Command Service Help

**pskelley** · 2006-09-20, 21:51

Could you boot to safe mode and see if you can delete that one file manually.
E:\WINDOWS\system32\mljgg.dll Let me know what happens, I will contact the creator and ask if he got that file.
I posted for information and will let you know as soon as I hear. If Atribune should post to your topic, I would appreciate it if you would give him your full cooperation.

Let me know what happens, thanks.

**a.lewis** · 2006-09-20, 23:57

I've tried to delete the file manually with no success.

Thanks.

**pskelley** · 2006-09-21, 01:11

Thanks for the feedback, I am interested in what you are being told when you try to delete it, are you doing this in safe mode? Let's try other tools while we wait for information from Atribune.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

If the log is large You might need to post half in one reply half in another.

Thanks

**a.lewis** · 2006-09-21, 01:19

Yes I have tried to remove the file in safe mode but get a prompt on screen saying that the file is in use.

Thanks

USER - 06-09-21 0:17:05.34 Service Pack 2
ComboFix 06.09.20 - Running from: "E:\Documents and Settings\USER\Desktop"
Command switches used ::

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

E:\WINDOWS\system32\components
E:\Program Files\Common Files\{937C4FB1-0919-1033-0804-04020404002c}

((((((((((((((((((((((((((((((( Files Created from 2006-08-21 to 2006-09-21 ))))))))))))))))))))))))))))))))))

2006-09-20 01:30 94,720 --a------ E:\WINDOWS\system32\CNMLM3A.DLL
2006-09-20 01:30 5,632 --a------ E:\WINDOWS\system32\CNMVS3A.DLL
2006-09-20 01:30 36,864 --a------ E:\WINDOWS\system32\CNMCP3A.EXE
2006-09-20 01:30 306,688 --a------ E:\WINDOWS\IsUninst.exe
2006-09-19 13:59 127,208 --a------ E:\WINDOWS\system32\mucltui.dll
2006-09-18 19:11 91,904 --a------ E:\WINDOWS\system32\S32EVNT1.DLL
2006-09-17 19:27 577,588 --------- E:\WINDOWS\system32\mljgg.dll
2006-09-16 01:31 88 -r-hs---- E:\WINDOWS\system32\BD1425BDA1.sys
2006-09-16 01:31 3,766 --ahs---- E:\WINDOWS\system32\KGyGaAvL.sys
2006-08-31 14:39 2,560 --a------ E:\WINDOWS\_MSRSTRT.EXE

