HJT log/problems/questions

Welcome to Majorgeeks!

That is not a complete HJT log there are some obvious things missing like all of the processes. You must follow the directions in step 7 exactly. Also you have not run ALL steps in procedure. Like step 6 and the associated logs required.

You should not be fixing anything on your own using HJT. It is not a tool for inexperienced users.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

.
You have a Look 2 Me infection.

 

I notice that you have a firewall from AOL installed and also ZoneAlarm firewall installed. You must use only one firewall. Please uninstall one. Personally I would not use any of AOL's tools but that is your decision. Also make sure you do not have the firewall in WinXP SP2 enabled.

I also notice you have Spybot's Teatimer running which we suggest not to use. It could make it difficult to remove some problems and it has been noted to be a resource hog. With MS Antispyware installed and running you should disable Teatimer.

Look in Add/Remove programs for Media Access and uninstall if found.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} -
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} -
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} -
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} -

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Media Access <--- the whole folder

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode.

You have a Look 2 Me infection we need to fix now. So run the steps in the below link and post the two logs.

Look2Me VX2 Removal


After running the above post a new HJT log. And tell us how things are working.


Reminder Note: Once we have determine you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You said the following:

Why would they say you should install AOL's firewall if ZoneAlarm was already found? They should say and do the exact opposite.


Well the L2MeFix tool seems to have been blocked from fixing the infection. If Teatimer had been running that may be why. Also it is possible that MS Antispyware interferred with it (or something from AOL).

So let's first do the following to make sure they do not get in our way:
- uninstall MS Antispyware using Add/Remove programs (you can re-install later when we get finished with all fixes
- double check to make sure Teatimer is disabled. To disable TeaTimer, run Spybot and click Mode and select Advanced Mode. Then click Tools and select Resident. Now in the right window pane, uncheck TeaTimer. Also while this is open, in the left column now select IE Tweaks and then in the right pane make sure all the Miscellaneous locks are unchecked. Now quit Spybot!

Then re-run the Look2Me VX2 Removal steps and post the logs again. But this time while running them make sure you physically disconnect from the internet (unplug the cable) and make sure no browsers are opened while running the tool.

 

Something is still preventing the tool from working properly. Let's try a different approach.

Please run this Running Ewido Security Suite and attach the Ewido log.

Then boot into safe mode to do the below. Print the below instructions or save them locally. You MUST BE physically disconnect from the internet (unplug you cable) and you MUST exit all borwsers and shut down all running applications. Right click on each item in your system tray and exit or close. Shut down everything you can. Do not plug the cable back in and do not open any browsers until I say to.

Now while in safe mode we are going to run L2Mfix again but only option #2. If you cannot find it on your Desktop, then you may need to get back into normal mode and move the whole L2Mfix folder to a folder like c:\L2MFix which should be visible in safe mode.

Next DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.

Your computer will go crazy for a bit, but just let it run. It should eventually spit out a log in Notepad.

Now plug your cable back in and open your browser to come back here and post this new log from L2MeFix.

Also attach a new HJT log. Please tell me if you are getting any error messages of any kind while running steps.

 

I quote from the directions in the link I gave to you for running Ewido

For some reason the tool just keeps getting blocked on your system. I have never seen this before. Let's try another toool and we will see what happens.

Run this tool and follow the directions on the download page:

Look2Me Remover

Afterwards reboot and then post a new HJT log.

 

Okay but do you see the big difference in the Ewido log this time vs last time from normal boot mode. Notice how it now found a load of Look 2 Me problems.

Make sure during this whole procedure below that no browsers are running and no connection to the internet is available.

Please run Ewido two more times (both from safe mode) and save the log each time to a new name. (Note if the first run shows no Look 2 Me infections at all, you do not need to do the second one).

Then reboot into normal mode and run both steps in the original Look2Me VX2 Removal thread and when complete, reconnect to the internet and come back and attach those two new logs also. .

 

If this does not work, you will have to uninstall all the AOL antivirus, antispyware, and firewall software and possibly the McAfee AV too. You are probably having conflicts from this software due to multiple AVs and firewalls as stated earlier. And once bad stuff like this is on a PC, the protection tools can make it difficult to impossible to remove the bad stuff. This happens because they are monitoring the steps we are performing and to them, what we are doing looks like malware and they block what we are doing.

 

Well for some reason, L2MeFix can find the infected files in the first scan (option 1) but when it trys to repair them (option 2) it is not finding and removing the files. It happens everytime. We use this procedure dozens of time per week and it normally works. So unless you have a brand new vintage of the infection (I don't think so) this still leads me to all the stuff installed from AOL possibly getting in our way. It still looks to me like you have the olde McAfee running to as indicated by the below lines in your HJT log.

C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

Let's try one more thing and hope that it works otherwise you will have to uninstall ALL the McAfee and AOL software.

Download, install, update and run this slightly older version of Spy Sweeper: here
Save the Spy Sweeper log and post it here as an attachment.
Also post a new HJT log.

 

You're welcome! Yes it is gone. It would be helpful if you could find and upload the SpySweeper log as an attachment. I would like to see more info on what it found.

Obviously it one item was the Look2Me infection we were trying to fix but I'm wondering what was blocking L2MeFix from fixing problems.

 

You're welcome.

Well Spy Sweeper find the same files that L2MeFix was trying to repair. But Spy Sweeper was able to finish the fix which is great.

Your last HJT log was clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!