Another Interpretation of a HJT Log

Hi


Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • 
    [*]runkeys.txt - the log from GetRunKey.bat
    [*]newfiles.txt - the log from ShowNew.bat
  • CounterSpy - ONLY IF you were not able to run Windows Defender
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

You have a ton of problems remaining!

You need to run ALL the steps that Halo gave to you and attach the other three requested logs!

CounterSpy - ONLY IF you were not able to run Windows Defender
Bitdefender - from step 6
Panda Scan - from step 6

You also did not follow other directions in the READ ME. For example.
- you did not update Sun Java
- you do not seem to have run Microsoft Malicious Software Removal Tool
- you did not download, and install the Spybot from the link given in the READ ME and the version you are running is more than 2 years out of date.
- also the below should have been uninstall via Add/Remove programs in step 0 of the READ ME:

Surf SideKick
TargetSaver
Web Nexus Network

Also uninstall these too:
Enhanced Browser Overlay
Related Page

And I don't recommend using the below. It could be the source of many of your problems:
SoulSeek Client

Why are you running this PC without protection and why haven't you updated your OS?

[EDIT] Since you have so many outstanding problems, you really need to run this Running Ewido Anti-Malware Attach the requested Ewido log afterwards. [EDIT]

 

You did not allow Ewido to fix the problems it was reporting and there were a bunch. Please run it again and make sure you fix everything. Attach the new log.

I see CounterSpy cleaned up quite alot of baddies too! See how important it is to follow the procedures?

Something is not quite right in the ShowNew log. Please click Start, Run and enter cmd and click OK. This will open a command prompt window. In this window enter the below commands.

cd C:\MGtools
ShowNew.bat


This will create a new log. Please attach the new log and also tell me if you see any error messages in the command prompt window.

Make sure you are in NORMAL BOOTMODE. You GetRunKey log appears to show you were in safe mode. Both GetRunKey and ShowNew must be run in normal bootmode as stated in the READ ME.

Have you been playing around using HijackThis or anything else to delete/cleanup stuff on your own? Your HJT log is way to small which indicates that someone has been deleting at will. This is a very bad thing to do. You probably have deleted many things that you need.

 

Start by downloading - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate it later.

Make sure you have rebooted in Normal Mode (do not open any other processes)
Copy the bold text below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
Now back on Killbox's main window, Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note some of the files listed below may not exist but we need to check for them anyway.

c:\windows\system32\INNERADINSTALL.LOG
c:\windows\system32\winupdt.008
c:\windows\dsearch1.bin
C:\WINDOWS\Downloaded Program Files\hochkaod3_.ini
c:\windows\downloaded program files\setup4002b.ini
C:\WINDOWS\duce6.exe
C:\WINDOWS\ms0574232-1180.exe
C:\WINDOWS\System32ghynf.exe
C:\WINDOWS\win32092-11807423.exe
C:\WINDOWS\trinc.dll
C:\WINDOWS\IEXPLOR.EXE
C:\WINDOWS\system\oqphghtuva.exe
C:\WINDOWS\system\vdri.exe
C:\WINDOWS\system\gasajm.exe
C:\WINDOWS\system\jcsvmk.exe
C:\WINDOWS\system\viasb.exe
C:\WINDOWS\system\exkmbjma.exe
C:\WINDOWS\system\rtdhm.exe
C:\WINDOWS\system\hjibvfis.exe
C:\WINDOWS\system\sbeqm.exe
C:\WINDOWS\system\xmdve.exe
C:\WINDOWS\system\upxl.exe
C:\WINDOWS\system\tifvoqd.exe
C:\WINDOWS\system\jnvdlrau.exe
C:\WINDOWS\system\vnobk.exe
C:\WINDOWS\system\ectmtpat.exe
C:\WINDOWS\system\itxu.exe
C:\WINDOWS\system\iijcian.exe
C:\WINDOWS\system\uurvonajs.exe
C:\WINDOWS\system\osrg.exe
C:\WINDOWS\system\epupixkxsk.exe
C:\WINDOWS\system\xgdtc.exe
C:\WINDOWS\system\diba.exe
C:\WINDOWS\system\kwvnddp.exe
C:\WINDOWS\system\mbiwxxxwib.exe
C:\WINDOWS\system\ecfags.exe
C:\WINDOWS\system\mjaouivnva.exe
C:\WINDOWS\system\rvebq.exe
C:\WINDOWS\system\btwl.exe
C:\WINDOWS\system\qvejprj.exe
C:\WINDOWS\system\ggltbjpep.exe
C:\WINDOWS\system\wdtjkxstgd.exe
C:\WINDOWS\system\egpqoc.exe
C:\WINDOWS\system\hkfb.exe
C:\WINDOWS\system\nphcjjigho.exe
C:\WINDOWS\system\hucocxnw.exe
C:\WINDOWS\system\ulbws.exe
C:\WINDOWS\system\hdeujplqiq.exe
C:\WINDOWS\system\jvuthtf.exe
C:\WINDOWS\system\eepfprcu.exe
C:\Program Files\Common Files\{F8F65488-01F2-1033-0804-999809220001}\Update.exe
C:\WINDOWS\system\upgrade.exe
C:\WINDOWS\System32\uyln.exe

If Killbox does not reboot or if you get a Pending Operations type error message just click OK to continue and then just reboot your PC yourself.
After reboot locate the below folders and delete if found:
C:\Program Files\Common Files\{F8F65488-01F2-1033-0804-999809220001}
C:\WINDOWS\TmFuY3kgTWNNYWhvbg
c:\windows\system32\FLEOK

Also delete all files in the below folder except ones from the current date (Windows will not let you delete the files from the current day).
C:\Documents and Settings\Mal\Local Settings\Temp\


Now attach a new HJT log and tell me how the steps went.

Also attach a new log from ShowNew and a new log from GetRunKey.

Make sure you tell me how things are working now!

 

You need to run Add/Remove programs and uninstall the below:

J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Viewpoint Media Player

Then you need to do ALL of the below ASAP. You PC is running an out of date operating system and without proper protection!!!

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!