help needed - log included REPOST

[Paradis158]

Everytime I open up either internet explorer or firefox, I get both internet explorer and firefox popups. They are overwelming at times and my computer seems to be working hard to work around them. I've tried getting rid of a lot of files that these programs came up with but was unsuccessful. Any help you could provide would be greatly appreciated.

I have run Windows Defender, AVG Antispyware, HijackThis, and a Kapersky Scan.

I tried to save the AVG scan log but I was not able to click the save log button after it scanned or after I clicked apply all actions. I made sure to click "automatically generate report after every scan' and uncheck 'only if threats were found". In any case, these are the things it came up with:

Downloader.VB.bvj
Dropper.Agent.dgo
Downloader.VB.ccs
Not-A-Virus.Adware.PurityScan

Windows Defender found:

Win32/WinFixer
Win32/Clickspring.B
Win32/WebBuying

The program 'removed' them but I listed them here anyways incase they come back with startup.

Thanks again for looking at this. I've been dealing with this problem for far too long.

[jholland1964]

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.



Once you do that then reboot again and run a new Kaspersky scan and a new HJT scan and post the Vundo log, Kaspersky and HJT logs here. We will see what remains.
Judy

[Paradis158]

Ok sooo after scanning with Vundo it came up with:

C:\windows\system32\ddcyw.dll, ljjfdc.dll, ljjkkj.dll, opnmlli.dll, wycdd.ini, wycdd.ini2, xxyxuut.dll

I have attached the new hijackthis and kapersky logs.

Thanks for the help.

[jholland1964]

What I thought you would find.
Now do the following;
Download the latest version of ComboFix from Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next repl

[Paradis158]

Attached are the logs you requested:

thanks!

[jholland1964]

Boy are you fast! Give me a bit to go through these and I will get back with you!

[jholland1964]

Give me one more Kaspersky. Hey you didn't post the VundoFix log. You say it found these files...did it delete them as it should have?

[Paradis158]

Hello, sorry about that, I don't know how I missed the Vundo log. Bother Kapersky and Vundo logs are attached.

[Paradis158]

I believe it deleted the files it needed to in Vundo. . . if I remember correctly, it may have had trouble getting rid of hte ddcyw.dll one (if that was even something it found, its hard to keep track of these haha).

[jholland1964]

Download this file and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field
You need to type these exactly as written here'

C:\WINDOWS\system32\ljjjkkj.dll
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\system32\ardCo01\ardCo011065.exe


Press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.

Run another Kaspersky and another HJT after running Killbox and give me those new logs.
Judy