Found Spyware Look2me - Is this safe to remove?

pchelpman · 9 February 2006 at 12:17PM

Hi Huggins

Please don't bump your own posts. I know it's frustrating having to wait for replies but we are all busy folk and do remember we all help out here voluntarily. (As it happens I was out last night delivering a lecture on home and network PC security!)

I don't know why that Notepad isn't opening. It should do. Perhaps there could be a problem with your Notepad.exe file.

You could try reinstalling Notepad.exe from the XP CD just to make sure.

How many times did you try option 1 of l2mfix.exe??

It may be that the l2mfix file tool you downloaded was corrupted in some way.

Try downloading l2mfix.exe again. Whichever of the two download loactions you used last time get it from the other one.

Both are reported to be working OK this morning but, as I am not directly involved in writing the program or hosting it, I can't guarantee both will be trouble free.

Please persist, try again and let me know how you get on.

Whatever happens please run HJT and post the resulting log report if you can get Notepad to work.

Huggins · 9 February 2006 at 5:07PM

Many thx for the quick reply Pchelpman - please find my log below (PLEASE NOTE: SPLIT INTO 2 POSTS AS THE FORUM ONLY ALLOWS 1500 CHARACTERS PER POST.)

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\s288lclu1fq8.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Nls]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l8j8li1u18.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{B81EB265-5775-C6D6-9F84-0B36C0704536}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"!!00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"!!176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"!!1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"!!3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"!!40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"!!41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"!!42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"!!42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"!!42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"!!4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"!!513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"!!56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"!!59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"!!59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"!!5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"!!675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"!!764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"!!77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"!!7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"!!853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"!!85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"!!88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"!!7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"!!7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"!!7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"!!992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"!!905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"!!3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"!!83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"!!60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"!!2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"!!797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"!!2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"!!5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"!!0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"!!2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"!!2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"!!2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"!!2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"!!2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"!!2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"!!596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"!!9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"!!875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"!!40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"!!87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"!!5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"!!22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"!!91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"!!6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"!!7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"!!30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"!!169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"!!07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"!!01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"!!00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"!!7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"!!6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"!!6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"!!7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"!!00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"!!03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"!!00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"!!3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"!!0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"!!3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"!!7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"!!7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"!!67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"!!131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"!!9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"!!3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"!!871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"!!9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"!!9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"!!88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"!!08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"!!7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"!!7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"!!352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"!!0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"!!66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"!!00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"!!3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"!!9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"!!6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"!!58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"!!7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"!!888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"!!692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"!!63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"!!883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"!!8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"!!0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"!!6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"!!28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"!!8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"!!9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"!!163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"!!0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"!!62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"

