Home > Yet Another > Yet Another "About:Blank" Hijack

Yet Another "About:Blank" Hijack

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} cleaner and get back with you when it's accomplished. Here is a reply I got from the makers of (I believe) Aurora adware...has anyone actually tried this and does it work? The file will not be moved.) (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ESET) C:\Program Source

Buy Now $89.99 $44.99 All your internet connecteddevices are protected with BitdefenderBOX $199.99 $129.99 Buy Now COMPARE SOLUTIONS | ALL SOLUTIONS | TRIAL DOWNLOADS| LOGIN TO CENTRAL Business Against cyber threats Flrman1, Jun 25, 2004 #6 Sponsor This thread has been Locked and is not open to further replies. Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules. Here's my hijack log: Logfile of HijackThis v1.97.7 Scan saved at 8:09:36 AM, on 6/14/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe

Anyway, here are the new reports: Logfile of HijackThis v1.99.1 Scan saved at 9:45:06 AM, on 8/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: So here is the newestfarbar scans. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-15 Hypervisor Introspection More info Don't let your business be an easy target Keep your digital assets safe!

Windows 10 Tips Last Post 2 Weeks Ago Here's a handy tip I haven't seen documented anywhere. Close all (browser) windows & rescan with hijackthis. Any tips on how to stop it recurring?Logfile of HijackThis v1.98.0Scan saved at 15:32:10, on 28/07/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\gearsec.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\sistray.EXEC:\Program Files\INTEL\DSLSetup\ProDsl.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program We are committed to assisting you in removing any ABI Network ad software, these details will be helpful in our investigation of this problem. ** Mypctuneup will not under ANY circumstances

These may be other files that Dllfix doesnt target. \\?\C:\WINDOWS\System32\KBDBMAC.DLL +++ File read error \\?\C:\WINDOWS\System32\KBDBMAC.DLL +++ File read error Scanning for main Hijacker: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" They need to be off in the systray as well so you're 100% certain that they're completely shut off. P.S. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

In safe mode navigate to the C:\Windows\Temp folder. Make sure the following settings are made and on -------ON=GREEN From main window :Click Start then Activate in-depth scan (recommended) Click Use custom scanning options then click Customize and have these Double click on Appinit.bat This will create a file on the desktop named windows.txt Attach the windows.txt file here to your next post please. ---------------- Which version of XP you are Thread Status: Not open for further replies.

At one point I had my C: drive get locked on me? You can find this out by going to your control panel and selecting 'user accounts' and seeing what that says at the bottom of the window. The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again or read our Welcome Guide to learn how to use this site.

To change your Internet Explorer homepage back to what it was please proceed as follows: 1.       Make sure  the Bitdefender scanning process is completed; if you are not seeing any scanning http://scifijumpgate.com/yet-another/yet-another-hijack-this-log.html You may need to manually update the definitions which you can get HERE Once the ewido scan has completed, there will be a button located on the bottom of the screen Now click "Apply to all folders" Click "Apply" then "OK" Find and delete the C:\WINDOWS\win32.exe file and the c:\windows\win.exe file. I've run CWS Shredder, AdAware, and SpyBot S&D.

Highlight the file and using TOP menu, click Edit>>>>>Move to folder...Select C:\Findnfix\junkxxx as destination. Backtory is I continueously had bsod problems and my mouse would move at random as well as open the search bar and notification center. I've attached it. have a peek here Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv ren windows1.hiv windows.txtClick to expand...

Start a new discussion instead. Now look in the lower window find and rightclick the C:\WINDOWS\System32\fancf.dll file and Select "Unload DLL" and click OK on the prompts that follow. I hope that YOUR computers become hopelessly clogged with obtrusive adware and spam!

Close ALL windows except HijackThis and click "Fix checked" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Patty\LOCALS~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Patty\LOCALS~1\Temp\sp.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1

JenTN, Jun 24, 2004 #1 Sponsor Flrman1 Joined: Jul 26, 2002 Messages: 46,329 Hi JenTN Welcome to TSG! Also which file system? Thanks for the help! 08-10-200504:12 PM #4 steamwiz Member Join Date Sep 2003 Location Yorkshire U.K. Put a check by "Delete Offline Content" and click OK.

It was loaded with Windows 7 but came witha Windows 10 disk and ... Hopefully that will be it :-) Thanks, Sylvia 0 crunchie 990 12 Years Ago That looks good now :) but you NEED to get service pack 1 for both XP & Keeps. http://scifijumpgate.com/yet-another/yet-another-about-blank-cws-hijacking-victim.html That way it can create and restore backups if needed.

hit properties.-Go to the security tab and click the advanced button.-check the box to reset permissions on all child objects....Hit apply. I know, I know :o ), but it keeps coming back so I am missing something on that last part obviously. You need to create a new folder in My Documents and name it Hijack This. Hopefully a letter to my congressman will help. 08-11-200510:26 AM #6 Basementgeek Member Join Date Dec 2002 Posts 12,000 Points 1190 Do you trust the people that infected you, to clean

Thanks for the help..hope this bit gets him clean! Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. All scans (Adaware, MS Antispy and Spybot) come up with 0 hits. Oh...and I see that Nail.exe entry but haven't been able to get rid of it.