Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

explorer.exe is going nuts!

Started by moondy , Dec 17 2006 03:29 AM

  • This topic is locked This topic is locked

#1
moondy
Posted 17 December 2006 - 03:29 AM

moondy

    Member

  • Member
  • PipPip
  • 12 posts
hey all,
i keep on getting issues where my explorer.exe overloads and crashes a number of times..eventually getting rid of the desktop icons and the userbar (start bar). programs still work when i ctrl+alt+del and use file>new task..etc.
Posted Image

I've done a hijackthis log, maybe someone kind enough can help me out. cheers

Logfile of HijackThis v1.99.1
Scan saved at 8:16:12 PM, on 17/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Program Files\GDS Byte Counter\gbc.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
C:\Documents and Settings\Jono\My Documents\Mozilla Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GDS Byte Counter] C:\Program Files\GDS Byte Counter\gbc.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: PCClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {2885EE05-A26B-11D1-B49B-00C04F98EFE0} (In Fusio, Exen Simulator) - http://www.ageofempi...x/simulator.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/c...cult3d/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.2.2.89.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://moondys.space...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1099545775406
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - (no file)
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: cussers - {ff170564-36c8-43f7-9100-559e166405cf} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe (file missing)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  • 0

Advertisements

#2
Kenny94
Posted 17 December 2006 - 08:43 AM

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello moondy

It is likely that you have a variant of the Vundo trojan that hides itself from HijackThis.exe so if we rename HijackThis, the entries should become visible. Also looks like you a lop infection as well.

Go to the C:\Program Files\HijackThis folder. Right click on the HijackThis.exe file and select "Rename". Rename it geek.exe.

Then run HijackThis again and post a new log please.


I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

Restart your computer.

* Open Hijackthis, In the lower right corner click the "Config..." (Configuration) button.
* Once in the "Configuration" panel, click "Misc Tools" button.
* Then click the "Open Uninstall Manager..." button.
* The "Add/Remove Programs Manager" panel should appear.
* In this panel click the "Save list" button.
* Save the "uninstall_list.txt" file to its default location.
* Then copy and paste the notepad text that appears in the generated "unistall_list.txt" file in a reply to this post.


In your next reply, please include these log(s):


* HijackThis Uninstall List
* HijackThis log (new)
  • 0

#3
moondy
Posted 17 December 2006 - 09:24 AM

moondy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
HijackThis Uninstall List
___________________
AC Tool 4.6.2 Install
Ad-Aware SE Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Help Center 2.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Premiere Elements 2.0
Adobe Premiere Pro
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
Age of Empires III
Age of Empires III - The WarChiefs Trial
Anti-Leech Plugin for Internet Explorer
Anti-Leech Plugin for Netscape, Mozilla, Opera
Apple Software Update
Audiator
AV Voice Changer Software DIAMOND 4.0
AVOne Gold - DVD VCD SVCD MPEG AVI ASF MP3 Converter(a)
Battlefield 2142 Demo
Bink and Smacker
BitComet 0.79
Camtasia
Citrix Web Client
Click-N-Type
ColorNick v2 plugin for Messenger Plus!
Conexant D850 56K V.9x DFVc Modem
Conexant SmartHSFi V92 56K DF PCI Modem
ConvertMovie 1.1
Corel Painter IX
Creative Jukebox Driver
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen Micro
CursorXP
Dell ResourceCD
DFX for MUSICMATCH
DivX
DivX Converter
DivX Player
eMusic - 50 Free MP3 offer
eSnips
Express Burn Uninstall
Express Rip Uninstall
FEARCombat
FlashGet(JetCar)
Game Jackal
GameLauncher (remove only)
GameSpy Arcade
GDS Byte Counter v1.0 Build 32
GMail Drive Shell Extension
Google Desktop
Google SketchUp
Google Talk (remove only)
Google Toolbar for Internet Explorer
GrabCaptureScreen
Guild Wars
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB929120)
IGN Download Manager 2.2.2
Intel® PRO Network Adapters and Drivers
iTunes
J2SE Runtime Environment 5.0
L&H TTS3000 British English
Lexmark Z600 Series
LimeWire PRO 4.11.0
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
LiveUpdate BVRP Software
Macromedia Extension Manager
Macromedia Shockwave Player
MAGIX music + video maker generation 6 deLuxe
MAIET entertainment - Gunz
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta Premium 2006 DVD
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition
Microsoft Plus! for Windows XP
Microsoft Publisher 2002
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Windows Media Video 9 VCM
Microsoft Windows Vista Upgrade Advisor
mIRC
mobile PhoneTools
Mozilla Firefox (2.0)
MSXML 4.0
MSXML 4.0
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Musicmatch® Jukebox
Nero 6 Ultra Edition
NVIDIA Drivers
Panda ActiveScan
Panda Internet Security 2007
PartyPoker
PlaneShift Crystal Blue - Tech Demo
PowerDVD
Project64 1.6
Quick Screen Recorder 1.5
QuickTime
RealPlayer
RecordPad Sound Recorder Uninstall
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Skype 2.0
SP2 Connection Patcher
Starport GE v1.0
STOIK Video Converter 2
StuffIt Standard
System Requirements Lab
TeamSpeak 2 RC2
The GIMP 2.2.1
TMPGEnc Plus 2.5
Trillian
TuneUp Utilities 2006
Unlocker 1.8.5
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VB6 RUNTIME v2.2
WarRock
WavePad Uninstall
Weather Watcher
Webshots Desktop
Win AVI HelixSDK
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Wolfenstein - Enemy Territory
WordPoint2000 v2.1
Xfire (remove only)
XNote Stopwatch 1.40
Yahoo! Widget Engine
Yahoo! Widget Engine
ZIP Reader 8.00.0018
_____________________

