MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Please Help!!! HJT Log
August 19, 2019, 04:54:26 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
August 19, 2019, 04:54:26 AM

Login with username, password and session length
 
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Please Help!!! HJT Log  (Read 2207 times)
LadyPisces
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« on: June 28, 2005, 03:26:03 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:Windows XP
Problem Application Name & Version:Internet Explorer v6.00 SP1
Problem Hardware Make & Model:
Error Messages:Explorer would start up with a search page as the homepage.


UpDated: Tried SpyBot and Ad-Aware...this is what it is now:

When I start internet explorer, it takes me to a search page with "about:blank" in the address bar. When I go to websites, it would automatically take be back to this same search page...or even close out the browsers. Below is my HijackThis log!

Logfile of HijackThis v1.99.1
Scan saved at 8:49:20 PM, on 6/28/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\windows\system32\rlvknlg.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Daniel Strange\My Documents\Unused Icons\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {6C150A9A-ADAD-44F8-90BD-9E49F65A694E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6C150A9A-ADAD-44F8-90BD-9E49F65A694E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B27B2883-CD63-4397-8D01-50F0B0C6E82E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B27B2883-CD63-4397-8D01-50F0B0C6E82E} - (no file) (HKCU)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118701673384
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/verizon/blasterball2/install.cab
O16 - DPF: {BCD5A227-8720-497B-AF5F-4403E94342E3} (CDDM Object) - https://netservices.verizon.net/portal/verizon/passwdchg/activex/DSLControl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: 9iekstke8rm9tudll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
« Last Edit: June 29, 2005, 01:26:34 AM by LadyPisces » Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #1 on: June 30, 2005, 12:05:12 AM »

Hi LadyPisces .. Grin

Set Windows to show Hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.



**(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders. This is where it will save the backup files needed if there's a problem.)**


I need you to DISABLE SpyBot's TeaTimer...
 In Spybot>>MODE>>ADVANCED MODE>>TOOLS>>SYSTEM STARTUP

Uncheck
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)

wuauclt.exe  << STOP - DO NOT DELETE
ViewMgr.exe
rlvknlg.exe

Turn off System Restore WinXP WinME. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com


R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART <<< NOT NEEDED AT START-UP

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot

O9 - Extra button: Microsoft AntiSpyware helper - {6C150A9A-ADAD-44F8-90BD-9E49F65A694E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6C150A9A-ADAD-44F8-90BD-9E49F65A694E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B27B2883-CD63-4397-8D01-50F0B0C6E82E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B27B2883-CD63-4397-8D01-50F0B0C6E82E} - (no file) (HKCU)

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/verizon/blasterball2/install.cab

O20 - AppInit_DLLs: 9iekstke8rm9tudll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

Go to Control Panel / Add/Remove Programs and remove the
 following if they are there:


Viewpoint
Viewpoint Manager


Now delete these Folders or Files that are Highlighted: (You may need enable "Show all Files" and disable "Hide System Files" in Windows Explorer / Tools / Folder Options / View Tab) (You may have to boot to "Safe Mode" in order to delete some Files/Folders)

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\windows\system32\rlvknlg.exe



Goto START>SEARCH>ALL FILES AND FOLDERS
Click MORE ADVANCED OPTIONS
Put a tick in SEARCH HIDDEN FILES & FOLDERS
And a tick in SEARCH SUB FOLDERS

Now search this file:

9iekstke8rm9tudll.dll <<< DELETE EVERYTHING YOU FIND



Now, empty all your TEMP Folders (WinXp has up to 4 of them) / Temporary Internet Files Folder and then empty your "Recycle Bin" and Reboot.

Turn on System Restore

Before opening your browser goto START>CONTROL PANEL>INTERNET OPTIONS and make sure your Homepage is correct,if not ,type the URL you would like in the HomePage box.


Now re-run HJT and post a new logfile back here.

Cactus  
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
LadyPisces
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #2 on: July 08, 2005, 04:34:13 PM »

Hi Cactus..sorry it took so long for a reply..My friend just got around to trying to fix his computer since he works alot.

He tried to do as you instructed, but his computer won't even boot to the desktop. It'll show the Windows XP logo, go to a black screen, then it will show this blue screen saying something and then the computer would just restart itself. I can't read the blue screen because it blinks in and out so fast. After his computer restarts, it'll keep going back to the option screen where it will let you choose either "safe mode, normal mode, last good configuration" and others. We tried going to all of them, and nothing happened. It will continuosly keeep restarting and going to that screen.

I tried giving him my Windows XP to do a chkdsk like i've read on other peoples post, but when the cd finish loading, it says at the bottom, "setup is now loading windows" and it just froze right there. tried to do it like 3 or 4 more times, and it still froze.

Now, I'm at a lost. What is the next move. He doesn't want to re-do his computer because he has family pictures on there that he really wants. This has also been posted in the correct forum for help as well.


Thank You
Grin
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #3 on: July 08, 2005, 04:38:34 PM »

quote:
This has also been posted in the correct forum for help as well.


And where might that be??


Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
LadyPisces
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #4 on: July 08, 2005, 04:44:32 PM »

I posted it in the "Software Support-Operating Sytems: Microsoft" section...I hope that is the right section...Grin
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #5 on: July 08, 2005, 04:49:59 PM »

Can you use the XP CD and do a REPAIR?
Have you tried that?


Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
LadyPisces
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #6 on: July 08, 2005, 04:54:32 PM »

Yes, I have one...I took him mines and when it finished loading things at the bottom, the screen froze where it said "setup is now starting windows".
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #7 on: July 08, 2005, 04:57:45 PM »

Was that a Repair or Full Install overtop the existing OS?


Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
LadyPisces
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #8 on: July 08, 2005, 05:04:34 PM »

neither...

I just went to go get my other Xp cd and it's a gateway operating system cd for windows xp home edition. He doesnt have a gateway, he has a Micron<<something like that computer...don't know if that makes a difference..

When I put the cd in, and had the bios to boot from the cd rom first, it went to the windows setup screen and stuff just started loading files at the bottom, then thats when it said starting windows...I havent even had the chance to go to any options on the disk..

did this answer your question Huh?
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #9 on: July 08, 2005, 06:13:20 PM »

Ok..looks like files were overwritten on the Original OS..not good!

Does he have his XP Install CD??
Does he have access to one?
Your Gateway CD will not do!

Let me know .. Wink


Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
LadyPisces
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #10 on: July 08, 2005, 06:22:15 PM »

he said he lost it while moving and he was going to call the guy he got it from to get another one..is there somewhere else he could get the xp install cd?
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #11 on: July 08, 2005, 06:42:32 PM »

If he bought the PC from a retailer he might get a copy from them or he could phone Microsoft and see what they say.
Even if he could borrow 1 that would work to do a Repair of the Original OS.


Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 22, 2018, 02:52:35 PM