Bitdefender, Panda ActiveScan & HijackThis logs

Hi Brendan, the instructions for How to Attach those logs to a post are listed here http://forums.majorgeeks.com/showthread.php?t=86880

you can add upto 3 attachments per post so the 3 logs will be fine in one post

yes once the malware experts have reviewed your logs, they will indeed give you nice easy instructions on what steps to take next. Please do make sure you followed the guide exactly, especially in relation to using Hijackthis and where to install it as if it is installed in the wrong place we advise then you will be asked to run it again as per this Downloading, Installing, and Running HijackThis

also as this is a busy forum, do give some time for a reply as the guys are busy and do work from the bottom/oldest posts up, so bumping your thread up will add to the time the guys respond.

 

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Bitdefender
  • Panda Scan
  • HijackThis

.

 

Did you knowingly install this Odigo Instant Messenger? If not, or if already uninstalled, add it to the list of things to fix with HijackThis further down in this message.
O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\Odigo\Bin\OdigoBHO.dll (file missing)


Download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster
• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program

Make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.
C:\windows\system32\dxvid.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
c:\windows\system32\dxvid.exe
C:\WINDOWS\system32\req.dll
c:\windows\tmlpcert2005
C:\Documents and Settings\Brendan Ramsey.D3SB551J\Local Settings\Temp <--- delete all files and subfolder in this Temp folder. Windows will block deleting a few from the current date


If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Why not? Didn't you find it or did you find it but could not delete it?

If you found it but could not delete it, try again now. If it still won't delete, right click on it and select Rename. Change the name to req.ddd. Then reboot your PC into safe mode and now see if you can delete the req.ddd file.

Your HJT log is clean. How is everything working?

 

Not really! It could be something with your ISP. Are you on DSL? Either way it does not sound like malware.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

That step has nothing to do with the scanning tools! It has to do with manual cleaning procedures when we are trying to locate malware files. I always recommend just leaving it set as we have it in the READ ME. If you do not trust youself to be careful with Windows system files, you can set it back to defaults but just remember that doing this creates a hiding place for malware. It you cannot see it, you may never know it is there.