Well. I got a little bored and impatient and I created a restore point and updated Windows. It downloaded 76 updates, mostly security, including IE 7. Hope that doesn't mess things up.
This morning I ran Combofix with the above switches. It said it found Look2Me. Here is the log:
"123" - 2007-05-07 8:41:23 Service Pack 2
ComboFix 07-05.05.4.V - Running from: "C:\Documents and Settings\123\Desktop\"
Command switches used :: "/v comext"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
Granting SeDebugPrivilege to Administrators ... successful
((((((((((((((((((((((((((((((( Files Created from 2007-04-07 to 2007-05-07 ))))))))))))))))))))))))))))))))))
2007-05-07 07:52 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-05-07 07:52 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-05-07 02:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-07 01:58 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-07 01:58 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-07 01:58 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-06 01:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-05 13:22 <DIR> d-------- C:\DOCUME~1\123\APPLIC~1\Talkback
2007-05-05 13:21 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-04 12:13 60 --a------ C:\fix.bat
2007-05-04 11:56 <DIR> d-------- C:\Deckard
2007-05-04 11:18 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-03 14:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-05-02 22:48 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-05-02 22:48 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-27 22:31 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-27 22:31 <DIR> d-------- C:\DOCUME~1\123\APPLIC~1\Lavasoft
2007-04-27 22:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-07 14:56:14 -------- d-----w C:\Program Files\Messenger
2007-05-07 01:47:40 -------- d-----w C:\Program Files\ltmoh
2007-05-05 20:22:23 -------- d-----w C:\DOCUME~1\123\APPLIC~1.\Talkback
2007-04-28 05:31:17 -------- d-----w C:\DOCUME~1\123\APPLIC~1.\Lavasoft
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{aa971e4f-e1bf-491e-9d4d-a933c161e48f}"="C:\WINDOWS\system32\comext.dll" [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{e57ce738-33e8-4c51-8354-bb4de9d215d1}"="C:\WINDOWS\system32\upnpui.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /installquiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPLpr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TFNF5"
"hkey"="HKLM"
"command"="TFNF5.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosHKCW.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosHKCW"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\TOSHIBA\\Wireless Hotkey\\TosHKCW.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TouchED"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-05-07 08:43:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-05-07 8:43:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-07 08:43
C:\ComboFix2.txt ... 2007-05-06 20:59
C:\ComboFix3.txt ... 2007-05-05 09:48