Thread: Need Help! I've tried everything else
View Single Post
Join Date: Jul 2008
Posts: 2,817
Reputation: jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all 
Solved Threads: 161
Featured Poster
jholland1964 jholland1964 is offline Offline
Posting Maven

Re: Need Help! I've tried everything else

 
0
  #8
Nov 22nd, 2008
Originally Posted by clockworkorange View Post
I have AVG on my system, but it isn't showing up, and Norton is on, but I can't update it (the last update file say 1999). Spybot also doesn't show up. I ran adaware, but it didn't find the problem
Ok, going through your Uninstall list AVG doesn't show anywhere so it is not installed. When did you purchase the Norton program? What version is it?
If you have the install disk for the Norton program you may be better off uninstalling it all and doing a reinstall, obviously the program is damaged.
The one listing for AVG showing in your HJT log says
(file missing)
so it isn't there.
Spybot IS there if it isn't showing on your Start, All Programs list then you will have to do a search for it, but believe me it is there as it is showing in your Uninstall list AND is showing in your HJT log.

You have at least one program installed, and running as an Auto Starting program and that is RelevantKnowledge
This MOST DEFINITELY is considered malware and most definitely should be removed ASAP. One reason for this is that is known to download other malware but a key reason here is THIS entry in your HJT log;
O20 - AppInit_DLLs: C:\program,files\relevantknowledge\rlai.dll,C:\program files\relevantknowledge\rlai.dll. This section corresponds to files being loaded through the AppInit_DLLs Registry value and the Winlogon Notify Subkeys. There are very few legitimate programs that use this Registry key and believe me this ISN'T one of them.

I would like you to do the following;
Shut down the computer. Disconnect the internet cable from the computer so that it cannot get online or attempt on it's own to get on line when booted up.
Then I would like you to boot to Safe Mode. Do it this way;
F8 Method

1. Restart your computer.
2. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
3. Select the option for Safe Mode using the arrow keys.
4. Then press enter on your keyboard to boot into Safe Mode.
Once you are in safe mode I would like you to go to Start, Control Panel, Add/Remove.
First of all Uninstall
RelevantKnowledge
Viewpoint Media Player which is considered foistware.

Next, still in safe mode, go to Start, Control Panel, Administrative Tools, Services. Once Services opens scroll down through the list until you find this one;
Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
Double Click the entry. When that opens then if it is running, and it shouldn't be, Stop it.
Then go to the area in the middle where it says Start Up Type. You will see a box there which says Automatic. Click that tiny arrow on the right and choose Disabled. Then click Apply and close out Services.
Once you have done all of the above then, still leaving the internet cable unplugged, reboot the computer to normal mode and run HiJackThis again. Place check marks next to the following entries, if they still exist;
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [RelevantKnowledge] c:\program files\relevantknowledge\rlvknlg.exe -boot
O20 - AppInit_DLLs: C:\program,files\relevantknowledge\rlai.dll,C:\program files\relevantknowledge\rlai.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\program files\relevantknowledge\rlls.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Shut down the computer. Reconnect the Internet Cable.
Reboot and see if you see any improvement. If you can get to web pages then do the following;

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Once the computer has rebooted then run a new HJT scan and save the log and post back here with that one and the MBA-M log.
Judy
Reply With Quote