Thread: Look2Me infection, please help?
View Single Post
Old 08-20-2005, 05:57 PM   #1 (permalink)
jaugie
Registered User
 
Join Date: Aug 2005
Posts: 6
OS: XP


Look2Me infection, please help?
I'm using Windows XP, I have run alot of different spyware, adware, virus detectors, in save mode to remove problems. Alot of problems have been fixed, but I can not get rid of this one, Look2Me.
In normal mode, I do get a network connection dialog boxes popping up asking for a connection for "icannews.com" and "licensevify.com".
I tried ewido, microsoft spyware, spyware doctor, trojan hunter, killbox, AVG antivirus, Symantec free scanner all in safe and normal mode. And I tried Look2Me remover, did not work. The Look2Me always returns.

Here's my latest ewido log, and HJT log run from safe mode:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:09:02 PM, 8/20/2005
+ Report-Checksum: CD5A07BF

+ Scan result:

[428] C:\WINDOWS\system32\sclunirl.dll -> Spyware.Look2Me :

Error during cleaning
[1204] C:\WINDOWS\system32\cbbjmon.dll -> Spyware.Look2Me :

Error during cleaning
[1312] C:\WINDOWS\system32\cbbjmon.dll -> Spyware.Look2Me :

Error during cleaning


::Report End

-------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:10:23 PM, on 8/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jay\Desktop\Ad-Spyware

Removal\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.dwave.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://www.lavasoft.de/news/product/info/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = localhost:2323
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {DE0E750A-8D79-E3B5-760C-31501FBC6799}

- (no file)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}

- C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IE_PopupBlocker Class -

{656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Web

Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: PCTools Browser Monitor -

{B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} -

C:\Apps\Advanced System Optimizer\iehelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Ad-Aware]

"C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [freesurfer] C:\Apps\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

/STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program

Files\Creative\Launcher\CTLauncher.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program

Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program

Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [secserv.exe] C:\WINDOWS\System32\secserv.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter

4.2\THGuard.exe"
O4 - HKCU\..\Run: [Systweak Ad and Popup Blocker] "C:\Apps\Advanced

System Optimizer\adblock.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor -

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Free Surfer -

{AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\apps\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer -

{AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\apps\Free Surfer\FS20.exe
O20 - Winlogon Notify: Runonce - C:\WINDOWS\system32\sclunirl.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o.

- C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Dcfssvc - Eastman Kodak Company -

C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks -

C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -

C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZONELABS\vsmon.exe
jaugie is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here