Need help please

I tried doing all the steps and I still have pop ups every 30-45 seconds. I have my HJT log attached

 

You skipped a couple of steps. Microsoft Antispyware has not been installed and ran. The online BitDefender sacn has not been run.

Run the Microsoft Windows Malicious Software Removal Tool (this can only be used with Windows 2000/XP/2003)

Run the other scans per our tutorial.

Post a fresh HijackThis log, the BitDefender and Panda ActiveScan logs.

 

As SPD stated you skipped the steps below so run these scans along with the Microsoft Windows Malicious Software Removal Tool.

 

it's going to be a while it looks like because it wont load anything now, its locked up...i will try restarting and see if that helps

 

Run the Microsoft tool first to remove the WORM and then run the online scans.

 

i ran the microsoft tool, it deleted on thing, now im running bitdefender, its been going for 30 minutes and has another hr, then i will run panda and hackthis again. as long as im awake

 

Okay, I will be awaiting your logs.

 

I did the microsoft scan and bitdefender panda scan wouldn't work though. Here is the updated HJT log as well

 

Download the file below and save to your desktop.

Look2Me/VX2 Uninstaller

Extract the contents of this ZIP file. Locate the file "Look2Me&VeryLince-UnInstaller.exe" and double click to run it. If prompted enter the key below to procede with the uninstall.

Key: e1ykBYnzLsN7


After you complete the above, reboot and attach a fresh HJT log.

 

it won't let me access the page that the link goes to it brings up

jcd1006, you do not have permission to access this page. This could be due to one of several reasons:

1. Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
2. If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

 

Download the attachment from this post and run it this way. When prompted enter the key below.

Key: e1ykBYnzLsN7


After you complete the above, reboot and attach a fresh HJT log.

 

now it says key is invalid

 

Okay, lets just skip it all together for now.

Download and run the below, I would like to see if it works. After you run the scan, reboot and attach the log if possible with a fresh HJT log.

Look2Me Remover

 

here is the new HJT log

 

i think that took care of it...do I need to do anything special or is it clean now?

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft System Support] spool.exe
O4 - HKLM\..\RunServices: [Microsoft System Support] spool.exe
O4 - HKCU\..\Run: [Microsoft System Support] spool.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - Global Startup: xqwx.exe

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Common Files\VCClient ← Delete this whole folder if it exist!

C:\WINDOWS\system32\spool.exe

Next, run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

• Temporary Files
• Temporary Internet Files
• Recycle Bin

And Click OK.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

just to clarify, do i reboot in normal mode before disabling restore pts? or reboot into safe mode again? thanks for all of this

 

Reboot into normal mode and attach a fresh HJT log. We are thru in safe mode.

 

here it is after all of that, no pop ups as of now...do you suggest i keep one of the spyware removers on my computer and if so which one? Thank you again for all the help, you are a life saver.

 

It doesn't appear you ran the fix, everything is still there. Let's dig a little deeper before we try another fix. Unless you bought CounterSpy, uninstall it for now so it will not block anything.

Please see the below thread on how to run WinPfind and attach the log.

• Running WinPfind by OldTimer

 

i ran the fix, i guess it just came back or something...i am running winpfind right now...norton just pulled up jagadsm( i think that is how it was spelled) saying it just found it and I'm not d.ling or installing anything just running that and on here in firefox.

 

here is that scan results

 

Run the Look2Me Remover one more time and attach a fresh WinPFind log, I still see some Look2Me/VX2 files.