Logfile of HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 2:20:50 AM, on 18/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\Program Files\GDS Byte Counter\gbc.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\CTPdeSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\geek.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16526D1E-F64A-3CF5-061B-0A07500B5BEF} - C:\WINDOWS\system32\bdrrztl.dll
O2 - BHO: SS Plugin Class - {1D1B2879-99FF-11E3-8D96-D7ACAC95952A} - (no file)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\naelfgfh.dll
O2 - BHO: (no name) - {4B5CF094-6E04-C105-4739-0522492178E5} - C:\WINDOWS\system32\hdprxcj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ABD993D-612C-4759-A680-B517B0422C80} - C:\WINDOWS\system32\pmkjh.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {DE9630ED-A855-444B-9AA1-F287B7F82E0A} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GDS Byte Counter] C:\Program Files\GDS Byte Counter\gbc.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: PCClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {2885EE05-A26B-11D1-B49B-00C04F98EFE0} (In Fusio, Exen Simulator) - http://www.ageofempi...x/simulator.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/c...cult3d/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.2.2.89.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://moondys.space...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1099545775406
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - (no file)
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: ntvdscm - ntvdscm.dll (file missing)
O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll (file missing)
O20 - Winlogon Notify: pmkjh - C:\WINDOWS\system32\pmkjh.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: cussers - {ff170564-36c8-43f7-9100-559e166405cf} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe (file missing)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

_____________________________________

thanks

Edited by moondy, 17 December 2006 - 09:25 AM.

  • 0

#4
Kenny94
Posted 17 December 2006 - 01:33 PM

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello moondy

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


In your next reply, please include these log(s):


* vundofix.txt
* HijackThis log (new)

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.
  • 0

#5
moondy
Posted 17 December 2006 - 11:19 PM

moondy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
VundoFix V6.2.13

Checking Java version...

Scan started at 3:44:31 PM 18/12/2006

Listing files found while scanning....

C:\WINDOWS\system32\hdprxcj.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\whkyrcm.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hdprxcj.dll
C:\WINDOWS\system32\hdprxcj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\hjkmp.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\whkyrcm.dll
C:\WINDOWS\system32\whkyrcm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Cou
____________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 4:11:54 PM, on 18/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\Program Files\GDS Byte Counter\gbc.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe
C:\Program Files\Hijackthis\geek.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16526D1E-F64A-3CF5-061B-0A07500B5BEF} - C:\WINDOWS\system32\bdrrztl.dll
O2 - BHO: SS Plugin Class - {1D1B2879-99FF-11E3-8D96-D7ACAC95952A} - (no file)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\naelfgfh.dll
O2 - BHO: (no name) - {4B5CF094-6E04-C105-4739-0522492178E5} - C:\WINDOWS\system32\hdprxcj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {DE9630ED-A855-444B-9AA1-F287B7F82E0A} - (no file)
O2 - BHO: (no name) - {EAF1EDA7-B65D-4278-9093-9324CE3AD77D} - C:\WINDOWS\system32\pmkjh.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GDS Byte Counter] C:\Program Files\GDS Byte Counter\gbc.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: PCClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {2885EE05-A26B-11D1-B49B-00C04F98EFE0} (In Fusio, Exen Simulator) - http://www.ageofempi...x/simulator.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/c...cult3d/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.2.2.89.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://moondys.space...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1099545775406
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - (no file)
O20 - AppInit_DLLs: MsgPlusLoader.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: ntvdscm - ntvdscm.dll (file missing)
O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll (file missing)
O20 - Winlogon Notify: pmkjh - C:\WINDOWS\system32\pmkjh.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: cussers - {ff170564-36c8-43f7-9100-559e166405cf} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe (file missing)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
_______________________________________________

A few issues occured.
1: With vundofix i managed to remove all files i think except one. Then it said "We have to reboot so at start up it can be removed". I clicked on OK but it didnt do anything...it kept on poping back up. I couldnt do anything, not even ctrl+alt+del to restart my computer (and my desktop was gone as you mentioned before). So i restarted it by holding down the power button. As it was starting up it popped up saying "Could not find vundofix etc etc". So i clicked OK and it didnt rescan or do anything...just straight back to the desktop.