Huggins · 9 February 2006 at 5:08PM

"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"!!4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"!!750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"!!10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"!!143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"!!60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"!!7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"!!0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"!!32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"!!8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"!!1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"!!0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{BE3D4542-8444-4132-A0D6-207C0414E15D}"=""
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"!!8E642F6A-D27C-439F-B2E6-10F64CFE4E7C}"=""
"{C9BBB9AD-8C50-4683-9158-0B85116231FC}"=""
"!!4DEBB4E2-CD8A-4E5D-9310-A1529C4B1EA0}"=""
"{BAD8FF17-013F-4A03-BE76-4C8C8E9490F2}"=""
"!!036D374F-78AE-447A-97B6-31D387A489EB}"=""
"!!40950107-FEA6-4d53-A65F-B2DCBA57DD58}"="Nokia Phone Browser"
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}"="Contact View"
"!!9A2C0AD3-41E3-46A1-9C48-96D02F2796F8}"=""
"{E95349C9-B10D-4319-9AEA-3F260000B81D}"=""
"{A03FA8FD-FF2F-4CAF-9B39-447E61686D4E}"=""
"!!33D0B7CC-535E-4CD0-B33A-934372B1AEFD}"="Wise-FTP Network Places"
"!!21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"
"!!2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{C1223E11-EE4B-4BA2-9983-DA57DB5AD872}"=""
"!!678509FF-A7C0-4BFC-A82D-11EC15B3410D}"=""
"!!2FCEC740-4156-4A0F-A56B-6C13BFBC6203}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BE3D4542-8444-4132-A0D6-207C0414E15D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BE3D4542-8444-4132-A0D6-207C0414E15D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BE3D4542-8444-4132-A0D6-207C0414E15D}\Implemented Categories\!!00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BE3D4542-8444-4132-A0D6-207C0414E15D}\InprocServer32]
@="C:\\WINDOWS\\system32\\oT660gjse6o60.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\!!8E642F6A-D27C-439F-B2E6-10F64CFE4E7C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!8E642F6A-D27C-439F-B2E6-10F64CFE4E7C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!8E642F6A-D27C-439F-B2E6-10F64CFE4E7C}\Implemented Categories\!!00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!8E642F6A-D27C-439F-B2E6-10F64CFE4E7C}\InprocServer32]
@="C:\\WINDOWS\\system32\\PRRFTS.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C9BBB9AD-8C50-4683-9158-0B85116231FC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9BBB9AD-8C50-4683-9158-0B85116231FC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9BBB9AD-8C50-4683-9158-0B85116231FC}\Implemented Categories\!!00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9BBB9AD-8C50-4683-9158-0B85116231FC}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\!!4DEBB4E2-CD8A-4E5D-9310-A1529C4B1EA0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!4DEBB4E2-CD8A-4E5D-9310-A1529C4B1EA0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!4DEBB4E2-CD8A-4E5D-9310-A1529C4B1EA0}\Implemented Categories\!!00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!4DEBB4E2-CD8A-4E5D-9310-A1529C4B1EA0}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BAD8FF17-013F-4A03-BE76-4C8C8E9490F2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BAD8FF17-013F-4A03-BE76-4C8C8E9490F2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BAD8FF17-013F-4A03-BE76-4C8C8E9490F2}\Implemented Categories\!!00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BAD8FF17-013F-4A03-BE76-4C8C8E9490F2}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\!!036D374F-78AE-447A-97B6-31D387A489EB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!036D374F-78AE-447A-97B6-31D387A489EB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!036D374F-78AE-447A-97B6-31D387A489EB}\Implemented Categories\!!00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!036D374F-78AE-447A-97B6-31D387A489EB}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\!!9A2C0AD3-41E3-46A1-9C48-96D02F2796F8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!9A2C0AD3-41E3-46A1-9C48-96D02F2796F8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!9A2C0AD3-41E3-46A1-9C48-96D02F2796F8}\Implemented Categories\!!00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!9A2C0AD3-41E3-46A1-9C48-96D02F2796F8}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E95349C9-B10D-4319-9AEA-3F260000B81D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E95349C9-B10D-4319-9AEA-3F260000B81D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E95349C9-B10D-4319-9AEA-3F260000B81D}\Implemented Categories\!!00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E95349C9-B10D-4319-9AEA-3F260000B81D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A03FA8FD-FF2F-4CAF-9B39-447E61686D4E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A03FA8FD-FF2F-4CAF-9B39-447E61686D4E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A03FA8FD-FF2F-4CAF-9B39-447E61686D4E}\Implemented Categories\!!00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A03FA8FD-FF2F-4CAF-9B39-447E61686D4E}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C1223E11-EE4B-4BA2-9983-DA57DB5AD872}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1223E11-EE4B-4BA2-9983-DA57DB5AD872}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1223E11-EE4B-4BA2-9983-DA57DB5AD872}\Implemented Categories\!!00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1223E11-EE4B-4BA2-9983-DA57DB5AD872}\InprocServer32]
@="C:\\WINDOWS\\system32\\DDGEST.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\!!678509FF-A7C0-4BFC-A82D-11EC15B3410D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!678509FF-A7C0-4BFC-A82D-11EC15B3410D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!678509FF-A7C0-4BFC-A82D-11EC15B3410D}\Implemented Categories\!!00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!678509FF-A7C0-4BFC-A82D-11EC15B3410D}\InprocServer32]
@="C:\\WINDOWS\\system32\\iJlmgicd.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\!!2FCEC740-4156-4A0F-A56B-6C13BFBC6203}]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!2FCEC740-4156-4A0F-A56B-6C13BFBC6203}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!2FCEC740-4156-4A0F-A56B-6C13BFBC6203}\Implemented Categories\!!00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\!!2FCEC740-4156-4A0F-A56B-6C13BFBC6203}\InprocServer32]
@="C:\\WINDOWS\\system32\\FKSRCH.DLL"
"ThreadingModel"="Apartment"

Huggins · 9 February 2006 at 5:09PM

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Thu 24 Nov 2005 1:06:34 A.... 1,022,464 998.50 K
ddgest.dll Thu 9 Feb 2006 15:33:36 ..S.R 237,159 231.60 K
gccoll~1.dll Tue 15 Nov 2005 12:12:08 A.... 126,680 123.71 K
gcunco~1.dll Tue 15 Nov 2005 12:12:06 A.... 95,448 93.21 K
gdi32.dll Thu 29 Dec 2005 2:54:36 A.... 280,064 273.50 K
hashlib.dll Tue 15 Nov 2005 12:12:08 A.... 117,976 115.21 K
l8j8li~1.dll Wed 8 Feb 2006 9:29:54 ..S.R 237,159 231.60 K
legitc~1.dll Thu 12 Jan 2006 11:32:12 A.... 543,496 530.76 K
lv4s09~1.dll Thu 9 Feb 2006 8:49:48 ..S.R 236,979 231.42 K
mshtml.dll Thu 24 Nov 2005 1:06:34 A.... 3,015,680 2.88 M
shdocvw.dll Thu 1 Dec 2005 3:59:30 A.... 1,492,480 1.42 M

