Help Please

Ok guys, I'm sorry if this has already been posted somewhere, i looked but didnt see it. anyways. I have a few problems. One seems to be i cannot play in Punkbuster supported servers for a game called soldier of forutne 2. I looked on then et and there seems to be a spyware that blocks that. The software used to locate that problem didbnt find anything. Also. I have a Yellow triangle with a ! in the middle of it in the task bar. A "Security Aler" pop up keeps coming up. here is my HJT log. Anyhelp will be greatly appreciated.

Cheers

~ INLINE LOG ATTACHED ~ SPD
READ ME FIRST NOT RUN


PS. I ran spybot S&D and Adware, but still seems to have missed it. Thanks again

 

Welcome to MajorGeeks.com!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

 

Ok. I have done the Read me and Run me steps.

Here are my 3 log files. Thanks for the help.

 

You have a few things going on in your logs. I'll need 3 more logs before we get started.

Follow the directions for the following:
Running WinPfind by OldTimer
Using GetRunKey
Using ShowNew

Post WinPFind.txt, runkey.txt, and newfiles.txt.

 

here they r

 

Start by downloading two tools we will need

- Process Explorer
- Pocket KillBox

Extract them to their own folder somewhere that you will be able to locate them later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)

- Run Process Explorer

In the top section of the Process Explorer screen double click on smss.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of mlljk.dll once and then click the kill button. After you have killed all of the mlljk.dll under winlogon click ok. (If you do not find the dll, just continue on.)

Next double click on winlogon.exe and again click once on each instance of mlljk.dll and kill it. (If you do not find the dll, just continue on.)

Next double click on explorer.exe and again click once on each instance of mlljk.dll and kill it. (If you do not find the dll, just continue on.)

Next double click on iexplore.exe and again click once on each instance of mlljk.dll and kill it. (If you do not find the dll, just continue on.)

Next double click on rundll32.exe and again click once on each instance of mlljk.dll and kill it. (If you do not find the dll, just continue on.)

Next double click on wrssdk.exe and again click once on each instance of mlljk.dll and kill it. (If you do not find the dll, just continue on.)

Now just exit Process Explorer.

Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini2
C:\WINDOWS\system32\kjllm.tmp
C:\WINDOWS\system32\components\flx2.dll
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ixt0.dll
C:\WINDOWS\system32\pmnqguh.dll
C:\WINDOWS\system32\winvul32.dll
C:\WINDOWS\system32\winvul32.dll
c:\windows\system32\ot.ico
c:\documents and settings\all users\desktop\Online Security Guide.url
C:\Program Files\Common Files\{20CDE608-0B17-1033-0827-030404060001}\Update.exe
C:\WINDOWS\a3JhZnQ\uaL1tBk.vbs
C:\WINDOWS\iufziwkA.exe
C:\WINDOWS\ms03364680550.exe
C:\WINDOWS\v1201.exe
C:\WINDOWS\system32\bkpanui.dll
C:\WINDOWS\system32\fxmngr.exe
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ixt0.dll
C:\WINDOWS\system32\ixt1.dll
C:\WINDOWS\system32\ixt2.dll
C:\WINDOWS\system32\jtn8075ue.dll
C:\WINDOWS\system32\lccmgr10.dll
C:\WINDOWS\system32\ot.ico
C:\WINDOWS\system32\pmnljgf.dll
C:\WINDOWS\system32\winvul32.dll

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

Reboot to Safe Mode.

Open Windows Explorer, navigate to a delete the following folders:
C:\Program Files\Common Files\{20CDE608-0B17-1033-0827-030404060001}
C:\WINDOWS\a3JhZnQ

Reboot to Normal Mode.

Follow the directions for the following procedures;
Look2Me VX2 Removal
SpywareQuake & SpyFalcon Removal Procedure
Virtumonde aka Trojan Vundo Removal

Post the logs from Look2MeDestroyer, SmitRem, VundoFix and a fresh HijackThis log.

Make sure you tell me how things are working now!

 

Ok man. As far as I know, my comp is better now. Thank you very much man. give me a paypal address so i can donate a few bucks to you for helping me. Here are my logs anyways. thanks again man. If i have any more problems ill let you know.

Cheers

 

and heres my look2me log

 

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

REBOOT

Post a fresh HiackThis log.

How is your computer running?