Please Help Hijack this Log attached

[Longbowuk]

i've ran adaware, spybot s&d, spy subtract and online virus scan from trend micro but still i get about:blank when i load internet explore hijack this log attached.

Logfile of HijackThis v1.99.1
Scan saved at 17:50:58, on 21/05/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\GDI32.DLL
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSET.EXE
C:\WINDOWS\MSBY32.EXE
C:\WINDOWS\SYSTEM\APIAI32.EXE
C:\WINDOWS\SYSTEM\APIAI32.EXE
C:\WINDOWS\SYSTEM\IEXB32.EXE
C:\WINDOWS\SYSTEM\APIAI32.EXE
C:\WINDOWS\SYSTEM\APIRN32.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\lkemu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {C2EFCA32-D3CF-3801-B32F-6A7589AA0A8A} - C:\WINDOWS\NETDT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SYSET.EXE] C:\WINDOWS\SYSET.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATLAL32.EXE] C:\WINDOWS\SYSTEM\ATLAL32.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [APIKY.EXE] C:\WINDOWS\SYSTEM\APIKY.EXE /s
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MSBD32.EXE] C:\WINDOWS\SYSTEM\MSBD32.EXE /s
O4 - HKLM\..\RunServices: [NTYD32.EXE] C:\WINDOWS\NTYD32.EXE /s
O4 - HKLM\..\RunServices: [MFCYN32.EXE] C:\WINDOWS\SYSTEM\MFCYN32.EXE /s
O4 - HKLM\..\RunServices: [WINAK.EXE] C:\WINDOWS\WINAK.EXE /s
O4 - HKLM\..\RunServices: [JAVAQW32.EXE] C:\WINDOWS\JAVAQW32.EXE /s
O4 - HKLM\..\RunServices: [WINMG.EXE] C:\WINDOWS\WINMG.EXE /s
O4 - HKLM\..\RunServices: [MSFI32.EXE] C:\WINDOWS\MSFI32.EXE /s
O4 - HKLM\..\RunServices: [SYSRO32.EXE] C:\WINDOWS\SYSTEM\SYSRO32.EXE /s
O4 - HKLM\..\RunServices: [D3LG32.EXE] C:\WINDOWS\D3LG32.EXE /s
O4 - HKLM\..\RunServices: [JAVACX32.EXE] C:\WINDOWS\SYSTEM\JAVACX32.EXE /s
O4 - HKLM\..\RunServices: [NTTQ.EXE] C:\WINDOWS\NTTQ.EXE /s
O4 - HKLM\..\RunServices: [NTBQ.EXE] C:\WINDOWS\SYSTEM\NTBQ.EXE /s
O4 - HKLM\..\RunServices: [JAVANR32.EXE] C:\WINDOWS\JAVANR32.EXE /s
O4 - HKLM\..\RunServices: [MSBU32.EXE] C:\WINDOWS\SYSTEM\MSBU32.EXE /s
O4 - HKLM\..\RunServices: [IEXM32.EXE] C:\WINDOWS\IEXM32.EXE /s
O4 - HKLM\..\RunServices: [ATLNC.EXE] C:\WINDOWS\ATLNC.EXE /s
O4 - HKLM\..\RunServices: [IESW32.EXE] C:\WINDOWS\SYSTEM\IESW32.EXE /s
O4 - HKLM\..\RunServices: [CRJP.EXE] C:\WINDOWS\CRJP.EXE /s
O4 - HKLM\..\RunServices: [SDKNJ.EXE] C:\WINDOWS\SYSTEM\SDKNJ.EXE /s
O4 - HKLM\..\RunServices: [JAVAAA.EXE] C:\WINDOWS\JAVAAA.EXE /s
O4 - HKLM\..\RunServices: [APIVC32.EXE] C:\WINDOWS\SYSTEM\APIVC32.EXE /s
O4 - HKLM\..\RunServices: [D3AV32.EXE] C:\WINDOWS\SYSTEM\D3AV32.EXE /s
O4 - HKLM\..\RunServices: [MSKF.EXE] C:\WINDOWS\SYSTEM\MSKF.EXE /s
O4 - HKLM\..\RunServices: [D3XQ32.EXE] C:\WINDOWS\SYSTEM\D3XQ32.EXE /s
O4 - HKLM\..\RunServices: [SDKAZ.EXE] C:\WINDOWS\SYSTEM\SDKAZ.EXE /s
O4 - HKLM\..\RunServices: [APPXX.EXE] C:\WINDOWS\APPXX.EXE /s
O4 - HKLM\..\RunServices: [IPVD32.EXE] C:\WINDOWS\IPVD32.EXE /s
O4 - HKLM\..\RunServices: [NETJZ32.EXE] C:\WINDOWS\SYSTEM\NETJZ32.EXE /s
O4 - HKLM\..\RunServices: [APICM32.EXE] C:\WINDOWS\APICM32.EXE /s
O4 - HKLM\..\RunServices: [IEZK32.EXE] C:\WINDOWS\IEZK32.EXE /s
O4 - HKLM\..\RunServices: [APIED32.EXE] C:\WINDOWS\APIED32.EXE /s
O4 - HKLM\..\RunServices: [ATLAV.EXE] C:\WINDOWS\SYSTEM\ATLAV.EXE /s
O4 - HKLM\..\RunServices: [MSBY32.EXE] C:\WINDOWS\MSBY32.EXE /s
O4 - HKLM\..\RunServices: [APPKT.EXE] C:\WINDOWS\APPKT.EXE /s
O4 - HKLM\..\RunServices: [NTGD32.EXE] C:\WINDOWS\SYSTEM\NTGD32.EXE /s
O4 - HKLM\..\RunServices: [APIZD.EXE] C:\WINDOWS\APIZD.EXE /s
O4 - HKLM\..\RunServices: [APIAI32.EXE] C:\WINDOWS\SYSTEM\APIAI32.EXE /s
O4 - HKLM\..\RunServices: [IEXB32.EXE] C:\WINDOWS\SYSTEM\IEXB32.EXE /s
O4 - HKLM\..\RunServices: [APIRN32.EXE] C:\WINDOWS\SYSTEM\APIRN32.EXE /s
O4 - HKCU\..\Run: [SpySweeper] "C:\PROGRAM FILES\PC HEALTHCHECK\SPYSWEEPER\SPYSWEEPER.EXE" /0
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