11 items found: 11 files (3 H/S), 0 directories.
Total of file sizes: 7,405,585 bytes 7.06 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is D475-DAE5

Directory of C:\WINDOWS\System32

09/02/2006 15:33 237,159 DDGEST.DLL
09/02/2006 08:49 236,979 lv4s09h7e.dll
08/02/2006 09:29 237,159 l8j8li1u18.dll
31/01/2006 18:48 <DIR> DLLCACHE
09/03/2005 09:05 223,753 MWCSHEXT.DLL
09/03/2005 09:05 223,840 jt8007lme.dll
08/03/2005 16:28 223,753 lvlm0931e.dll
04/03/2005 14:23 223,753 SHFTPUB.DLL
04/03/2005 14:02 223,087 ktjql7151.dll
03/03/2005 10:41 223,087 KUDHU.DLL
01/03/2005 10:12 223,671 CNMPOBJ.DLL
28/02/2005 09:19 223,087 RUCHED32.DLL
27/02/2005 15:21 222,454 AJMPVCNO.DLL
27/02/2005 11:46 223,087 DKUTIL.DLL
27/02/2005 11:40 222,454 IX41_QC.DLL
27/02/2005 10:07 223,087 WDPCORE.DLL
25/02/2005 15:15 222,454 UIL.DLL
25/02/2005 09:35 223,087 DP7VB.DLL
24/02/2005 08:55 222,454 PLDLIB32.DLL
23/02/2005 20:57 223,493 RRND.DLL
23/02/2005 10:18 222,454 AOTXPRXY.DLL
22/02/2005 12:54 225,847 SIECLI.DLL
13/02/2005 13:20 222,454 LSX2KUSB.DLL
12/02/2005 09:53 225,847 KCDAL.DLL
11/02/2005 17:40 222,454 RBSSER.DLL
11/02/2005 08:49 225,847 CSRPOL.DLL
10/02/2005 08:54 225,847 IXSHLPR.DLL
09/02/2005 19:41 225,847 PLRFOS.DLL
09/02/2005 08:51 225,847 MJIQTZ32.DLL
08/02/2005 14:38 225,847 PXGFILT.DLL
08/02/2005 10:37 225,847 CTODM.DLL
07/02/2005 09:20 225,847 LVBVUTIL.DLL
05/02/2005 17:24 222,580 gpjql3151.dll
05/02/2005 10:06 222,580 SKLGNTFY.DLL
04/02/2005 08:21 225,847 aOmd532.dll
03/02/2005 19:02 223,052 DFSTYLE.DLL
03/02/2005 09:12 225,847 TXBYUV.DLL
02/02/2005 09:48 223,052 FHSXP32.DLL
01/02/2005 09:03 225,847 FHSRCH.DLL
31/01/2005 22:06 223,052 WR2_32.DLL
31/01/2005 12:00 225,847 RHIPXMIB.DLL
31/01/2005 08:42 223,052 PIPGASVC.DLL
30/01/2005 20:10 225,847 MYCTFP.DLL
30/01/2005 10:24 225,419 OMEPRO32.DLL
30/01/2005 09:59 225,296 BQAPI.dll
30/01/2005 09:54 225,030 KRDAL.DLL
29/01/2005 20:53 225,296 WTADEFUI.DLL
29/01/2005 10:46 225,030 AZTXPRXY.DLL
28/01/2005 08:52 225,030 FQSAPI.DLL
27/01/2005 20:07 225,030 KQDIT.DLL
27/01/2005 08:35 225,030 WBIDX.DLL
26/01/2005 19:46 225,878 TFEXT.DLL
26/01/2005 09:10 222,772 DUCPROP.DLL
25/01/2005 15:51 224,569 MBV1_0.DLL
25/01/2005 12:08 222,772 icfxeud.dll
25/01/2005 09:26 225,399 CJBINET.DLL
24/01/2005 15:18 222,772 mhvci70.dll
24/01/2005 08:43 225,399 KMDSG.DLL
23/01/2005 14:38 222,772 IWESHARE.DLL
22/01/2005 18:19 225,399 WBVEMSP.DLL
21/01/2005 07:45 225,399 CUMPSTUI.DLL
20/01/2005 15:34 225,399 VSRSION.DLL
19/01/2005 11:50 225,399 KNDCZ2.DLL
19/01/2005 09:12 224,556 NILANUI.DLL
18/01/2005 11:19 225,399 MLRMSG.DLL
18/01/2005 08:06 224,556 MDCTF.DLL
18/01/2005 07:54 225,399 SWECLI.DLL
17/01/2005 20:33 224,556 WNHBTH.DLL
17/01/2005 09:31 226,051 clm.dll
16/01/2005 16:23 224,556 LURHELP.DLL
15/01/2005 19:09 223,181 wwweb.dll
15/01/2005 10:12 224,556 RGVPSP.DLL
14/01/2005 22:46 222,587 DJNWSOCK.DLL
14/01/2005 14:42 224,556 SQMAPI.DLL
14/01/2005 08:16 222,587 COFGNT.DLL
13/01/2005 15:47 226,244 IGV6MON.DLL
13/01/2005 09:05 222,587 AGSLDP.DLL
