Help Me.........Please

Before we start thanks for your help.

The Story so far. I'm getting overrun by pop-ups. I have followed as far as possible the Read and run me first instructions, enabled the viewing of hidden file &c, I am usin Avira classic as an anti virus, and I've downloaded all the tools. Booted into safe mode and started to run all the tools. Ran CCleaner (logged on as each of 6 users in turn). Then ran the WMSRT again as all 6 users, it found a number of infected files and removed them.

Then the problems start Ad-Aware SE finds 3 processes, .dll's that it identifies as Adware.look2me, 1 Regkey for Surfsidekick, 2 Regdata ABeterInternet.Nail and one it calls Windows also an IE Cache entry a tracking cookie for administrator@207[1].txt. When I ask for the objects to be removed Adaware say some objects canot be removed to try closing all browser windows and run again after reboot and references the file c:\windows\system32\azaql1l51.dll I also get the desktop warning telling me windows is running in safe mode, when I reply OK My Documents folder opens.

I then went on and ran Spybot S&D Which also finds Look 2 me and a few others but crashes when I ask it to fix problems. I have tried running Kill2Me logged on as all six users, it finds no indication of Look 2 me but still runs anyway .

I then moved on to try and run Bitdefender for which I had to try and download th Java update which I couldn't do in safe mode..........but now the PC won't boot into normal mode I get the User screen select a user and after a few beeps it just hangs. Hope this is enough/not too much detail.

 

Bttt

 

Bitdefender would not run, presumably because the Java update was not loaded, the Java update won't load in safe mode! Kind of sends me round in circles. Here's a HJT log run in safemode. Thanks.

 

Hi Chas

Followed you so far, nuinstalled MSN Plus, couldn't see evidence of P2P, went to run Look2Me destroyer and it gets as far as setting itself up but does not restart itself after a minute I've tried a few times but no luck as yet.

I'm off on holiday for the next two weeks but I'll check back once I return.

Thanks

 

Yeah, sorry, messenger plus!

 

hi there, thanks for your patience, I am now back from my holidays and ready to recommence the battle.

I have followed all the steps so far. Look2Me destroyer would only run in normal mode, but found and removed an infection. Q00logic ran fine and again successfully removed the infection. a number of the Hijack this! entries had dissapeared as you suggested but the others were fixed. I then went in to safe mode and tried to delete the files as requested. The SurfSideKick folder will not allow me to delete it, I have changed the properties to remove read only, it does not appear in the task list, but still it says the program may be in use. Same happens with repairs303169590.dll. Anyway followed through the rest of the steps. things seem to have improved although I've still not tried to reconnect the PC to the internet as I am concerned that SurfSideKick is still lurking around the system. Here is the latest Hijack This log.

 

Please download Brute Force Uninstaller to your desktop. http://www.majorgeeks.com/Brute_Force_Uninstaller_BFU_d4714.html

• Right-click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk ( C: ) or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE http://downloads.subratam.org/Lon/sidekickFix.bat and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix by LonnyRJones.
Save it in the same folder you made earlier (c:\BFU).

Please close ALL other open windows & explorer folder's, then double-click on sidekickFix.bat. Click YES and follow the prompts, when prompted to restart the PC please do so.

Delete the contents of C:\!KillBox.

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Post a fresh HijackThis log.

 

We seem to be making some real progress here, thanks.

Followed all your instructions, that seems to have got rid of SurfSideKick, the only hiccough was the C:\!killbox folder did not exist, or I couldn't find it. All the other steps were OK.

Here's the latest HJT Log, we seem to be almost back to normal although I still get a pop-up telling me about WinAntiVir?

 

Rename hijackthis.exe to analyse.exe.

Post a new HijackThis log.

There are still several infections showing in your log, I just want to make sure Vundo isn't hiding form us. The purpose for renaming hijackthis.

 

Renamed HijackThis to analyze, here is the log.

 

Download
- Pocket Killbox

<< The installed version of Java on this compter is out-dated. Install version 1.5.0_07 available from http://www.java.com/en/download/manual.jsp. Uninstall all older versions of Java on your computer, before installing the latest version of Java. >>

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

followed all steps, everything worked OK except the uninstall of the old Java version, it's still there and I've installed the new version. Ran CCleaner and cleanmgr in all user profiles, just in case. Here is the latest HJT log.

 

Your HijackThis log, appears to be clean.

How is your computer running?

 

Seems to be running OK now. I've done a couple of virus scans and spybot all seem clean......here's hoping. Thanks for your help.

 

Flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.