Issue 2:
Everytime i use HiJackThis the new trial i installed, Panda Internet Security 2007, keeps on blocking it when its like 80% done. However it seems to continue and completes the job by giving me a scan result and a log (as posted above). I'm not sure if it did anything to effect the results but we'll have to see.

Cheers
  • 0

#6
Kenny94
Posted 18 December 2006 - 08:21 PM

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello moondy

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Everytime i use HiJackThis the new trial i installed, Panda Internet Security 2007, keeps on blocking it when its like 80% done. However it seems to continue and completes the job by giving me a scan result and a log (as posted above). I'm not sure if it did anything to effect the results but we'll have to see.

Is Panda Internet Security 2007 on a trial basics or did you paid for Panda?

With vundofix i managed to remove all files i think except one. Then it said "We have to reboot so at start up it can be removed". I clicked on OK but it didnt do anything...it kept on poping back up. I couldnt do anything, not even ctrl+alt+del to restart my computer (and my desktop was gone as you mentioned before). So i restarted it by holding down the power button. As it was starting up it popped up saying "Could not find vundofix etc etc". So i clicked OK and it didnt rescan or do anything...just straight back to the desktop.

Looks like you've got some new variants of Vundo there. Before we continue killing them off, I would like to ask a favor of you. Since this version is new, and the tool did not detect it, I need you to upload a copy of the offending file(s) so the creator of Vundofix can add them to the tool.
Uplaod Files
  • Please go here to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: C:\WINDOWS\system32\pmkjh.dll in the second filename box
  • In the comments, please mention that I asked you to upload this file.
  • Click on Send File
Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, Right Click inside the listbox (white box) and click add more files
  • Copy&Paste the entry below into the top box:
    • C:\WINDOWS\system32\pmkjh.dll
  • Click Add Files and Click Close Window
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Post Logs
  • vundofix.txt


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly in safe mode

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
O2 - BHO: (no name) - {16526D1E-F64A-3CF5-061B-0A07500B5BEF} - C:\WINDOWS\system32\bdrrztl.dll
O2 - BHO: SS Plugin Class - {1D1B2879-99FF-11E3-8D96-D7ACAC95952A} - (no file)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - (no file)
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\naelfgfh.dll
O2 - BHO: (no name) - {4B5CF094-6E04-C105-4739-0522492178E5} - C:\WINDOWS\system32\hdprxcj.dll (file missing)
O2 - BHO: (no name) - {DE9630ED-A855-444B-9AA1-F287B7F82E0A} - (no file)
O2 - BHO: (no name) - {EAF1EDA7-B65D-4278-9093-9324CE3AD77D} - C:\WINDOWS\system32\pmkjh.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

You will need to enable hidden files and folders by doing the following:
Windows XP

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):
BOONTY
PartyPoker
Messenger Plus3
Messenger Plus Live

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\MessengerPlus!
C:\Program Files\PartyGaming
C:\Program Files\Common Files\BOONTY


Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\system32\bdrrztl.dll
C:\WINDOWS\system32\naelfgfh.dll
C:\WINDOWS\system32\pmkjh.dll


IMPORTANT: Do not open any other windows or programs while AVG Anti-spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
In your next reply, please include these log(s):

* vundofix.txt
* AVG Anti-Spyware
* HijackThis log (new)

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.
  • 0

#7
moondy
Posted 18 December 2006 - 10:26 PM

moondy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
VundoFix V6.2.13

Checking Java version...

Scan started at 2:15:57 PM 19/12/2006

Listing files found while scanning....

C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.dll Has been deleted!

Performing Repairs to the registry.
Done!

Ok so thats done...

Just a number of hiccups where i am now.
1. Yes i do have the Panda TRIAL version 2007.
2. I thought you should only have 1 anti-virus at a time
3. Panda 2007 thought it was a suspicious object to it blocked AVG. The thing is it happened when i thought i closed Panda 2007. Now im not sure if its the cause of 4...
4. AVG Update is stopping on a file called 'help.chm'

So i cant do anything else at the moment untill its updated...and its stopped around the 569kb mark.
As you can see my Internet is working fine...so i donno but ill update as soon as i can get past the updating of AVG.

Sorry if its taking so long...just so many random and weird bumps.
  • 0

#8
Kenny94
Posted 19 December 2006 - 12:32 AM

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello moondy

So i cant do anything else at the moment untill its updated...and its stopped around the 569kb mark.
As you can see my Internet is working fine...so i donno but ill update as soon as i can get past the updating of AVG.

If you can't get AVG to update, go ahead and run AVG without the updates for now and the removals in my other post. Then post AVG and a new HijackThis log.

Sorry if its taking so long...just so many random and weird bumps.
No problem... :whistling:
  • 0

#9
OwNt
Posted 03 February 2007 - 09:03 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP