSTEM\APIKY.EXE /s
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MSBD32.EXE] C:\WINDOWS\SYSTEM\MSBD32.EXE /s
O4 - HKLM\..\RunServices: [NTYD32.EXE] C:\WINDOWS\NTYD32.EXE /s
O4 - HKLM\..\RunServices: [MFCYN32.EXE] C:\WINDOWS\SYSTEM\MFCYN32.EXE /s
O4 - HKLM\..\RunServices: [WINAK.EXE] C:\WINDOWS\WINAK.EXE /s
O4 - HKLM\..\RunServices: [JAVAQW32.EXE] C:\WINDOWS\JAVAQW32.EXE /s
O4 - HKLM\..\RunServices: [WINMG.EXE] C:\WINDOWS\WINMG.EXE /s
O4 - HKLM\..\RunServices: [MSFI32.EXE] C:\WINDOWS\MSFI32.EXE /s
O4 - HKLM\..\RunServices: [SYSRO32.EXE] C:\WINDOWS\SYSTEM\SYSRO32.EXE /s
O4 - HKLM\..\RunServices: [D3LG32.EXE] C:\WINDOWS\D3LG32.EXE /s
O4 - HKLM\..\RunServices: [JAVACX32.EXE] C:\WINDOWS\SYSTEM\JAVACX32.EXE /s
O4 - HKLM\..\RunServices: [NTTQ.EXE] C:\WINDOWS\NTTQ.EXE /s
O4 - HKLM\..\RunServices: [NTBQ.EXE] C:\WINDOWS\SYSTEM\NTBQ.EXE /s
O4 - HKLM\..\RunServices: [JAVANR32.EXE] C:\WINDOWS\JAVANR32.EXE /s
O4 - HKLM\..\RunServices: [MSBU32.EXE] C:\WINDOWS\SYSTEM\MSBU32.EXE /s
O4 - HKLM\..\RunServices: [IEXM32.EXE] C:\WINDOWS\IEXM32.EXE /s
O4 - HKLM\..\RunServices: [ATLNC.EXE] C:\WINDOWS\ATLNC.EXE /s
O4 - HKLM\..\RunServices: [IESW32.EXE] C:\WINDOWS\SYSTEM\IESW32.EXE /s
O4 - HKLM\..\RunServices: [CRJP.EXE] C:\WINDOWS\CRJP.EXE /s
O4 - HKLM\..\RunServices: [SDKNJ.EXE] C:\WINDOWS\SYSTEM\SDKNJ.EXE /s
O4 - HKLM\..\RunServices: [JAVAAA.EXE] C:\WINDOWS\JAVAAA.EXE /s
O4 - HKLM\..\RunServices: [APIVC32.EXE] C:\WINDOWS\SYSTEM\APIVC32.EXE /s
O4 - HKLM\..\RunServices: [D3AV32.EXE] C:\WINDOWS\SYSTEM\D3AV32.EXE /s
O4 - HKLM\..\RunServices: [MSKF.EXE] C:\WINDOWS\SYSTEM\MSKF.EXE /s
O4 - HKLM\..\RunServices: [D3XQ32.EXE] C:\WINDOWS\SYSTEM\D3XQ32.EXE /s
O4 - HKLM\..\RunServices: [SDKAZ.EXE] C:\WINDOWS\SYSTEM\SDKAZ.EXE /s
O4 - HKLM\..\RunServices: [APPXX.EXE] C:\WINDOWS\APPXX.EXE /s
O4 - HKLM\..\RunServices: [IPVD32.EXE] C:\WINDOWS\IPVD32.EXE /s
O4 - HKLM\..\RunServices: [NETJZ32.EXE] C:\WINDOWS\SYSTEM\NETJZ32.EXE /s
O4 - HKLM\..\RunServices: [APICM32.EXE] C:\WINDOWS\APICM32.EXE /s
O4 - HKLM\..\RunServices: [IEZK32.EXE] C:\WINDOWS\IEZK32.EXE /s
O4 - HKLM\..\RunServices: [APIED32.EXE] C:\WINDOWS\APIED32.EXE /s
O4 - HKLM\..\RunServices: [ATLAV.EXE] C:\WINDOWS\SYSTEM\ATLAV.EXE /s
O4 - HKLM\..\RunServices: [MSBY32.EXE] C:\WINDOWS\MSBY32.EXE /s
O4 - HKLM\..\RunServices: [APPKT.EXE] C:\WINDOWS\APPKT.EXE /s
O4 - HKLM\..\RunServices: [NTGD32.EXE] C:\WINDOWS\SYSTEM\NTGD32.EXE /s
O4 - HKLM\..\RunServices: [APIZD.EXE] C:\WINDOWS\APIZD.EXE /s
O4 - HKLM\..\RunServices: [APIAI32.EXE] C:\WINDOWS\SYSTEM\APIAI32.EXE /s
O4 - HKLM\..\RunServices: [IEXB32.EXE] C:\WINDOWS\SYSTEM\IEXB32.EXE /s
O4 - HKLM\..\RunServices: [APIRN32.EXE] C:\WINDOWS\SYSTEM\APIRN32.EXE /s
O4 - HKCU\..\Run: [SpySweeper] "C:\PROGRAM FILES\PC HEALTHCHECK\SPYSWEEPER\SPYSWEEPER.EXE" /0
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
Logfile of HijackThis v1.99.1
Scan saved at 17:50:58, on 21/05/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\GDI32.DLL
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSET.EXE
C:\WINDOWS\MSBY32.EXE
C:\WINDOWS\SYSTEM\APIAI32.EXE
C:\WINDOWS\SYSTEM\APIAI32.EXE
C:\WINDOWS\SYSTEM\IEXB32.EXE
C:\WINDOWS\SYSTEM\APIAI32.EXE
C:\WINDOWS\SYSTEM\APIRN32.EXE