 

[black9]

honestly with that much stuff the easyest thing to do is take it all out from hijackthis and if you want a program to boot with your computer just reinstall it and theres a good chance you have gotten ride of your problem. Its hard to look at it and tell you what to do because it depends on what you want open when you boot your computer up hope that helps

cheers

 

[howard_hopkinso]

Hello and welcome to Techspot.

Please DO NOT let Hijackthis fix everything as more than likely this will crash your system.

Go HERE and follow the instructions carefully. Print them out if you can.

Once you have done that, go HERE for instructions on how to post your Hijackthis log.

Regards Howard :wave: :wave:

 

[RealBlackStuff]

There is no easy way to say this, but how THICK are you?
No Antivirus program on your PC whatsoever!

With the exception of these:
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
ALL other O4 - HKLM\..\RunServices: are infections!

Rather than trying to fix your mess, you should save your personal data, then get a bootfloppy.
Boot from it, and type format c: /u
Then reinstall.

 

[Longbowuk]

It's actualy a freinds computer i'm trying to fix after running adware about 10 times it failed about 5 times to remove anything just hung at deleting objects the computer actualy had Norton AntiVirus 2005 on with everything ticked to on and it has just come back from a PC-World Health Check. The user is actualy a novice computer user and you can't really blame them.

And i would just format, however they don't have or have lost the driver discs.....

 

[RealBlackStuff]

Go to this post here first, and follow the instructions EXACTLY, especially about UPDATING and HJT-location.
How to remove Begin2Search/Coolwebsearch and Other Nasties

Download all those programs, burn them on a CD, and take that to your buddy.
Then follow the instructions TO THE LETTER, as if you would have HomeSearch Assistant.
When you get to it, you should run the aboutBuster program at least twice!

Under NO circumstance should you use or open Internet explorer on that PC!

When done, see How to post your Hijackthis log-files. and post a fresh log.

 

[black9]

Hello and welcome to Techspot.

Please DO NOT let Hijackthis fix everything as more than likely this will crash your system.

Go HERE and follow the instructions carefully. Print them out if you can.

Once you have done that, go HERE for instructions on how to post your Hijackthis log.

Regards Howard :wave: :wave:

really? i've fix everything several times and it just stops all the programs that boot up with my computer and resets my home page on iexplore and maybe resets a few small things on my computer like that. But it doesn't tamper with my windows. Has it given you another outcome? sorry about the bad spelling.

 

[RealBlackStuff]

black9

That advise is NOT general, it is ONLY for longbowuk with HIS particular problem on only THAT PC!

 

[HughJass]

2 words!

format c:

 

[RealBlackStuff]

HughJass
go play in your sandbox if you have nothing more constructive to offer!
Agewise you should still fit in it.