• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
nokkie

another about:blank topic

7 posts in this topic

Sorry, there has been so many about:blank topics and i've tried my best to look at other solutions and apply it to my own but the about:blank thing just keeps coming back. Here's my log file hopefully some guru there can help me eliminate it forever??

 

Logfile of HijackThis v1.97.7

Scan saved at 3:27:07 AM, on 6/27/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\WINNT\system32\svchost.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program Files\CasinoOnline\CsRemnd.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Folding@Home\winfah.exe

C:\Program Files\Folding@Home\FahCore_65.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUANNE~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUANNE~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUANNE~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUANNE~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUANNE~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUANNE~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {B221C9DE-1B03-4512-B1DA-47ADF09CBCB8} - C:\WINNT\system32\lfkc.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Startup: Folding@home 4.00.lnk = C:\Program Files\Folding@Home\winfah.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7871.5585648148

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

 

thanks a lot! and btw FaH is my folding program so don't mind that

Share this post


Link to post
Share on other sites

Download and install : "FINDnFIX.exe" from any of

the links in my signature.

 

Run the "!LOG!.bat" file, wait for the final output (log.txt)

post the results....

Share this post


Link to post
Share on other sites

i did the registry deletion and ran ad aware like the sticky on top said, it seems like the about:blank is gone.. but it always seems that way until 5 or 6 reboots =/ also I get a casino thing from time to time here's the log from FINDnFIX

 

 

»»»»»»»»»»»»»»»»»»*** freeatlast100.100free.com ***»»»»»»»»»»»»»»»»

 

Microsoft Windows 2000 [Version 5.00.2195]

»»»IE build and last SP(s)

6.0.2800.1106 SP1-Q330994-Q822925-Q824145-Q832894-Q837009-Q831167

The type of the file system is NTFS.

C: is not dirty.

 

Fri 07/02/2004

10:32pm up 0 days, 0:34

 

»»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»

 

Scanning for file(s)...

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

»»»»» (*1*) »»»»» .........

»»Locked or 'Suspect' file(s) found...

 

C:\WINNT\System32\HLPKA.DLL +++ File read error

\\?\C:\WINNT\System32\HLPKA.DLL +++ File read error

 

»»»»» (*2*) »»»»»........

**File C:\FINDnFIX\LIST.TXT

HLPKA.DLL Can't Open!

 

»»»»» (*3*) »»»»»........

 

C:\WINNT\SYSTEM32\

hlpka.dll Sat Jun 5 2004 4:28:06p A...R 57,344 56.00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57,344 bytes 56.00 K

 

unknown/hidden files...

 

No matches found.

 

»»»»» (*4*) »»»»».........

Sniffing..........

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\WINNT\SYSTEM32\HLPKA.DLL

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 398

 

»»Dumping Values........

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

DeviceNotSelectedTimeout = 15

GDIProcessHandleQuota = REG_DWORD 0x00002710

Spooler = yes

swapdisk =

TransmissionRetryTimeout = 90

USERProcessHandleQuota = REG_DWORD 0x00002710

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read Everyone

(ID-IO) ALLOW Read Everyone

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users

(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read Everyone

Read BUILTIN\Users

QWCEN-DS-- BUILTIN\Power Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

 

 

»»Member of...: (Admin logon required!)

User is a member of group LUANNE-04DCC2CF\None.

User is a member of group \Everyone.

User is a member of group BUILTIN\Administrators.

User is a member of group BUILTIN\Users.

User is a member of group NT AUTHORITY\INTERACTIVE.

User is a member of group NT AUTHORITY\Authenticated Users.

User is a member of group \LOCAL.

 

»» Service search:(different variant) '"Network Security Service","__NS_Service_3"...

 

[sC] GetServiceKeyName FAILED 1060:

 

The specified service does not exist as an installed service.

 

[sC] GetServiceDisplayName FAILED 1060:

 

The specified service does not exist as an installed service.

 

 

»»Notepad check....

 

C:\WINNT\

notepad.exe Thu Jun 19 2003 5:05:00a A.... 50,960 49.77 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 50,960 bytes 49.77 K

 

C:\WINNT\SYSTEM32\

notepad.exe Thu Jun 19 2003 5:05:00a A.... 50,960 49.77 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 50,960 bytes 49.77 K

 

C:\WINNT\SYSTEM32\DLLCACHE\

notepad.exe Thu Jun 19 2003 5:05:00a A.... 50,960 49.77 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 50,960 bytes 49.77 K

--a-- W32i APP ENU 5.0.2140.1 shp 50,960 06-19-2003 notepad.exe

Language 0x0409 (English (United States))

CharSet 0x04b0 Unicode

OleSelfRegister Disabled

CompanyName Microsoft Corporation

FileDescription Notepad

InternalName Notepad

OriginalFilenam NOTEPAD.EXE

ProductName Microsoft® Windows ® 2000 Operating System

ProductVersion 5.00.2140.1

FileVersion 5.00.2140.1

LegalCopyright Copyright © Microsoft Corp. 1981-1999

 

VS_FIXEDFILEINFO:

Signature: feef04bd

Struc Ver: 00010000

FileVer: 00050000:085c0001 (5.0:2140.1)

ProdVer: 00050000:085c0001 (5.0:2140.1)

FlagMask: 0000003f

Flags: 00000000

OS: 00040004 NT Win32

FileType: 00000001 App

SubType: 00000000

FileDate: 00000000:00000000

 

»»Dir 'junkxxx' was created with the following permissions...

(FAT32=NA)

Directory "C:\junkxxx"

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000003 tco- 001F01FF ---- DSPO rw+x \Everyone

 

Owner: BUILTIN\Administrators

 

Primary Group: LUANNE-04DCC2CF\None

 

 

 

»»»»»»Backups created...»»»»»»

10:34pm up 0 days, 0:35

Fri 07/02/2004

 

A C:\FINDnFIX\winBack.hiv

--a-- - - - - - 8,192 07-02-2004 winback.hiv

A C:\FINDnFIX\keys1\winkey.reg

--a-- - - - - - 268 07-02-2004 winkey.reg

 

»»Performing 16bit string scan....

00001150: ?

00001190: | $ 2 $

000011D0: @ p & vk ( DeviceNo

00001210:tSelectedTimeoutd l l 1 5 h vk '

00001250: s GDIProcessHandleQuota k vk Spooler_

00001290:DLLsoutd y e s . h t m l vk X swapdisk

000012D0: vk TransmissionRetryTimeout 9 0 8>

00001310: vk ' USERProcessHandleQuotace $

00001350: : u t P :V u u 3 u ! d A $ :

00001390: u t P :V u u 3 u \ A $ : u

000013D0: t P :V u u 3 u X A $ : u t

00001410: P :V u u 3 u j L A $ : u t P

00001450: :V u u 3 u j j L$ E H A $ : u

00001490: t P :V u u 3 u j j L$ @ A $

000014D0:: u t P :V u u 3 u Pj L$ 8 A $

00001510: : u t P :V u u 3 u j j L$ w 0 A

00001550:$

 

---------- WIN.TXT

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

Windows

DeviceNotSelectedTimeoutd

GDIProcessHandleQuota

Spooler

DLLsoutd

swapdisk

TransmissionRetryTimeout

USERProcessHandleQuotace

 

**File C:\FINDnFIX\WIN.TXT

 

 

---------------------------------------------------------------

 

here's my new hijackthis log

 

Logfile of HijackThis v1.97.7

Scan saved at 10:36:32 PM, on 7/2/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\WINNT\system32\svchost.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program Files\CasinoOnline\CsRemnd.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Folding@Home\winfah.exe

C:\Program Files\Folding@Home\FahCore_65.exe

C:\WINNT\system32\wuauclt.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Startup: Folding@home 4.00.lnk = C:\Program Files\Folding@Home\winfah.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7871.5585648148

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

I have no idea what you did, or which procedure you followed

but here are the facts:

 

-»»Locked or 'Suspect' file(s) found...

 

C:\WINNT\System32\HLPKA.DLL +++ File read error

\\?\C:\WINNT\System32\HLPKA.DLL +++ File read error

 

»»»»» (*2*) »»»»»........

**File C:\FINDnFIX\LIST.TXT

HLPKA.DLL Can't Open!

 

»»»»» (*3*) »»»»»........

 

C:\WINNT\SYSTEM32\

hlpka.dll Sat Jun 5 2004 4:28:06p A...R 57,344 56.00 K

 

So the file is still there.

In addition, your security settings on the windows key are messed up.

FindNfix makes a backup and restores to defaults only if you run it first and follow up on it's internal fix.

If you renamed to Windows key w/o backup, it's most likely lost.

 

This is the next step to move the file:

 

*Get ready to restart your computer:

- Open the C:\FINDnFIX\Keys1\ Subfolder

-DoubleClick on the "FIX.bat" file

-You will be prompted by popup Alert to restart in 15 seconds.