C:\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {C2EFCA32-D3CF-3801-B32F-6A7589AA0A8A} - C:\WINDOWS\NETDT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SYSET.EXE] C:\WINDOWS\SYSET.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATLAL32.EXE] C:\WINDOWS\SYSTEM\ATLAL32.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [APIKY.EXE] C:\WINDOWS\SYSTEM\APIKY.EXE /s
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MSBD32.EXE] C:\WINDOWS\SYSTEM\MSBD32.EXE /s
O4 - HKLM\..\RunServices: [NTYD32.EXE] C:\WINDOWS\NTYD32.EXE /s
O4 - HKLM\..\RunServices: [MFCYN32.EXE] C:\WINDOWS\SYSTEM\MFCYN32.EXE /s
O4 - HKLM\..\RunServices: [WINAK.EXE] C:\WINDOWS\WINAK.EXE /s
O4 - HKLM\..\RunServices: [JAVAQW32.EXE] C:\WINDOWS\JAVAQW32.EXE /s
O4 - HKLM\..\RunServices: [WINMG.EXE] C:\WINDOWS\WINMG.EXE /s
O4 - HKLM\..\RunServices: [MSFI32.EXE] C:\WINDOWS\MSFI32.EXE /s
O4 - HKLM\..\RunServices: [SYSRO32.EXE] C:\WINDOWS\SYSTEM\SYSRO32.EXE /s
O4 - HKLM\..\RunServices: [D3LG32.EXE] C:\WINDOWS\D3LG32.EXE /s
O4 - HKLM\..\RunServices: [JAVACX32.EXE] C:\WINDOWS\SYSTEM\JAVACX32.EXE /s
O4 - HKLM\..\RunServices: [NTTQ.EXE] C:\WINDOWS\NTTQ.EXE /s
O4 - HKLM\..\RunServices: [NTBQ.EXE] C:\WINDOWS\SYSTEM\NTBQ.EXE /s
O4 - HKLM\..\RunServices: [JAVANR32.EXE] C:\WINDOWS\JAVANR32.EXE /s
O4 - HKLM\..\RunServices: [MSBU32.EXE] C:\WINDOWS\SYSTEM\MSBU32.EXE /s
O4 - HKLM\..\RunServices: [IEXM32.EXE] C:\WINDOWS\IEXM32.EXE /s
O4 - HKLM\..\RunServices: [ATLNC.EXE] C:\WINDOWS\ATLNC.EXE /s
O4 - HKLM\..\RunServices: [IESW32.EXE] C:\WINDOWS\SYSTEM\IESW32.EXE /s
O4 - HKLM\..\RunServices: [CRJP.EXE] C:\WINDOWS\CRJP.EXE /s
O4 - HKLM\..\RunServices: [SDKNJ.EXE] C:\WINDOWS\SYSTEM\SDKNJ.EXE /s
O4 - HKLM\..\RunServices: [JAVAAA.EXE] C:\WINDOWS\JAVAAA.EXE /s
O4 - HKLM\..\RunServices: [APIVC32.EXE] C:\WINDOWS\SYSTEM\APIVC32.EXE /s
O4 - HKLM\..\RunServices: [D3AV32.EXE] C:\WINDOWS\SYSTEM\D3AV32.EXE /s
O4 - HKLM\..\RunServices: [MSKF.EXE] C:\WINDOWS\SYSTEM\MSKF.EXE /s
O4 - HKLM\..\RunServices: [D3XQ32.EXE] C:\WINDOWS\SYSTEM\D3XQ32.EXE /s
O4 - HKLM\..\RunServices: [SDKAZ.EXE] C:\WINDOWS\SYSTEM\SDKAZ.EXE /s
O4 - HKLM\..\RunServices: [APPXX.EXE] C:\WINDOWS\APPXX.EXE /s
O4 - HKLM\..\RunServices: [IPVD32.EXE] C:\WINDOWS\IPVD32.EXE /s
O4 - HKLM\..\RunServices: [NETJZ32.EXE] C:\WINDOWS\SYSTEM\NETJZ32.EXE /s
O4 - HKLM\..\RunServices: [APICM32.EXE] C:\WINDOWS\APICM32.EXE /s
O4 - HKLM\..\RunServices: [IEZK32.EXE] C:\WINDOWS\IEZK32.EXE /s
O4 - HKLM\..\RunServices: [APIED32.EXE] C:\WINDOWS\APIED32.EXE /s
O4 - HKLM\..\RunServices: [ATLAV.EXE] C:\WINDOWS\SYSTEM\ATLAV.EXE /s
O4 - HKLM\..\RunServices: [MSBY32.EXE] C:\WINDOWS\MSBY32.EXE /s
O4 - HKLM\..\RunServices: [APPKT.EXE] C:\WINDOWS\APPKT.EXE /s
O4 - HKLM\..\RunServices: [NTGD32.EXE] C:\WINDOWS\SYSTEM\NTGD32.EXE /s
O4 - HKLM\..\RunServices: [APIZD.EXE] C:\WINDOWS\APIZD.EXE /s
O4 - HKLM\..\RunServices: [APIAI32.EXE] C:\WINDOWS\SYSTEM\APIAI32.EXE /s
O4 - HKLM\..\RunServices: [IEXB32.EXE] C:\WINDOWS\SYSTEM\IEXB32.EXE /s
O4 - HKLM\..\RunServices: [APIRN32.EXE] C:\WINDOWS\SYSTEM\APIRN32.EXE /s
O4 - HKCU\..\Run: [SpySweeper] "C:\PROGRAM FILES\PC HEALTHCHECK\SPYSWEEPER\SPYSWEEPER.EXE" /0
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab