And it's Still...About Blank

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an ATTACHMENT. All instructions are covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting


Now post a Hijack This log as an ATTACHMENT to your message (Do NOT copy/paste the log into your post). Please close unnecessary running programs before you run HijackThis. You must close each of the following: your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc.

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

I'm looking at your log but why do you have about:buster running when using HJT?

 

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis click on the "Open the Misc Tools Section" button on the open page. Then select "Delete an NT service" on the left-hand side. A "Delete a Windows NT Service" window will pop up. Try entering the following into the box and then click OK:

Remote Procedure Call (RPC) Helper

If that does not work try entering the short name (use cut & paste for this):
? 6QÔõ'ª´ÆÐ8

Then reboot and let's see if the service is truly gone.

After go back to the normal HJT scan screen ans select the below items if still present but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {4D3F045A-9870-CF55-CF30-851993A3AF6F} - C:\WINDOWS\appwf.dll
O23 - Service: Remote Procedure Call (RPC) Helper (? 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\d3aq.exe (file missing)


After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\appwf.dll

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.

Now:
Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin
And Click OK.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

No just do what I gave you below. I'm not sure if this will work this time because some of the items normally seen with an about:blank hijack were missing and may resurface after reboot.

 

Okay! Be sure to post the follow up HJT log.

 

Do you need mHotkey.exe (that is do you use this feature)? See below:

mhotkey - mhotkey.exe - Process Information
Process File: mhotkey or mhotkey.exe
Process Name: Chicony Multimedia Console

Description:
mhotkey.exe is used for configuring additional keys on Chicony keyboards. This is a non-essential process. Disabling or enabling this is down to user preference, however disabling may disbale the special keys.


For the Windows Installer problem, you may want to check this out:

Windows Installer CleanUp Utility

 

Your log is clean. If you do not need the mhotkey.exe program, you can have HJT fix that line and may fix the "abnormal termination" messages.

 

You're welcome! Just don't tell me your a Red Sox fan.

 

LOL! A Padre's and Charger's fan then? (That's acceptable! )

 

You're welcome. Make sure you check the info in the below thread out. It is important to help avoid future problems:

How to Protect yourself from malware!