Please help! HijackThis log

attached

[saving disk space - old attachment deleted by admin]

[Malware Removal Specialist]

Delete these files/folders, as follows:

* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

File::
ujedltxb.ini
gfeoebci.ini
mpckddxl.ini
ftjjovke.ini
gjxqajdm.ini
jrpptech.ini
ggujimly.ini
lqsvtnpa.ini
sgrvgoaf.ini
ddijkixx.ini
kubtafxc.ini
fabcvped.ini
itweqqvc.ini
fujcvtwn.ini
nivowbpr.dll
craatwsk.dll
aglndpln.dll
ntmfgwqk.dll
jquqrcou.dll
mddqfaxi.dll
mcrh.tmp
fuxfdyna.dll
lcsypdjo.dll
mvyqmkya.dll
kjrwdqts.dll
ulmbjbab.dll
tbkeuymt.dll
mmafbdvu.dll
cpaonoqi.dll
ngyqnuen.ini
kxuiigaj.ini
thertnnu.ini
hjjxqjnv.ini
gckkqkxx.ini
muwquhfd.ini
losygkkw.dll

Folder::
C:\VundoFix Backups

* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

Next post please attach
combofix.txt log
New HijackThis log

as requested

[saving disk space - old attachment deleted by admin]

[Malware Removal Specialist]

Well combofix didn't delete all that I wanted it to.

Enable Viewing Of Hidden System Files & Folders

1. Right Click Start.
2. Select Control Panel.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide extensions for known file types option.
7. Uncheck the Hide protected operating system files (recommended) option.
8. Click Apply.
9. Click OK.

===

Open HijackThis and select "Do a system scan only"

Place a check mark next to:

O4 - HKLM\..\Run: [b0b952d1] rundll32.exe "C:\WINDOWS\system32\losygkkw.dll",b
O8 - Extra context menu item: &Search - ?p=ZUxdm082YYUS

Next click "Fix checked"

On the desktop right click "My Computer" and "Open"

Locate and delete the following file/folder (in bold):

C:\WINDOWS\system32\losygkkw.dll (if there)

I am going to look into the combofix entries and will post back when I know more.

We are almost there.

Also how is the computer now?

My Computer seems fine. 

No more automatic resets to "accept all cookies", no more automatic redirects to an unknown webpage, no more annoying popups, and now I know why I kept getting the "error" at startup stating that the file C:\WINDOWS\system32\losygkkw.dll could not be found.  It was deleted at some point as a virus file.

You didn't ask for a logfile last post, so I will await your next for further instructions.

Thanks for your continued assistance. 

[Malware Removal Specialist]

I'm awaiting a second opinion on the combofix log. Probably won't until later but I will post back and let you know.

Glad things are working better.

[Malware Removal Specialist]

OK we are rolling again.


Delete these files/folders, as follows:

* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

File::
C:\WINDOWS\system32\ujedltxb.ini
C:\WINDOWS\system32\gfeoebci.ini
C:\WINDOWS\system32\mpckddxl.ini
C:\WINDOWS\system32\ftjjovke.ini
C:\WINDOWS\system32\gjxqajdm.ini
C:\WINDOWS\system32\jrpptech.ini
C:\WINDOWS\system32\ggujimly.ini
C:\WINDOWS\system32\lqsvtnpa.ini
C:\WINDOWS\system32\sgrvgoaf.ini
C:\WINDOWS\system32\ddijkixx.ini
C:\WINDOWS\system32\kubtafxc.ini
C:\WINDOWS\system32\fabcvped.ini
C:\WINDOWS\system32\itweqqvc.ini
C:\WINDOWS\system32\fujcvtwn.ini
C:\WINDOWS\system32\nivowbpr.dll
C:\WINDOWS\system32\craatwsk.dll
C:\WINDOWS\system32\aglndpln.dll
C:\WINDOWS\system32\ntmfgwqk.dll
C:\WINDOWS\system32\jquqrcou.dll
C:\WINDOWS\system32\mddqfaxi.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\fuxfdyna.dll
C:\WINDOWS\system32\lcsypdjo.dll
C:\WINDOWS\system32\mvyqmkya.dll
C:\WINDOWS\system32\kjrwdqts.dll
C:\WINDOWS\system32\ulmbjbab.dll
C:\WINDOWS\system32\tbkeuymt.dll
C:\WINDOWS\system32\mmafbdvu.dll
C:\WINDOWS\system32\cpaonoqi.dll
C:\WINDOWS\system32\ngyqnuen.ini
C:\WINDOWS\system32\kxuiigaj.ini
C:\WINDOWS\system32\thertnnu.ini
C:\WINDOWS\system32\hjjxqjnv.ini
C:\WINDOWS\system32\gckkqkxx.ini
C:\WINDOWS\system32\muwquhfd.ini
C:\WINDOWS\system32\losygkkw.dll

* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang


Next post please add:
combofix log
New HijackThis log

as requested, please see the attached

[saving disk space - old attachment deleted by admin]

[Malware Removal Specialist]

That did it.

The logs look fine now.

Delete Find AWF and all of its logs.
Delete any vundo programs used.

Go to Start > Run and copy and paste next command in the field:

ComboFix /u



Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Are you having any problems now?

If anything else comes back let us know.

Great job! Thanks for all your help!

If anything else comes up I know where to post.

[Malware Removal Specialist]

No problem.

Safe surfing.......