Thread: HJT LOG - I can't remove programs anymore
View Single Post
  #8  
Old 05-15-2008, 07:25 PM
Pancake's Avatar
Pancake Pancake is offline
Administrator
  
Join Date: Sep 2004
Location: Victoria,Australia
Posts: 371

Quote:
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security.


Did you by any chance activate autorun ? This will stop Combofix from running.
=============================

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [bkxqjuza] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bkxqjuza.dll
O4 - HKUS\S-1-5-18\..\Run: [Xws] C:\WINDOWS\system32\w?nlogon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Xws] C:\WINDOWS\system32\w?nlogon.exe (User 'Default user')
O10 - Broken Internet access because of LSP provider 'c:\program files\webhancer\programs\webhdll.dll' missing
O20 - Winlogon Notify: abc32reg - C:\Documents and Settings\All Users\Documents\Settings\abc32.dll (file missing)
O20 - Winlogon Notify: ddcyvut - ddcyvut.dll (file missing)
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe (file missing)

Reboot.................
=======================================
Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
==========================
Please download OTMoveIt by Oldtimer and save it to your desktop.

Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Documents and Settings\All Users\Application Data\bkxqjuza.dll
C:\WINDO WS\system32\wmsdkns.exe
C:\WINDOWS\system32\bkapfifs.dllbox
C:\WINDOWS\system32\cluzcifo.dllbox
C:\WINDOWS\system32\dqxynhje.dllbox
C:\WINDOWS\system32\fsrjvxer.dllbox
C:\WINDOWS\system32\fwumjolr.dllbox
C:\WINDOWS\system32\gjllm.bak1
C:\WINDOWS\system32\ngxxw03qb.dll
C:\WINDOWS\system32\pkhipgia.dllbox
C:\WINDOWS\system32\pmakfixz.dllbox
C:\WINDOWS\system32\qtstv.tmp
C:\WINDOWS\system32\qtstv.bak2
C:\WINDOWS\system32\untcxmld.dllbox
C:\WINDOWS\system32\ywrrmalo.dllbox
C:\WINDOWS\Temp\7b6v5pb4.TMP
C:\WINDOWS\Temp\abc1083.tmp
C:\WINDOWS\Temp\abc1CE5.tmp
C:\WINDOWS\Temp\abc1E5F.tmp
C:\WINDOWS\Temp\abc2473.tmp
C:\WINDOWS\Temp\abc5F0C.tmp
C:\WINDOWS\Temp\abc6409.tmp
C:\WINDOWS\Temp\abc69F4.tmp
C:\WINDOWS\Temp\abc90A5.tmp
C:\WINDOWS\Temp\abc987E.tmp
C:\WINDOWS\Temp\abcA8F7.tmp
C:\WINDOWS\Temp\abcAD68.tmp
C:\WINDOWS\Temp\abcB138.tmp
C:\WINDOWS\Temp\abcC20D.tmp
C:\WINDOWS\Temp\abcC924.tmp
C:\WINDOWS\Temp\abcD934.tmp
C:\WINDOWS\Temp\abcED77.tmp
C:\WINDOWS\Temp\abcEDB9.tmp
C:\WINDOWS\Temp\abcF27E.tmp
C:\WINDOWS\Temp\abcFB3F.tmp

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)
Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.
Reboot into Normal Mode.
In your next reply please include the following:
The OTMoveIt and a new HJT log
__________________
An Australian Member of
Eddy
===============================
Reply With Quote