Hello everyone. I am a first time poster in dire need of help. I have been bombarded by popups for the past month or so. I used to be completely free of them until I clicked one wrong thing. Anyway, I have gone through a lot of the methods prescribed in a lot of threads and nothing seems to work for me. So it's time to bring it to the experts. Here are my logs. Thanks in advance.

Attached Files

	hijackthis.log (2.4 KB, 1 views)
	Scan report_20051219.txt.txt (858 Bytes, 1 views)

Welcome to PCHF , Feeltheforce103.


Before fixing things with HijackThis Please Do the Following:


Show hidden files and folders:

For XP:

1. On the Tools menu in Windows Explorer, click Folder Options.
2. Click the View tab.
3. Under Hidden files and folders, click Show hidden files and folders.
4. If you see a warning message, click Yes.
5. Click Apply.
6. Click OK.

Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).

How to disable system restore:

WinXP.

1. Click the Start button.
2. Right-click My Computer, and then click Properties.
3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

Please download CCleaner

And also download: http://www.simplytech.it/L2MRemover/index_e.htm


Then boot in safemode and run the Look2me remover.


Click Start>Run and type in: services.msc
Click OK
In the Services window find: Chvrvck_fdin
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK
Open HJT and click config > misc tools > ?delete an NT service?
Copy and past: Chvrvck_fdin Click OK.

After that fix these with hjt if still present:


Delete these files if still present:

C:\WINDOWS\system32\f20o0cd3ef0.dll
C:\WINDOWS\system32\dzspex.dll

And then run ccleaner.


After that reboot and post a new Ewido and hjt log please.

I followed your every instruction. There was a problem though: I was unable to run l2mremover in safe mode. It crashed over and over. So I ran that in regular mode and it deleted 2 keys. Then I went and did everything else in safemode. So far, everything is running smoothly. I don't want to jinx myself though. I just ran the logs again and the winantivirus files are still there. Here they are.

Thanks.

Attached Files

	hijackthis.log (1.9 KB, 3 views)
	Scan report_20051220.txt.txt (2.0 KB, 2 views)

The look2me remover did its job.

Only the trusted zone entry's came back , but we'll fix those to.


Copy the data from the code box below to a notepad file.

Save to the DESKTOP (so you can find it) as ALL FILES, with the name of KILLTRUSTED.REG
Then double click the file - when it asks say yes to merging with the registry.

Then post an new log to check if there gone.

Thanks a billion. You have no idea how many different scanners I went through in safe mode this month. Years of safe browsing w/"safe" browsers were erased in one click. lol. Anyway it looks like your registry program did the trick w/the safe entries. Thanks.

Attached Files

hijackthis.log (2.0 KB, 2 views)

Looks great from here

If you dont have any problems anymore then where done i think.