Help! pleeease...

Welcome to Majorgeeks!

Please do not post any logs inline especially Ad-ware logs which are rarely of any use to us. All logs must be attachments to messages. You need to run our standard cleaning procedures and MAKE SURE your follow step 3 & 7 carefully. You have multiple antivirus applications installed (see step 3) and you have HijackThis installed incorrectly (see step 7).

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Since you also have a Look 2 Me infection, start by running this: Look2Me VX2 Removal

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Look2Me-Destroyer log
  • Bitdefender
  • Panda Scan
  • HijackThis

.

 

Re: Help, please...

You must remain in one thread until your problem is fixed. I merging this back to you previous thread!

You have not complete the steps requested yet:
- step 6 Bitdefender online scan & log must be attached and this must be run BEFORE Panda
- step 7 - you installed HijakcThis exactly where it instructs you not to install it.

Run Bitdefender and attach the log!
Follow the directions in step 7 exactly, and then attach a new HJT log.

 

Did you install HijackThis properly yet??? Please make sure it is now running from:
C:\Program Files\HJT\hijackthis.exe

There are no real malware issues in your HJT log. The only items in the HJT log of concern are the use of Ares which comes bundled with malware and also the fact that you have Ares and Bit Lord always loading at startup. There is no reason why you should do this. It means you are always leaving the door to your PC open for attacks anytime it is turned on.

Here are some things you do need to do.

Login to each user account (Nebres Family, Obi-Wan Kenobi, Nogui, and others) on the PC and Reset Web Settings and empty Temp folders (as show below)

Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Empty Temp Folders

C:\Documents and Settings\Nebres Family\Local Settings\Temp <--- delete all files in this Temp folder
C:\Documents and Settings\Obi-Wan Kenobi\Local Settings\Temp <--- delete all files in this Temp folder

Do the same for all other user account that exist!


Now delete the below files if found:
C:\WINDOWS\keyboard12.exe
C:\WINDOWS\UERJIFdvcmtzdGF0aW9u\oHlLKIxSwAQWx3IXuq6R.vbs

 

You're welcome!

Are you have any further malware related issues?

 

After running all the steps in the READ ME and having nothing show up, it is unlikely (not impossible) that you have any malware causing any problems. We could run more scanning tools that may turn up some more items (they each always find a few things that others do not) but they would probably be no big deal. Usually just some stray registry entries or some benign files.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!