-Allow it to restart the computer!

-------------------------------------------------------------------------

On restart, navigate to System32 folder:

-Locate and select this file:

-HLPKA.DLL

(As it will be visible)

And use the folder's top menu>edit>

move to folder...

Select the C:\junkxxx as destination and move

"HLPKA.DLL" to the C:\junkxxx folder

-----------------------------------------------------------------------

Go back to C:\FINDnFIX\ main folder and

DoubleClick on the "RESTORE.bat" .file

It'll run and produce new log (log1.txt)

Post it!

Share this post


Link to post
Share on other sites

hello, i followed the instructions and here is the returned log file

 

 

»»»»»»»»»»»»»»»»»»*** freeatlast100.100free.com ***»»»»»»»»»»»»»»»»

 

Mon 07/05/2004

10:53pm up 0 days, 0:07

 

Microsoft Windows 2000 [Version 5.00.2195]

»»»IE build and last SP(s)

6.0.2800.1106 SP1-Q330994-Q822925-Q824145-Q832894-Q837009-Q831167

The type of the file system is NTFS.

C: is not dirty.

 

»»»»»»»»»»»»»»»»»»***LOG1!***»»»»»»»»»»»»»»»»

Scanning for file(s) in System32...

 

»»»»»»» (1) »»»»»»»

 

»»»»»»» (2) »»»»»»»

**File C:\FINDnFIX\LIST.TXT

 

»»»»»»» (3) »»»»»»»

 

No matches found.

 

No matches found.

 

»»»»»»» (4) »»»»»»»

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

 

»»»*»»» Scanning for moved file... »»»*»»»

* result\\?\C:\junkxxx\HLPKA.222

 

 

C:\JUNKXXX\

hlpka.222 Sat Jun 5 2004 4:28:06p A.... 57,344 56.00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57,344 bytes 56.00 K

 

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\JUNKXXX\HLPKA.222

 

**File C:\JUNKXXX\HLPKA.222

0000DEBE: 67 44 65 76 69 63 65 00 . 00 53 74 72 65 61 6D 69 gDevice. .Streami

0000DED3: 63 65 53 65 74 75 70 00 . 32 00 00 00 00 00 E0 01 ceSetup. 2.....à.

 

A----- HLPKA .222 0000E000 16:28.06 05/06/2004

 

rem replace this entire line with your given command.,..

 

 

 

 

--a-- W32i - - - - 57,344 06-05-2004 hlpka.222

A C:\junkxxx\hlpka.222

File: <C:\junkxxx\hlpka.222>

 

CRC-32 : D5C9FB2E

 

MD5 : C185B36F 9969D3A6 D2122BA7 CBC02249

 

 

 

 

»»Permissions:

C:\junkxxx\hlpka.222 Everyone:(special access:)

 

SYNCHRONIZE

FILE_EXECUTE

 

NT AUTHORITY\SYSTEM:F

BUILTIN\Administrators:F

 

Directory "C:\junkxxx\."

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000003 tco- 001F01FF ---- DSPO rw+x \Everyone

Allow 00000003 tco- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM

Allow 00000003 tco- 001F01FF ---- DSPO rw+x BUILTIN\Administrators

 

Owner: BUILTIN\Administrators

 

Primary Group: LUANNE-04DCC2CF\None

 

Directory "C:\junkxxx\.."

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000003 tco- 001F01FF ---- DSPO rw+x \Everyone

 

Owner: BUILTIN\Administrators

 

Primary Group: BUILTIN\Administrators

 

File "C:\junkxxx\hlpka.222"

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000000 t--- 00100020 ---- ---- ---x \Everyone

Allow 00000000 t--- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM

Allow 00000000 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administrators

 

Owner: BUILTIN\Administrators

 

Primary Group: LUANNE-04DCC2CF\None

 

 

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

 

»»Dumping Values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

DeviceNotSelectedTimeout = 15

GDIProcessHandleQuota = REG_DWORD 0x00002710

Spooler = yes

swapdisk =

TransmissionRetryTimeout = 90

USERProcessHandleQuota = REG_DWORD 0x00002710

AppInit_DLLs =

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read Everyone

(ID-IO) ALLOW Read Everyone

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users

(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read Everyone

Read BUILTIN\Users

QWCEN-DS-- BUILTIN\Power Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

 

 

 

»»Notepad check....

