Tech Support Forum - View Single Post - My hijackthis log

**Omerr** · 11-25-2005, 12:48 PM

Hello and welcome to TSF

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.Please do NOT change any of those settings until we finish the fixing process.

Please download VundoFix.exe to your desktop.[list][*]Double-click VundoFix.exe to extract the files[*]This will create a VundoFix folder on your desktop.

Download CleanUp! and install it. Do NOT run it yet.

Download Ewido Security Suite at http://www.ewido.net/en/download/ and install it. Update to the newest definitions. Do NOT run it yet.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
You will first be presented with a warning.
It should look like this:
At this point press enter one time.
Next you will see:
At this point please type the following file path (make sure to enter it exactly as below!):
- C:\WINDOWS\system32\pmkjj.dll
Press Enter to continue with the fix.
Next you will see:
At this point please type the following file path (make sure to enter it exactly as below!):
- [b]C:\WINDOWS\system32\jjkmp.*
Press Enter to continue with the fix.
The fix will run then HijackThis will open, if it does not open automatically please open it manually.
In HiJackThis, please place a check next to the following items and click FIX CHECKED:

O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\pmkjj.dll
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll
After you have fixed these items, close Hijackthis.
Press enter to exit the program.

Next run a full scan in Ewido. Save the log from the scan, and post in here on your next reply.

WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep stored in these locations, Move them now!!!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
1) Click "Options..."
2) Move the arrow down to "Custom CleanUp!"
3)Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users

4) Uncheck the following:

Scan local drives for temporary files

5) Click OK
6) Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Reboot your system in Normal Mode.

Please run an online scan at http://www.pandasoftware.com/products/activescan.htm
Make sure you click the "Free Online Virus Scan" in the upper right hand corner of the page under the Free use Activescan header. We do NOT want the default spyXposer scan. Once it has finished save the activescan log. Then post that log in your next post.

Now give us a new HijackThis log, along with Panda ActiveScan’s log and Ewido's log, so we can make sure your system is clean.

11-25-2005, 12:48 PM	#4 (permalink)
Omerr TSF Enthusiast Join Date: Feb 2005 Location: Israel Posts: 1,032 OS: XP Proffesional	Hello and welcome to TSF Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.Please do NOT change any of those settings until we finish the fixing process. Please download VundoFix.exe to your desktop.[list][]Double-click VundoFix.exe* to extract the files[]This will create a VundoFix* folder on your desktop. Download CleanUp! and install it. Do NOT run it yet. Download Ewido Security Suite at http://www.ewido.net/en/download/ and install it. Update to the newest definitions. Do NOT run it yet. Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat You will first be presented with a warning. It should look like this: At this point press enter one time. Next you will see: At this point please type the following file path (make sure to enter it exactly as below!): C:\WINDOWS\system32\pmkjj.dll Press Enter to continue with the fix. Next you will see: At this point please type the following file path (make sure to enter it exactly as below!): [b]C:\WINDOWS\system32\jjkmp.* Press Enter to continue with the fix. The fix will run then HijackThis will open, if it does not open automatically please open it manually. In HiJackThis, please place a check next to the following items and click FIX CHECKED: O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\pmkjj.dll O20 - Winlogon Notify: pmkjj - C:\WINDOWS\system32\pmkjj.dll After you have fixed these items, close Hijackthis. Press enter to exit the program. Next run a full scan in Ewido. Save the log from the scan, and post in here on your next reply. WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep stored in these locations, Move them now!!! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: 1) Click "Options..." 2) Move the arrow down to "Custom CleanUp!" 3)Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users 4) Uncheck the following: Scan local drives for temporary files 5) Click OK 6) Press the CleanUp! button to start the program. Reboot/logoff when prompted. Reboot your system in Normal Mode. Please run an online scan at http://www.pandasoftware.com/products/activescan.htm Make sure you click the "Free Online Virus Scan" in the upper right hand corner of the page under the Free use Activescan header. We do NOT want the default spyXposer scan. Once it has finished save the activescan log. Then post that log in your next post. Now give us a new HijackThis log, along with Panda ActiveScan’s log and Ewido's log, so we can make sure your system is clean. __________________ I am here in order to help you.