Long time reader, first time poster...Big time problem...

[Sting36e]

Hello, folks.

I'd just like to say that I have been coming here for quite some time and never even needed to make a single post because you had all the answers waiting for me, and I should thank you all a great deal for that. One of the finest communities on the web, and I'm proud to say I've linked at least a couple of dozen people to these boards, if not more. They all have recieved great help as well.

This time, however, I don't think I am capable of helping myself, and I think I require the assistance of a pro. I myself, while having been able to help myself before, really have very little knowledge of this stuff. Now, I did almost everything in the READ ME AND RUN ME FIRST thread, a few things I was not able to do. I think I know which malware problems I have, I am just unsure of how to rid myself of them, and I'd rather not take a chance and delete something important.

Anyway, I have attached my HiJack This log file, hopefully someone can find the time to help me as this site has many many times before.

Thanks, all the best...

-Eric

[bjgarrick]

I need the logs from the two online scans listed in the READ ME.

Quote:

6: Online Virus And Trojan Scanning

Please run the below two online scanning tools and make sure you save and attach the logs later to any request for help that you post. From step 5 you should already be in safe mode but you will need to reconnect your cable now and possibly reboot and choose Safe Mode with Networking Support. If you cannot connect in safe mode for any reason (like dial-up users), run the online scanners in normal boot mode. You will need to use Internet Explorer to run these online scans.

*** MAKE SURE YOU RUN BITDEFENDER BEFORE PANDA ACTIVE SCAN ***

• Bitdefender agree to the license and then select Scan. Once Bitdefender completes the scan:
  
  Click-on Click here to view the report
  
  When the window comes up with the report. Click File, Save As.... and then change the Save as type to Text File (*.txt)
  
  Change the file name to something short like bdscan1.txt
  
  Then save it to your Desktop or anywhere else you can find it to upload here as an attachment.
  
  Post the bdscan1.txt file as an ATTACHMENT.

• Panda ActiveScan It will only fix certain viruses and trojans. Most items found will not be fixed. When it finishes the scan click on See Report . Then in the next window click Save Report. The default report name is Activescan.txt. Just save it where you can find it so you can attach to your message when you begin a thread with a request for help.
  

Then, please see the below thread on running the L2MeFix Tool.

• Look2Me VX2 Removal

[Sting36e]

I wasn't able to run either unfortunately. In the BitDefender case, it just didn't allow me to click on the button to begin the scan. It was as if it wasn't a link to something, just a picture on the page. In the Panda case, once it got to the part where it told me to choose a device, I would, and nothing happened. The Int. Explorer stat us bar would say Error. I don't know what to do about either.

[bjgarrick]

Quote:

Originally Posted by Sting36e

I wasn't able to run either unfortunately. In the BitDefender case, it just didn't allow me to click on the button to begin the scan. It was as if it wasn't a link to something, just a picture on the page. In the Panda case, once it got to the part where it told me to choose a device, I would, and nothing happened. The Int. Explorer stat us bar would say Error. I don't know what to do about either.

Okay, just run the Look2Me VX2 Removal thread then post a fresh HJT log.

[Sting36e]

All right, first, here are my two logs after the Look2Me VX2 Removal thread...I hope I did this correctly.

[bjgarrick]

Next, see the below threads on how to install and run Spy Sweeper and Ewido Anti-Malware. After you ran both programs, attach the logs to your next post along with a fresh HJT log from normal mode.

• Running Spy Sweeper...
  
  
• Running Ewido Security Suite ...

[Sting36e]

...And here is a fresh copy of the HJT log

Something tells me I made a mistake.

[bjgarrick]

Quote:

Originally Posted by Sting36e

...And here is a fresh copy of the HJT log

Something tells me I made a mistake.

Looks as if it were removed but you have other issues we need to address as well. Go ahead and run the two programs in my previous post and attach those logs and we will go from there.

[Sting36e]

I was unable to post these until now, but here they are. Nothing else was done to the computer except as instructed in those two threads.

[Sting36e]

Bump.

[bjgarrick]

Download AproposFix© by Swandog46

Save it to your desktop or to another folder of its own, but do NOT run it yet!

Now reboot your computer in Safe Mode! (You must be in safe mode or this fix will not work.)

Once in Safe Mode, double-click aproposfix.exe which will give you a chice of where to unzip/install the program to). This is called the Destination folder in the window that popsup. So either install it to the Desktop or the folder where you downloaded the aproposfix.exe file to. It will create a new folder named aproposfix. Open the aproposfix folder and double click on RunThis.bat to run the fix. Follow the prompts.

When the tool is finished, reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file that has been created in the aproposfix folder.

[Sting36e]

I'm sorry, I had to go away suddenly for a few days. Anyway, here are the two logs. Hope there isn't much more, if anything, that needs to be done.

Thanks again.

[bjgarrick]

Please look in Add/Remove Programs for the following and uninstall them if found:

Ewido

Spy Sweeper

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:[/FONT][/B]

eee2.exe

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

R3 - URLSearchHook: (no name) - {62F67E15-99DA-CD09-A669-EB2B5B9DD897} - C:\WINDOWS\System32\ivosr.dll (file missing)

O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
O4 - HKCU\..\Run: [Obme] "C:\Program Files\imat\oaao.exe" -vt mt

O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com

O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\f4l0le3m1h.dll (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\imat ← Delete this whole folder if it exist!

C:\WINDOWS\eee2.exe

Next, run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

• Temporary Files
• Temporary Internet Files
• Recycle Bin

And Click OK.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.