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-09-21 00:17 -------- d-------- E:\Program Files\Common Files
2006-09-21 00:14 -------- d-------- E:\Documents and Settings\USER\Application Data\MailWasherPro
2006-09-20 20:06 -------- d-------- E:\Program Files\Hijackthis
2006-09-20 19:24 -------- d-------- E:\Program Files\Java
2006-09-20 19:23 -------- d-------- E:\Program Files\Common Files\Java
2006-09-20 17:52 -------- d-------- E:\Program Files\ewido anti-spyware 4.0
2006-09-20 04:08 -------- d-------- E:\Program Files\Mozilla Firefox
2006-09-19 23:25 -------- d-------- E:\Documents and Settings\USER\Application Data\Corel
2006-09-19 19:28 -------- d-------- E:\Program Files\Microsoft Baseline Security Analyzer 2
2006-09-18 21:22 -------- d-------- E:\Program Files\Common Files\Symantec Shared
2006-09-18 19:38 -------- d-------- E:\Program Files\Norton SystemWorks
2006-09-18 19:38 -------- d-------- E:\Documents and Settings\USER\Application Data\Symantec
2006-09-18 19:25 -------- d-------- E:\Program Files\SymNetDrv
2006-09-18 19:25 -------- d-------- E:\Program Files\Symantec
2006-09-18 19:11 4608 --a------ E:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-18 19:08 -------- d-------- E:\Program Files\Common Files\Softwin
2006-09-18 15:12 -------- d-------- E:\Program Files\Outlook Express
2006-09-18 15:12 -------- d-------- E:\Program Files\Internet Explorer
2006-09-18 13:11 -------- d-------- E:\Documents and Settings\USER\Application Data\Talkback
2006-09-17 19:27 -------- d-------- E:\Documents and Settings\USER\Application Data\Lavasoft
2006-09-16 21:01 -------- d-------- E:\Documents and Settings\USER\Application Data\LimeWire
2006-09-16 20:47 -------- d-------- E:\Program Files\LimeWire
2006-09-16 01:37 -------- d-------- E:\Program Files\Corel
2006-09-16 01:36 -------- d-------- E:\Program Files\Common Files\Corel
2006-09-15 22:52 124016 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-14 22:43 -------- d-------- E:\Documents and Settings\USER\Application Data\Google
2006-09-14 22:38 -------- d-------- E:\Program Files\Google
2006-09-14 21:01 -------- d-------- E:\Documents and Settings\USER\Application Data\Sun
2006-09-13 01:14 -------- d-------- E:\Program Files\Windows Journal Viewer
2006-09-13 01:14 -------- d-------- E:\Program Files\Common Files\Microsoft Shared
2006-08-31 14:51 -------- d-------- E:\Program Files\Common Files\InstallShield
2006-08-31 14:39 2560 --a------ E:\WINDOWS\_MSRSTRT.EXE
2006-08-31 14:38 -------- d-------- E:\Program Files\Opera
2006-08-31 14:36 -------- d-------- E:\Program Files\Common Files\System
2006-08-30 10:25 -------- d-------- E:\Program Files\MSN Messenger
2006-08-23 08:58 -------- d-------- E:\Program Files\MailWasher
2006-08-21 13:21 16896 --a------ E:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ E:\WINDOWS\system32\fltmc.exe
2006-08-21 10:14 128896 --a------ E:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 13:57 -------- d-------- E:\Documents and Settings\USER\Application Data\Real
2006-08-16 13:53 -------- d-------- E:\Program Files\Real
2006-08-16 13:53 -------- d-------- E:\Program Files\Common Files\xing shared
2006-08-16 13:53 -------- d-------- E:\Program Files\Common Files\Real
2006-08-16 13:44 -------- d-------- E:\Program Files\Windows Media Player
2006-08-02 10:36 -------- d-------- E:\Program Files\XviD
2006-08-02 10:36 -------- d-------- E:\Program Files\Webteh
2006-08-02 09:10 -------- d-------- E:\Program Files\DivX
2006-07-29 19:32 48936 --a------ E:\WINDOWS\system32\sirenacm.dll
2006-07-27 14:39 679424 --a------ E:\WINDOWS\system32\inetcomm.dll
2006-07-21 09:26 72704 --a------ E:\WINDOWS\system32\hlink.dll
2006-07-19 00:14 520192 --a------ E:\WINDOWS\system32\DivXsm.exe
2006-07-19 00:13 3596288 --a------ E:\WINDOWS\system32\qt-dx331.dll
2006-07-19 00:13 200704 --a------ E:\WINDOWS\system32\ssldivx.dll
2006-07-19 00:13 1044480 --a------ E:\WINDOWS\system32\libdivx.dll
2006-07-19 00:09 90112 --a------ E:\WINDOWS\system32\dpl100.dll
2006-07-19 00:09 778240 --a------ E:\WINDOWS\system32\divx_xx0c.dll
2006-07-19 00:09 778240 --a------ E:\WINDOWS\system32\divx_xx07.dll
2006-07-19 00:09 761856 --a------ E:\WINDOWS\system32\divx_xx11.dll
2006-07-19 00:09 620180 --a------ E:\WINDOWS\system32\DivX.dll
2006-07-19 00:09 593920 --a------ E:\WINDOWS\system32\dpuGUI11.dll
2006-07-19 00:09 57344 --a------ E:\WINDOWS\system32\dpv11.dll
2006-07-19 00:09 53248 --a------ E:\WINDOWS\system32\dpuGUI10.dll
2006-07-19 00:09 344064 --a------ E:\WINDOWS\system32\dpus11.dll
2006-07-19 00:09 294912 --a------ E:\WINDOWS\system32\dpu11.dll
2006-07-19 00:09 294912 --a------ E:\WINDOWS\system32\dpu10.dll
2006-07-19 00:09 200704 --a------ E:\WINDOWS\system32\dtu100.dll
2006-07-19 00:09 12288 --a------ E:\WINDOWS\system32\DivXWMPExtType.dll
2006-07-19 00:09 118784 --a------ E:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-06-22 06:06 69120 --a------ E:\WINDOWS\system32\ciodm.dll
2006-06-22 06:06 1435648 --a------ E:\WINDOWS\system32\query.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"E:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="E:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"Norton SystemWorks"="\"E:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="E:\\Program Files\\Conexant\\AccessRunner ADSL\\CnxDslTb.exe"
"snpstd"="E:\\WINDOWS\\vsnpstd.exe"
"LClock"="E:\\Program Files\\LClock\\LClock.exe"
"NvCplDaemon"="RUNDLL32.EXE E:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE E:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"TkBellExe"="\"E:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Corel Photo Downloader"="E:\\Program Files\\Corel\\Corel Snapfire\\Corel Photo Downloader.exe"
"ccApp"="\"E:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="E:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"!ewido"="\"E:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"SunJavaUpdateSched"="E:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoInstrumentation"=dword:00000001
"NoSMHelp"=dword:00000001
"StartMenuLogoff"=dword:00000001
"ForceStartMenuLogoff"=dword:00000000
"NoSMMyDocs"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001
"NoUserNameInStartMenu"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDesktopCleanupWizard"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoInstrumentation"=dword:00000001
"NoSMHelp"=dword:00000001
"StartMenuLogoff"=dword:00000001
"ForceStartMenuLogoff"=dword:00000000
"NoSMMyDocs"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001
"NoUserNameInStartMenu"=dword:00000001

