Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > Hijacker won't remove: Adware.Look2

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Click here to start participating now! Also, check out the New User Guide.

Hijacker won't remove: Adware.Look2

Reply to Message Icon

Name: IanS
Date: September 26, 2004 at 21:29:24 Pacific
OS: Win98
CPU/Ram: PentimumIII/256
Comment:


Subject: HijackThis log-Adware.Look2me

I'd like some advice on my Hijack This log:

My Internet Explorer is hijacked, and starts repeatedly when I don't want it to.
Norton antivirus says the infection is Adware.Look2Me, but doesn't delete the infection. Nor did earlier advice work: that was to start in safe mode and then run Adaware and Spybot S&D 1.3, along with CWShredder 1.59.1. Adaware runs in safe mode, much much of its menu is unreachable and it won't delete threats that way.
It did find and eliminate a lot of stuff (mostly cookies) in normal mode. But Adware Look2Me (Norton's classification) won't go.
I get the error message that Windows is using the file, when I attempt to delete one of the problem files by nhand. I just get an error message saying Windows isrunning it: RmASIG.DLL in C:\Windows\system.
My browser is still getting hijacked periodically, more often when I'm on line. And every time it adds another piece of spyware, but so far the programs named above clean the new pieces up.

Hijack this log:

Logfile of HijackThis v1.97.7
Scan saved at 9:01:11 AM, on 9/19/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.exe
C:\WINDOWS\SYSTEM\ATICWD32.exe
C:\WINDOWS\SYSTEM\ATITASK.exe
C:\PROGRAM FILES\SCANJET\PRECISIONSCANLT\HPPWRSAV.exe
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.exe
C:\PROGRAM FILES\CAERE\OMNIPAGEPRO80\OPWARE32.exe
C:\PROGRAM FILES\CAERE\OMNIPAGEPRO80\opware16.exe
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.exe
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\KODAK\MULTI-CARD READER\SHWICON.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.exe
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.exe
C:\PROGRAM FILES\WEB OFFER\WO.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.exe
C:\ATI\ATIDESK\ATISCHED.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.exe
C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVW32.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [hppwrsav] C:\PROGRAM FILES\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro80\opware32.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.exe
O4 - HKLM\..\Run: [Dcfssvc] c:\windows\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\Run: [ShowIcon_KODAK_KODAK Multi-Card Reader v1.13e21] "C:\Program Files\KODAK\Multi-Card Reader\shwicon.exe" -t"KODAK\KODAK Multi-Card Reader v1.13e21"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.9\THGUARD.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.exe -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.exe
O4 - Startup: ATISched.lnk = C:\ATI\ATIDESK\atisched.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.exe
O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37977.2018634259
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = texas.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = texas.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 206.127.0.3,207.207.0.3




Sponsored Link
Ads by Google

Response Number 1
Name: garyhopkin
Date: September 27, 2004 at 00:00:07 Pacific
Reply:

manual removal here:

http://www.spywareguide.com/product_show.php?id=723

Gary


0

Response Number 2
Name: Mark.UK
Date: September 27, 2004 at 02:42:08 Pacific
Reply:

Download HJT 1.98 then post your log here:

http://www.hijackthis.de/index.php?langselect=english

I think you will find a few more unwanted guests.


M


0

Response Number 3
Name: Arcaned22
Date: September 27, 2004 at 09:12:36 Pacific
Reply:

Alright to remove the adware you'll have to start up in safe mode as safe mode will let you delete it. Now I don't understand hijack this well enough to pick out the programs to delete. But if you can spot the adware and it's drivers you can fix them by deleting them in safe mode. Best luck

Jeremy


0

Response Number 4
Name: Abnormal
Date: September 28, 2004 at 03:53:43 Pacific
Reply:

Some removal information at this site

http://www.pchell.com/support/look2me.shtml

Good luck



0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More


Virus/Spyware problems New JPEG Vulnerability



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: Hijacker won't remove: Adware.Look2
XP won't load - adware? www.computing.net/answers/security/xp-wont-load-adware/21869.html

Adware can't removed objects www.computing.net/answers/security/adware-cant-removed-objects/11986.html

home page hijack - res://rcuib.dll/ www.computing.net/answers/security/home-page-hijack-resrcuibdll/12318.html