Vundo, Darksma, Metajaun?

[roses1475]

Well, thats what my programs say they are removing but never do. I keep getting popups constantly! The webpages are so slow to load, if they even get that far. I need help otherwise I would have to reboot the whole system. TIA

The log was run after it said it was removed, but nothing seems to have changed.

 

[xxdanielxx]

go to the link below follow the guide then post the 3 logs

https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[roses1475]

Thank you, I just wanted to let you know I'm still working on it.

 

[roses1475]

Sorry, this is all new to me and a little confusing, here is the first log

Also, no rootkits have been found

 

[xxdanielxx]

Make sure to clear everything SAS (SUPERAntiSpyware) Found

 

[roses1475]

My fingers are crossed

 

[xxdanielxx]

Well first it looks like you have norton and avg installed lets remove norton. Below is a link for norton removal this will completely remove norton

Norton Removal:
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

Next you have hijackthis named as
Crazy.exe.exe change it to Crusty.exe

 

[xxdanielxx]

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.

O2 - BHO: {4a98f74d-2fc7-636b-90a4-85114c640470} - {074046c4-1158-4a09-b636-7cf2d47f89a4} - C:\WINDOWS\system32\qaoqeyyu.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {EA4B3D6E-A8BE-446A-B989-F2C34E4FF8AC} - C:\WINDOWS\system32\pmnnMefF.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [13f04ba4] rundll32.exe "C:\WINDOWS\system32\ernqlbfy.dll",b
O4 - HKLM\..\Run: [BM10c37838] Rundll32.exe "C:\WINDOWS\system32\yrjmbclf.dll",s
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe



Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis.**Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

PartyGaming

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\WINDOWS\system32\qaoqeyyu.dll
C:\WINDOWS\system32\pmnnMefF.dll
C:\WINDOWS\system32\ernqlbfy.dll
C:\WINDOWS\system32\yrjmbclf.dll
C:\Program Files\PartyGaming


After that, Reboot, and post a new HijackThis log here in a reply

 

[roses1475]

hyjackthislog

 

[xxdanielxx]

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Pet%20Shop%20Hop/Images/stg_drm.ocx

http://www.atribune.org/ccount/click.php?id=4

"Download VundoFix" to your desktop. from the link above
Double-click VundoFix.exe to run it.
When VundoFix opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Then post a fresh hijackthis.log

 

[roses1475]

heres the log

 

[xxdanielxx]

your log looks clean except for one file

O4 - HKLM\..\Run: [BM10c37838] Rundll32.exe "C:\WINDOWS\system32\yrjmbclf.dll",s

I am going to double check to see what this is. How is your computer running.


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

 

[roses1475]

Thank you sooo much!!

 

[xxdanielxx]

hey one last thing just in case you had installed some tools

Uninstall ComboFix

• Click Start then Run
• Now Type Combofix /u in the runbox
• Make sure there's a space between Combofix & /u
• Then hit Enter

The above procedure will Delete the following:

• ComboFix & it's associated files & folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide system/hidden files, if required.
• Set a new, clean Restore Point.

------------------------------------------------------------------

OTCleanit! by Oldtimer

• Download OTCleanIt
• Click the CleanUp! button.
  (It will go thorugh the list & remove all of the tools it finds and then delete itself) Requiring a reboot