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoInstrumentation"=dword:00000001
"NoSMHelp"=dword:00000001
"StartMenuLogoff"=dword:00000001
"ForceStartMenuLogoff"=dword:00000000
"NoSMMyDocs"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001
"NoUserNameInStartMenu"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjyg32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder
E:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - USER.job
E:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
E:\WINDOWS\tasks\Symantec Drmc.job

Completion time: 21/09/2006 0:18:11.46
ComboFix.txt

**pskelley** · 2006-09-21, 01:52

Thanks for that feedback, this tool did not delete anything and I can see the item in the list of recently installed. I checked a few with Google and get little or no information. I would like you to use the free online scanners:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html
Use one or more to find out if the file is bad, you can delete anything it says is bad though you will probably need to do it in safe mode. I am surprised the Vundo file will not let you remove it in Safe Mode, nothing should be running?

Here are the files to check, check them carefully. I havbe no way of knowing from here if they are good or bad.
E:\WINDOWS\system32\CNMLM3A.DLL
E:\WINDOWS\system32\CNMVS3A.DLL
E:\WINDOWS\system32\CNMCP3A.EXE
E:\WINDOWS\IsUninst.exe
E:\WINDOWS\system32\mucltui.dll
E:\WINDOWS\system32\S32EVNT1.DLL
E:\WINDOWS\system32\mljgg.dll
E:\WINDOWS\system32\BD1425BDA1.sys
E:\WINDOWS\system32\KGyGaAvL.sys
E:\WINDOWS\_MSRSTRT.EXE

When you are finished, give me a list of the BAD files that you could not delete. If you are undecided if a file is bad, post the results of the scan for me to look.

Thanks

**a.lewis** · 2006-09-21, 03:23

I scanned the files you requested and the only one which comes up as bad is:

E:\WINDOWS\system32\mljgg.dll

AntiVir reports it as Trojan/Vundo.Gen

Norman Virus Control reports it as W32/Vundo.gen1

As I mentioned I have tried to remove it in safe mode with no luck.

Thanks again.

**pskelley** · 2006-09-21, 11:40

Thanks for that information, wish I was setting in front of the computer, but I am not. I am interested in the message you receive when you try to delete it. I have never had a Vundo file this resistant.

I have not heard from the creator of Vundofix yet, so let's try another Vundo removal program:

Please download VirtumundoBeGone:
http://secured2k.home.comcast.net/to...undoBeGone.exe
* Save it to the Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the Desktop
* Follow the directions as indicated

This program may generate a "BLUE SCREEN OF DEATH" which is an expected/necessary part of the process.
Do not be concerned.
Just reboot if your system "jams".

To confirm successful deletion, and determine if there are any additional problems, please post the VirtumundoBeGone log VBG.txt. It is found on the Desktop.

Let me know how it goes...thanks

**a.lewis** · 2006-09-21, 13:22

I think we may have had some success this time but i'll let you interpret the scan results

