Request for review of HJT Log

Discussion in 'Malware Help (A Specialist Will Reply)' started by TokyoJ, Mar 27, 2006.

  1. TokyoJ

    TokyoJ Private E-2

    Hi everyone,
    After ALOT of Major Geek forum reading and doing the "Read First: steps, I'd like to ask for a pro's feedback on my HJT log.
    I use XP Pro, SP2 w/ Tune Utilities 2006, ZoneAlarm Security Suite, Ad-Aware, Spybot S&D.

    This is my first HJT log so am looking for help on making sure the log is clean and advice on possible next steps.
    Here's what's been done before this posting.
    1. Checked Add/Remove for listed Malware. None found.
    2. Emptied Recycle Bin, Temp files, and Internet Cache.
    3. Installed CCleaner, unchecked Yahoo toolbar.
    4. Already have Adware SE and Spybot S&D so skipped
    5. Installed MS Defender
    6. Installed MS Malicious S/W Removal Tool
    7. Installed Trend Micro’s CWShredder
    8. Installed Kill2me
    9. Installed Spyware Sweeper, 14 day trial version
    10. Rebooted in Safe Mode w/ cable unplugged
    11. Ran all above software in full scan if applicable
    11. Rebooted in Normal mode
    12. Ran HJT from its own folder (that was a scary 2 hrs of watching :eek:

    The results:
    Identified Viruses: 11
    Infected Files: 42
    Suspect Files: 25
    Warnings: 0
    Disinfected: 1
    Deleted Files: 65
    :(

    Could someone offer advice on where I stand now?
    Attached are the HJT.txt log and ActiveScan.

    There are 3 items I couldn't manually delete from ActiveScan's list. They are:
    Dialer:Dialer.FGG Not disinfected C:\WINDOWS\Temp\lcpeogmd.exe
    Adware:adware/emediacodec Not disinfected C:\WINDOWS\SYSTEM32\dfrgsrv.exe
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[1].txt

    Thank you,
    Tokyo J
     

    Attached Files:

    TokyoJ, Mar 27, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    You forgot to attach your HijackThis log.

    You also forgot to empty your Norton Quarantine and Recycle Bin before doing the scans. Notice what is in your Bitdefender log (also this log is not correctly created).

    Do you have a log from Spy Sweeper that you can attach too?
     
    chaslang, Mar 27, 2006
    #2
  3. TokyoJ

    TokyoJ Private E-2

    My apologies. That was stupid...
    Attached is HJT log and Spysweeper Log
    Also emptied Norton Quarantine/Recycle Bin.

    Could you please explain how Bitdefender log was incorrectly created?
    TokyoJ
     

    Attached Files:

    TokyoJ, Mar 27, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes if you follow the steps exactly as they are written, you will get an HTML file that is saved as a .txt file which can be uploading as an attachment. The formatting in the HMTL is much easier to read and it also does not require any editing on your part to create. Step 6 explains this.
     
    chaslang, Mar 27, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay here is what I want you to do. Print or save these steps to a notepad file locally to refer to if necessary because ALL browsers (including this one) must be closed when you do the following.
    • Run Spy Sweeper but do not start a scan yet.
    • Close ALL browser sessions and exit any other programs that are running except SpySweeper (and notepad if you needed it).
    • Open Task Manager by pressing CTRL-SHIFT-ESC.
    • In Task Manager's Process list, locate explorer.exe. Right click on it and select End Process . Do not be alarmed! This will make your Desktop with icons disappear. It is only temporary.
    • Now run a full scan with Spy Sweeper and save a new log.
    • Now in Task Manager click File, New Task (Run...) and enter explorer.exe and click OK. Your Desktop should come back
    • Now attach the new Spy Sweeper log here.
    • Now reboot and run a new Spy Sweeper scan and attach this last log here (yes that is two scans with SpySweeper, one to hopefully fix, and one to make sure it fixed).
    • If it Spy Sweeper still shows a winlogonhook problem, continue with the below Ewido scan and attach the Ewido log: Running Ewido Anti-Malware
     
    chaslang, Mar 27, 2006
    #5
  6. TokyoJ

    TokyoJ Private E-2

    Winlogonhook is gone. :)

    Also ran Ewido and removed two items.
    The last Spysweeper log and Ewido logs are attached.

    Thank you for the valuable guidence.
    Tokyo J
     

    Attached Files:

    TokyoJ, Mar 27, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Looks good! If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Mar 27, 2006
    #7
  8. TokyoJ

    TokyoJ Private E-2

    chaslang,
    THANK YOu!
    I created a check of steps based on majorgeek's steps which I'll use each month.
    "Give a person a fish, feed 'em for a day, teach them fish, feed 'em for life"
    Cheers,
    TokyoJ
     
    TokyoJ, Mar 27, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Mar 27, 2006
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds