Hi PCHF, I am having problems with popups, i thought it was caused by a program called look2me, which i succesfully removed [or so i believe]. However since look2me's removal the popups have remained. I wonder if u can advise me on what needs removing from my HJT log.

Many Thanks

Welcome to the forum, I am sure someone will be along soon to cast their eye over your log. I have had a quick look and yup, you're pretty infected

Hang tight.

:smiley: Hi Helpme,

My welcome to you as well. We have an excellent team of techs here, and I am sure that we can remove those rlms (rotton little monsters) from your PC.

First, please carefully follow the instructions for PreWork in my signature. Make sure to save the ewido log to post back here, also make sure that your HijackThis is unzipped into its own folder and is not being run from a temp location or your desktop. Once you have posted both of the logs back here we can get started on the clean up.

Look forward to your reply,

TTFN

LGW

Hi just to update you, the Ewido scan looks like it will take a while to complete and its getting late here so ill have to update you with the logs tomorrow. Hope this doesnt inconvinience you too much!

:cheesy: Not at all! If you are cool, we are cool. LOL

That ewido scan can take a while, especially the first time. The thing is, once it starts to find infections, it needs someone to tell it to fix them. I would have you remove all of the infections except for the chance of false positives.

If you have to leave it, have it ignore all that it finds, and we will tell you what to fix when we can look over the report.

It will either be myself or Joe5 our Security Team Leader ,

Look forward to your reply,

TTFN

LGW

Hi sorry for such a delay.

Here are my 2 reports from ewido and HJT.

Look forward to your reply.

Lets clean that up.

First please download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original Hosts file.

Then download and install the trial version of Webroot SpySweeper (8.3mb)
http://www.webroot.com/shoppingcart/...011&vcode=DT02

When SpySweeper starts, please accept any prompts to update definitions.
Configure it as follows:

From the left pane, click Options
Select the Sweep Options tab & ensure the following are ticked:

*Sweep Memory
*Sweep Registry
*Sweep Cookies
*Sweep All Users accounts
*Do Not Sweep System Restore Folder
*Enable Direct Disk Sweeping
*Sweep contents of compressed files
*Sweep For Rootkits

-After that's done, select Sweep from the left pane & click on the Start button

Allow Spysweeper to reboot your machine to remove the infected files.
After rebooting, launch SpySweeper & select Results from the left pane
Click the 'Session Log' tab & choose Save to File to create a log.

Now go to add/remove programs and uninstall NewdotNet. If you don't have that option or if you have difficulties then please follow the instructions on this site

Then fix these with hjt:

When youre done please post the Spysweeper log , plus an new hjt log.