thanks again

[09/21/2006, 12:12:41] - VirtumundoBeGone v1.5 ( "E:\Documents and Settings\USER\Desktop\VirtumundoBeGone.exe" )
[09/21/2006, 12:12:45] - Detected System Information:
[09/21/2006, 12:12:45] - Windows Version: 5.1.2600, Service Pack 2
[09/21/2006, 12:12:45] - Current Username: USER (Admin)
[09/21/2006, 12:12:45] - Windows is in NORMAL mode.
[09/21/2006, 12:12:45] - Searching for Browser Helper Objects:
[09/21/2006, 12:12:45] - BHO 1: {022A9F22-B4A8-4593-801D-A7A60277705E} ()
[09/21/2006, 12:12:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/21/2006, 12:12:45] - Checking for HKLM\...\Winlogon\Notify\mljgg
[09/21/2006, 12:12:45] - Found: HKLM\...\Winlogon\Notify\mljgg - This is probably Virtumundo.
[09/21/2006, 12:12:45] - Assigning {022A9F22-B4A8-4593-801D-A7A60277705E} MSEvents Object
[09/21/2006, 12:12:45] - BHO list has been changed! Starting over...
[09/21/2006, 12:12:45] - BHO 1: {022A9F22-B4A8-4593-801D-A7A60277705E} (MSEvents Object)
[09/21/2006, 12:12:45] - ALERT: Found MSEvents Object!
[09/21/2006, 12:12:45] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/21/2006, 12:12:45] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/21/2006, 12:12:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/21/2006, 12:12:45] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/21/2006, 12:12:45] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/21/2006, 12:12:45] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/21/2006, 12:12:45] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/21/2006, 12:12:45] - BHO 6: {a43385f0-7113-496d-96d7-b9b550e3fcca} ()
[09/21/2006, 12:12:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/21/2006, 12:12:45] - Checking for HKLM\...\Winlogon\Notify\ixt1
[09/21/2006, 12:12:45] - Key not found: HKLM\...\Winlogon\Notify\ixt1, continuing.
[09/21/2006, 12:12:45] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/21/2006, 12:12:45] - BHO 8: {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} ()
[09/21/2006, 12:12:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/21/2006, 12:12:45] - Checking for HKLM\...\Winlogon\Notify\amkrevvq
[09/21/2006, 12:12:45] - Key not found: HKLM\...\Winlogon\Notify\amkrevvq, continuing.
[09/21/2006, 12:12:45] - BHO 9: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[09/21/2006, 12:12:45] - Finished Searching Browser Helper Objects
[09/21/2006, 12:12:45] - *** Detected MSEvents Object
[09/21/2006, 12:12:45] - Trying to remove MSEvents Object...
[09/21/2006, 12:12:46] - Terminating Process: IEXPLORE.EXE
[09/21/2006, 12:12:46] - Terminating Process: RUNDLL32.EXE
[09/21/2006, 12:12:46] - Disabling Automatic Shell Restart
[09/21/2006, 12:12:46] - Terminating Process: EXPLORER.EXE
[09/21/2006, 12:12:47] - Suspending the NT Session Manager System Service
[09/21/2006, 12:12:47] - Terminating Windows NT Logon/Logoff Manager
[09/21/2006, 12:18:15] - Re-enabling Automatic Shell Restart
[09/21/2006, 12:18:15] - File to disable: E:\WINDOWS\system32\mljgg.dll
[09/21/2006, 12:18:15] - Renaming E:\WINDOWS\system32\mljgg.dll -> E:\WINDOWS\system32\mljgg.dll.vir
[09/21/2006, 12:18:15] - File successfully renamed!
[09/21/2006, 12:18:15] - Removing HKLM\...\Browser Helper Objects\{022A9F22-B4A8-4593-801D-A7A60277705E}
[09/21/2006, 12:18:15] - Removing HKCR\CLSID\{022A9F22-B4A8-4593-801D-A7A60277705E}
[09/21/2006, 12:18:15] - Adding Kill Bit for ActiveX for GUID: {022A9F22-B4A8-4593-801D-A7A60277705E}
[09/21/2006, 12:18:15] - Deleting ATLEvents/MSEvents Registry entries
[09/21/2006, 12:18:15] - Removing HKLM\...\Winlogon\Notify\mljgg
[09/21/2006, 12:18:15] - Searching for Browser Helper Objects:
[09/21/2006, 12:18:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/21/2006, 12:18:15] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/21/2006, 12:18:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/21/2006, 12:18:15] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/21/2006, 12:18:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/21/2006, 12:18:15] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/21/2006, 12:18:15] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/21/2006, 12:18:15] - BHO 5: {a43385f0-7113-496d-96d7-b9b550e3fcca} ()
[09/21/2006, 12:18:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/21/2006, 12:18:15] - Checking for HKLM\...\Winlogon\Notify\ixt1
[09/21/2006, 12:18:15] - Key not found: HKLM\...\Winlogon\Notify\ixt1, continuing.
[09/21/2006, 12:18:15] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/21/2006, 12:18:15] - BHO 7: {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} ()
[09/21/2006, 12:18:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/21/2006, 12:18:15] - Checking for HKLM\...\Winlogon\Notify\amkrevvq
[09/21/2006, 12:18:15] - Key not found: HKLM\...\Winlogon\Notify\amkrevvq, continuing.
[09/21/2006, 12:18:15] - BHO 8: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[09/21/2006, 12:18:15] - Finished Searching Browser Helper Objects
[09/21/2006, 12:18:15] - Finishing up...
[09/21/2006, 12:18:15] - A restart is needed.
[09/21/2006, 12:19:11] - Attempting to Restart via STOP error (Blue Screen!)

**pskelley** · 2006-09-21, 13:47

I don't use this fix as often, but it appears to have been able to rename the file and then delete it. Are you having any malware prblems with the computer? You can run the Vundofix if you wish for a check. It should not find that file anymore. I will post this information for you now.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

If all is well, let me know and I will ask tashi to close the topic.

Thanks...Phil

**a.lewis** · 2006-09-21, 21:32

I've been using the pc for most of the day now and i'm glad to say there are no problems. I did run VundoFix again just to confirm the file had been removed.

Thanks again for taking the time to help me fix all the issues with my pc,

Alan

Thread: Command Service Help

Thread Tools

Display

Posting Permissions