Is this the apocalypse?

Welcome to Majorgeeks!

Why didn't you run Windows Defender? If it would not run, you were supposed to run CounterSpy and attach the log from CounterSpy.

Goto Add/Remove Programs and uninstall AdwareAlert if found!

Is your copy of Spyware Doctor a paid version or free trial version?

Please run PandaActiveScan and attach the log! Then complete the below steps!

Run this Look2Me VX2 Removal and then attach the requested log.


Run the below procedure and attach the newfiles.txt log.

• Using ShowNew

Now attach a new HJT log from Normal Boot mode. You did not attach it in your last message.

 

Please install HijackThis exactly how it was requested in the READ ME and don't forget to rename it. This is very important. Then attach a new HJT log.

You also did not attach the requested log from running Look2Me Destroyer. I need the log.

Did you run ShowNew before running the Look2ME Removal???? It sure looks like the order of execution was wrong. I see dozens of things in the logs that should have been removed by Look2Me-Destroyer. Please get a new log from ShowNew and attach it.

 

Okay! That looks much better than the past ShowNew log.


Start by downloading - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate it later.


Make sure you have rebooted in Normal Mode (do not open any other processes)

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank


Copy the bold text below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\720NWU3T\drsmartload45a[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IMPYI3YF\cas2setup[1].exe[plugin.dll]
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IMPYI3YF\loader[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U2O715GF\kybrdef_7[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WNS6F26M\bbqa[1].cab[zqskw.exe]
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WNS6F26M\dfndref_7[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WNS6F26M\drsmartload292a[1].exe
C:/WINDOWS/Downloaded Program Files/RdxIE.dll
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\NDNuninstall4_94.exe
C:\WINDOWS\is-5d6eh.exe
C:\WINDOWS\rundll.exe
C:\WINDOWS\system32ghynf.exe
C:\WINDOWS\system32bez6n4r21.exe
C:\WINDOWS\system32n9nyb.exe
C:\WINDOWS\SYSTEM32\bez6n4r21.exe
C:\WINDOWS\SYSTEM32\iqqr.exe
C:\WINDOWS\SYSTEM32\n9nyb.exe
C:\WINDOWS\SYSTEM32\tsuninst.exe
C:\WINDOWS\SYSTEM32\wfxqhv.exe
C:\WINDOWS\SYSTEM32\zqskw.exe
C:\WINDOWS\SYSTEM32\redist.dll
C:\WINDOWS\SYSTEM32\w2a5caef3.dll
C:\WINDOWS\SYSTEM32\xeymi.dll
C:\GatorPatch.log
C:\kybrdef_7.exe
C:\kybrdfg_7.exe

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

After reboot use Windows Explorer to delete the below folders if found:
C:\Program Files\Common Files\okqi
C:\Program Files\System Files

Now attach a new HJT log and tell me how the steps went.

Also attach a new log from ShowNew.

Make sure you tell me how things are working now!

 

You're welcome!

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!