spyware help!!

Please read the Announcement at the top of everypage in the Spyware Forum. Also please read and follow the sticky thread guidelines.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Just complete the steps I gave you so we can get to the root of your problems.

 

You did not extract HijackThis from the ZIP file as I requested. You are running it directly from the ZIP file as show by your log:
C:\DOCUME~1\TOMMYM~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

You must extract the HijackThis.exe file from the ZIP file and put it into the folder suggested.

Download LSP - Fix

Now run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the aklsp.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move aklsp.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.
If the file is already in the Remove section, just click finish.


Now download the following tool: L2MeFix Tool

Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. DoubleClick l2mfix.bat and Type 1 and ENTER to select Option #1 for Run Find Log . Allow it as much time as it needs to run until NotePad opens with a log.

NOTE: Please do not run any other options or files in the l2mfix Folder!

Get a new HijackThis log.
Now come back here and post the l2mfix log and the new HJT log as attachments.

Please DO NOT REBOOT after scanning for these logs!! Otherwise problems may mutate and spread. Wait for me to get back to you with the next steps.

 

Run HijackThis and select the below two lines and then click Fix:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)

Go to the L2MFix Folder on your Desktop and DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.
Your computer will go bazonkers (now there's a great technical term!) for a bit, but just let it run. It should eventually spit out another log in Notepad. Please attach that log.

Again, don't run any other files in the L2MFix folder.

 

You're welcome! Okay that fixed some problems. Please post a new HJT log. How are things running right now?

 

That looks clean! I would just do two more things:

1) Please download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

2) Complete all the steps in the below thread to help keep you clean:
How to Protect yourself from malware!

 

You're welcome! You can buy a Majorgeeks teashirt or sweatshirt. Also, an email of appreciation to the owners (see there names and email addresses here: http://www.majorgeeks.com/page.php?id=2 ) is always appreciated. Also send your friends here.