Please help! Computer was infested!

I've been diligently following your instructions in 'Read & Run me First' sticky and have finally cleaned up a PC running Win XP Home Editon SP2 as much as I can do alone. The problem remaining is advertising webpages open up without Internet Explorer running. It's taken two days to reach to the point where virus scans and spyware tools come up clean - after starting with 100+ problems encountered.

Attached is a hijackthis log taken after following all the steps in READ & RUN ME FIRST. Bitdefender, Trend Micro Free Online Scanner and Trojanscan all come up clean. Adaware and Spybot now also come up clean. I still have webpages opening without Internet Explorer running.

If someone would please take a look at the log and advice me on how to proceed I would be greatly appreciate it.

 

Download LSP-Fix

After download is complete, Run LSP-Fix

Check the Box labeled "I know what I'm doing" and then click on the aklsp.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move aklsp.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.

(Note: If the file aklsp.dll is already in the remove section, then just click FINISH.)

Follow the instructions in the following thread:
Look2Me VX2 Removal

Now run HijackThis and fix the following:

Post a fresh HijackThis log when finished with the above.

 

Hi and thanks for your help.
I'm not able to upload both Look2Me logs so here is the first one and the HiJackthis log.
I'll put the other Look2Me file in the next post.

It seems that Hijackthis won't fix the O20 - Winlogon Notify: entry but the file name changed.

 

I can't attach the 2nd Look2Me file - keeps saying it's already been posted in this thread....

 

Give the File a different name.

 

I renamed the file and it still will not let me upload the file...

"differentname.txt: You have already attached this file in thread : Please help! Computer was infested! "

 

OK, copy and paste it to your post.

 

Okay, I've attached it now. It was the same size as the other file so I added a line to top of the file and that seemed to have helped....

 

Download
- Pocket Killbox

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to C:\Windows\Sytem32 and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Okay, here is a fresh log

 

Please make sure System Restore is OFF.

Please make sure you have done the following:
How to view hidden, system files & folders!
Searching for Hidden Files on WinXP

Follow the insructions in this thread:
Running Ewido Security Suite

Post the Ewido log when finished.

 

None of the links in your post worked for me. I found what I hope were the correct instructions and followed them....
I was able to find the first 2 under the 'Read and Run Me first' thread.

Confirmed

Confirmed
I was able to find this topic under a thread of the same name written by chaslang. I hadn't done these instructions prior...

Done
I was able to find this topics under the thread 'NO HIJACK THIS LOG FILES BEFORE READING FIRST'

Done

Attached

When I rebooted back into normal mode Ewido Security Suite reported :Infected Object Found!
c:\windows\system32\eoentlog.dll Spyware: Look2Me
Perform Action: Clean/None - I chose Clean

Attached is also a fresh hijackthis log.

 

Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.

 

After running Spysweeper a message was displayed that said something like
Spysweeper has identified threats that cannove be removed until you Reboot. Do you wish to reboot?
While I was finishing the steps for saving the summary log the screen blanked out and came back on very dark with icons seeming to be missing, until you moved the mouse over them. Anyway once I was completed with the Spysweeper instructions I rebooted and then ran HiJackThis.

Here is the 2 attachments you asked for.

I hope I'm not speaking too soon, but it seems like you've fixed my problem!! No windows have open the entire time it took me to write this. Before I would have been interupted at least 4 times....

 

Your log is clean.

 

Thank you very much for your time and attention!