 

C:\WINNT\

notepad.exe Thu Jun 19 2003 5:05:00a A.... 50,960 49.77 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 50,960 bytes 49.77 K

 

C:\WINNT\SYSTEM32\

notepad.exe Thu Jun 19 2003 5:05:00a A.... 50,960 49.77 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 50,960 bytes 49.77 K

 

C:\WINNT\SYSTEM32\DLLCACHE\

notepad.exe Thu Jun 19 2003 5:05:00a A.... 50,960 49.77 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 50,960 bytes 49.77 K

--a-- W32i APP ENU 5.0.2140.1 shp 50,960 06-19-2003 notepad.exe

Language 0x0409 (English (United States))

CharSet 0x04b0 Unicode

OleSelfRegister Disabled

CompanyName Microsoft Corporation

FileDescription Notepad

InternalName Notepad

OriginalFilenam NOTEPAD.EXE

ProductName Microsoft® Windows ® 2000 Operating System

ProductVersion 5.00.2140.1

FileVersion 5.00.2140.1

LegalCopyright Copyright © Microsoft Corp. 1981-1999

 

VS_FIXEDFILEINFO:

Signature: feef04bd

Struc Ver: 00010000

FileVer: 00050000:085c0001 (5.0:2140.1)

ProdVer: 00050000:085c0001 (5.0:2140.1)

FlagMask: 0000003f

Flags: 00000000

OS: 00040004 NT Win32

FileType: 00000001 App

SubType: 00000000

FileDate: 00000000:00000000

 

00001150: ?

00001190: | $ 2 h

000011D0: @ p @ vk ( DeviceNo

00001210:tSelectedTimeoutd l l 1 5 h vk '

00001250: s GDIProcessHandleQuota k vk Spooler_

00001290:DLLsoutd y e s . h t m l vk X swapdisk

000012D0: vk TransmissionRetryTimeout 9 0 8>

00001310: vk ' USERProcessHandleQuotace vk

00001350: 0 AppInit_DLLsoutA p h p h x h x h h h h h

00001390: h h h h h h h h h h h h h h h h

000013D0: h h h h h h h h h h h h h h h h

00001410: h h h h h h ( h ( h 0 h 0 h 8 h 8 h @ h @ h H h H h

00001450:P h P h X h X h ` h ` h h h h h p h p h x h x h h h h h

00001490: h h h h h h h h h h h h h h h h

000014D0: h h h h h h h h h h h h h h h h

00001510: h h h h h h ( h ( h 0 h 0 h 8 h 8 h @ h @ h H h H h

00001550:P

 

---------- WIN.TXT

 

---------- NEWWIN.TXT

AppInit_DLLsoutA˜

**File C:\FINDnFIX\NEWWIN.TXT

**File C:\FINDnFIX\NEWWIN.TXT

00001358: 01 00 00 00 01 00 30 00 . 5F 44 4C 4C 73 6F 75 74 ......0. _DLLsout

**File C:\FINDnFIX\NEWWIN.TXT

ÝèäÀê2 Èh àÿÿÿð @ p ° Ð @ Èÿÿÿvk ( DeviceNotSelectedTimeoutd l l èÿÿÿ1 5 h ¸ ð Ðÿÿÿvk €' s GDIProcessHandleQuota k Øÿÿÿvk ˜ ??Spooler_DLLsoutdèÿÿÿy e s . h t m l àÿÿÿvk € X swapdiskÐÿÿÿvk TransmissionRetryTimeoutðÿÿÿ9 0 » 8>ì Ðÿÿÿvk €' USERProcessHandleQuotaceØÿÿÿvk € 0 AppInit_DLLsoutA˜ ÿÿÿÿph ph xh xh €h €h ˆh ˆh ?h ?h ˜h ˜h  h  h ¨h ¨h °h °h ¸h ¸h Àh Àh Èh Èh Ðh Ðh Øh Øh àh àh èh èh ðh ðh øh øh h h h h h h h h h h (h (h 0h 0h 8h 8h @h @h Hh Hh Ph Ph Xh Xh `h `h hh hh ph ph xh xh €h €h ˆh ˆh ?h ?h ˜h ˜h  h  h ¨h ¨h °h °h ¸h ¸h Àh Àh Èh Èh Ðh Ðh Øh Øh àh àh èh èh ðh ðh øh øh h h h h h h h h h h (h (h 0h 0h 8h 8h @h @h Hh Hh Ph Ph Xh Xh `h `h hh hh ph ph h ˆh @h À ¨h ¸h Èh Øh èh øh `ýwÿÿÿÿ ¼ È îÿîÿ h À h €h i ˆh ð7h

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0