Popups=lame!!! Help!!!!

FistiCuffs · Nov 22, 2005

Alrighty. well i have this stupid freaking virus and/or adware and/or spyware. i dont know what to do!! i have run numerous virus spyware and adware scans with the programs you suggested. but none of them got rid of it. i took the tutorial on basic removal of spyware and trojans. i did it, but still with these popups. here is my Hijack This log. i dont know what to do with it but you probably do. so here you go, i hope you can help.

FistiCuffs · Nov 22, 2005

heres the hijack this log.

chaslang · Nov 22, 2005

You have a Look2Me problem.

Give this a run: Running Spy Sweeper...

Make sure you attach the Spy Sweeper log when finished and also attach a new HJT log too.
It will take quite awhile for the Spy Sweeper scan to run. It is very intensive and should resolve your Look2Me problems.

After that we a have few malware services to remove from your PC.

chaslang · Nov 22, 2005

After completing the SpySweeper scan from my previous message continue with the below before actually posting another HJT log.

We need to get these three services removed:

O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe

Here is how we will remove the services.

1) Deleting NTBOOTMGR

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to NTBOOTMGR (or if not found look for NTBOOT) ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste NTBOOTMGR into the box that opens, and press "OK". If that does not work try entering the short name: NTBOOT

2) Deleting NTLOAD

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to NTLOAD then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste NTLOAD into the box that opens, and press "OK".

3) Deleting NTSVCMGR

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to NTSVCMGR then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste NTSVCMGR into the box that opens, and press "OK".

Now exit HJT and then reboot. After reboot post a new HJT log so we can continue with the cleanup.

Log in or Sign up

Popups=lame!!! Help!!!!

FistiCuffs Private E-2

FistiCuffs Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

chaslang MajorGeeks Admin - Master Malware Expert Staff Member