We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
hjt help needed!!
Options
Comments
-
just ran it do u want me to do hjt again?
hAXFIX logfile - by Marckie
version 4.02
02/08/2006 11:09:44.89
--- Auto Haxdoorfix ---
searching for services....
service twpkad found
[SWSC] DeleteService SUCCESS
service twpkbd found
[SWSC] DeleteService SUCCESS
--- Goldunfix ---
searching for notifykeys:
no notifykeys found
searching for services:
No services found
.....rebooting the computer.....
searching for notifykeys
notifykey twpkad not found
searching for services
service twpkad not found
service twpkbd not found
searching for safeboot services
safeboot service twpkad.sys not found
safeboot service twpkbd.sys not found
searching for files
twpkad.dll exists
deleting twpkad.dll
twpkad.dll has been deleted
twpkbd.sys exists
deleting twpkbd.sys
twpkbd.sys has been deleted
checking for other files
kgcpt.dat exists
deleting kgcpt.dat
kgcpt.dat has been deleted
zq.dll exists
deleting zq.dll
zq.dll has been deleted
zq.sys exists
deleting zq.sys
zq.sys has been deleted
checking for a3d files
ps.a3d
seDS.a3d
deleting a3d files
a3d files are deleted
Finisheddont drink and drive:beer: :beer:
come on the toon!!0 -
yes, another hiajckthis log please, see f that pesky thing is still there !!Ex forum ambassador
Long term forum member0 -
them things are still there!!
Logfile of HijackThis v1.99.1
Scan saved at 13:01:52, on 02/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1151767480\ee\AOLHostManager.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\AOL\1151767480\ee\AOLServiceHost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\aol\1151767480\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\AOL Companion\companion.exe
C:\hijackthis\hijackthis.exe
O2 - BHO: DosSpecFolder Object - !!3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\System32\pmkjk.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - !!8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151767480\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: !!4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: !!4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.rightnowtech.com/5570-b298h/rnl/java/RntX.cab
O18 - Protocol: livecall - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\System32\pmkjk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\WINDOWS\.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exedont drink and drive:beer: :beer:
come on the toon!!0 -
well ones gone !!!!
Boot into safe mode
Turn off system restore
In Windows Explorer, turn on "Show all files and folders, including hidden and system, See how HERE
www.bleepingcomputer.com/forums/tutorial62.html
Run HJT with no other programmes open, and let HJT fix the following
O2 - BHO: DosSpecFolder Object - !!3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\System32\pmkjk.dll
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\System32\pmkjk.dll
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate, and delete the following bold files(if there)
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\shost.exe
Boot into normal mode, and turn system restore back on.
then run hiajck this again and see if that entry is still there !!
almost there I think
Ex forum ambassador
Long term forum member0 -
if not then found this alternate method
http://forum.tweakxp.com/forum/Topic177096-29-1.aspx
Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to extract the files.
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
You will first be presented with a warning .
It should look like this:
VundoFix V2.13 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....
At this point press Enter one time.
Next you will see:
Type in the filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\System32\pmkjk.dll
Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
Next you will see:
Please type in the second filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\System32\kjkmp.*
Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
The fix will run then HijackThis will open.
In HiJackThis, please place a check next to thefollowing items and click FIX CHECKED:
O2 - BHO: DosSpecFolder Object - !!3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\System32\pmkjk.dll
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll
After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
Once your machine reboots please continue with the instructions below.
Download and install CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
It may ask you to reboot at the end, click NO.
Then, please run this online virus scan: ActiveScan
Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
Ex forum ambassador
Long term forum member0 -
hi browntoa the lady need her laptop as she need to do her collage stuff on it so i've given her all the info on it! she would like to thank you for your help ! she says she mite drop in on the floor (by accident).
and thanks from me for your help i will press that button now !cheers
:Tdont drink and drive:beer: :beer:
come on the toon!!0 -
no problem, i'm convinced that last fix will get rid of the stray infection, its vital that she does it
she then needs to download SP2 from (it's very important to do so !!)
www.Windowsupdate.com
and any other updates,
she also needs to install antivirus softwareEx forum ambassador
Long term forum member0 -
i've given my sp2 dics.let's hope she installs it! thanks againdont drink and drive:beer: :beer:
come on the toon!!0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards