Member Panel

joe5

First download and run this app , follow the instructions on that site please:

http://www.majorgeeks.com/Look2Me_Remover_d4856.html

Download Pocket Killbox:

http://www.atribune.org/downloads/KillBox.exe

Make sure you still have Ccleaner.

Then boot in safemode and fix these with hjt:

O4 - HKLM\..\Run: [Servicio Local] svhost.exe
O4 - HKLM\..\RunServices: [Servicio Local] svhost.exe
O4 - HKCU\..\Run: [Servicio Local] svhost.exe
O4 - Startup: desktop(2).ini
O4 - Global Startup: desktop(2).ini
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\gpl2l33o1.dll (file missing)

Now run Ccleaner.

Then still in safemode Start Killbox and place a tick next to [x]delete on reboot.
Copy this list into the windows clipboard:

C:\WINDOWS\system32\svhost.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\desktop(2).ini
C:\WINDOWS\desktop(2).ini

Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt, then click OK.

Exit Killbox and restart your PC.

And do you recoqnize this info here?

[ nsmex6.uninet.net.mx ]
inetnum: 200.33.144/21
status: reassigned
owner: Uninet S.A. de C.V.
ownerid: MX-USCV4-LACNIC
responsible: Arturo Zaldivar Mendez
address: Periferico Sur 3190
address: 01900 - Ciudad de Mxico - DF
country: MX
phone: 52 5 54907049 []
owner-c: DCA
tech-c: SRU
created: 19961107
changed: 20030708
inetnum-up: 200.33/16
nic-hdl: DCA
person: ARTURO ZALDIVAR MENDEZ
e-mail: azaldiva@REDUNO.COM.MX
address: PERIFERICO SUR 3190 ALVARO OBREG
address: 01900 - MEXICO DF - DF
country: MX
phone: 52 5 4907085 [7085]
created: 20021210
changed: 20030122
nic-hdl: SRU
person: SEGURIDAD DE RED UNINET
e-mail: abuse@UNINET.NET.MX
address: PERIFERICO SUR 3190 ALVARO OBREG
address: 01900 - MEXICO - DF
country: MX
phone: 52 55 52237234 []
created: 20030701
changed: 20030703

O17 - HKLM\System\CCS\Services\Tcpip\..\{565889F3-2058-417B-91B1-5DF73D05AE05}: NameServer = 200.33.146.202 200.33.146.194

Then please post a new hjt log to check.

Oender

Originally Posted by double_a_ron

Hi Oender,

I recommend AVG antivirus. For the first go try the full version's 30 day trial. After that, the free version should work fine and has done a great job on my machine since I first stumbled upon it.

i will try it!

Is your computer fully updated and do you have the lates service pack installed (SP4 for Win2000 and SP 2 for XP)? A lot of people don't like these because of a slight resource drain but I still recommend having them.

Yes i have al sp2 patches up to date. :hello2:

Two other programs that work very well together are Spybot S&D and Ad Aware SE ( I know that's very close to the domain name you saw when you canned that connection but I assure you it is NOT Malware ).

Sure i have both! :angel5:

Give those a try and let us know how things are.

Sure, ithink kasper is not so transparent to te system i will uninstall it!

Good luck and welcome to your new Tech Support home.

BTW, I've used Kaspersky and had a lot of trouble with it, since then I've decided that AVG Free edition was the AV for me, I still use Ewido (thanks to this site) and Trend Micro's online scan to seal up any "cracks".

Yes! he he i agree with you!

PS. Please don?t forget to watch my last HJT log! :arrow:

joe5

Originally Posted by Oender

PS. Please don?t forget to watch my last HJT log! :arrow:

Looks like you forgot to attach it.

Oender

Originally Posted by joe5

Looks like you forgot to attach it.

Ups! i forgot upload the new HJT log file.

Joe5: I do all steeps you ask me. HJT can?t delete this 2 lines:

O4 - Startup: desktop(2).ini
O4 - Global Startup: desktop(2).ini

(all this under safe mode).

I try to delete this files with killbox:

C:\WINDOWS\system32\svhost.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\desktop(2).ini
C:\WINDOWS\desktop(2).ini

im not sure if those files were deleted

thanks 2 all for your great support and effort to the PP.

Oender
MEXICO

ladygreenwitch

:smiley: Hi Oender,

Can you please do a search for those files that you tried to remove with Killbox?

LGW

Oender

Originally Posted by ladygreenwitch

:smiley: Hi Oender,

Can you please do a search for those files that you tried to remove with Killbox?

LGW

svhost.exe; svhost.exe; desktop(2).ini; desktop(2).ini

Sure the result here...

Good nite!:sleepy1:

Oender

joe5

give this a try:

Please download Process Explorer by Systernals from HERE.

Also make sure you still have KillBox by Option^Explicit from Killbox.

Then boot up in SAFE MODE and stay in safe mode (hit f8 when booting up).

Unzip Process Explorer and double click on procexp.exe

In the top section of the Process Exlporer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.
Once you see this screen click on each instance of desktop(2).ini once and then click the kill button.
After you have killed all of the desktop(2).ini's under winlogon click OK.

Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of desktop(2).ini then click the kill button.
Once you have done that click OK again.

Next run HijackThis and place a check beside each of the following:

O4 - Startup: desktop(2).ini
O4 - Global Startup: desktop(2).ini

Now click fix checked and close HijackThis.

Then still in safemode Start Killbox and place a tick next to [x]delete on reboot.
Copy this list into the windows clipboard:

C:\WINDOWS\system32\desktop(2).ini
C:\WINDOWS\desktop(2).ini

Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt, then click OK.

Exit Killbox and restart your PC.

If that doesn't work the please run an online scan here:

http://www.pandasoftware.com/products/activescan.htm

And post the log of it , also post a new hjt log after that.

Member Panel

Sponsors and Ads

Noticeboard