12/01/2005 18:16 226,244 IZ50_QC.DLL
12/01/2005 09:06 222,587 DVDSKRES.DLL
11/01/2005 19:56 226,244 DBOUND3D.DLL
11/01/2005 13:10 224,882 IZAGEHLP.DLL
11/01/2005 10:36 226,244 IMSRECST.DLL
10/01/2005 15:52 224,882 KWDMAC.DLL
10/01/2005 11:59 222,900 ITRDBG32.DLL
10/01/2005 09:04 224,882 ilfxexps.dll
10/01/2005 08:53 222,900 mjvcp70.dll
09/01/2005 16:01 226,155 ILHLPAPI.DLL
09/01/2005 09:10 222,900 DDVMGR.DLL
08/01/2005 18:13 226,155 VO5DB.DLL
08/01/2005 16:29 222,812 MGFUTIL.DLL
08/01/2005 09:53 226,155 DWD8.DLL
07/01/2005 12:45 222,812 UUERENV.DLL
07/01/2005 08:21 226,155 WQERROR.DLL
06/01/2005 21:01 222,812 IVETPPUI.DLL
06/01/2005 16:40 226,155 GEDEF.DLL
06/01/2005 08:52 225,695 RCSUTILS.DLL
05/01/2005 20:03 225,695 MWHCP.DLL
05/01/2005 20:03 226,241 l64q0gh5e64.dll
05/01/2005 15:36 226,253 UERV42A.DLL
05/01/2005 08:20 225,695 VBRSION.DLL
04/01/2005 16:47 226,253 CTRSRV.DLL
04/01/2005 10:37 225,695 MYCSUBS.DLL
04/01/2005 10:31 226,253 PGP.DLL
04/01/2005 09:04 225,695 AITODISC.DLL
03/01/2005 17:05 225,695 WGI.DLL
01/01/2005 13:36 223,213 lv2209foe.dll
01/01/2005 13:30 223,213 UYHISAPI.DLL
01/01/2005 13:21 224,834 en26l1fs1.dll
31/12/2004 13:51 223,001 jt0207doe.dll
26/12/2004 10:38 225,836 wtafbdrv.dll
24/12/2004 10:11 225,836 ADAAMON.DLL
22/12/2004 17:36 222,826 dn0601dse.dll
17/12/2004 20:07 223,393 g2040cdqef0e0.dll
17/12/2004 17:09 223,393 WCPSHELL.DLL
16/12/2004 13:36 223,393 CPRPOL.DLL
15/12/2004 18:20 223,393 mpc71.dll
15/12/2004 15:37 222,594 DZSKCOPY.DLL
15/12/2004 14:25 224,043 mv44l9hq1.dll
14/12/2004 17:56 225,763 WSNMM.DLL
13/12/2004 10:57 223,295 kt66l7js1.dll
13/12/2004 09:53 223,295 CEETCFG.DLL
12/12/2004 21:57 224,968 nv2029fmg.dll
10/12/2004 10:19 224,523 h22olcf31f2.dll
24/11/2004 01:08 <DIR> Microsoft
122 File(s) 27,418,805 bytes
2 Dir(s) 67,770,527,744 bytes free

slugbreff · 9 February 2006 at 5:37PM

Huggins,

Why not run something regularly (daily) like Spybot Search and Destroy or NoAdware which both have free versions and seem between them to keep my laptop squeaky clean of Spyware. . . .

Browntoa · 9 February 2006 at 5:57PM

can people leave Huggins + pchelpman to sort this out....

pchelpman · 9 February 2006 at 7:38PM

Hi Huggins

At the end of post #12 I aked you to post a HJT log. You haven't given me one.

Please run HJT now and post the log scan.

Please also tell me if your computer is still displaying the characteristics of Look2Me/VX2 that you found in your first post.

slugbreff > Spybot is good, yes, but it won't help with Look2Me/VX2, I'm afraid.

as to the other program I think you should read this ....

http://castlecops.com/reviews-117.html

It's from CastleCops, one of the most highly respected international sites on computer issues particularly protection. Whilst this review is not directly from CC the reviews are moderated by CC and many people have made similar comments.

Huggins · 10 February 2006 at 10:13AM

Many thanks AGAIN Pchelpman and thanks for your patience to! I'm not very techie at all!

Please find the HiJack this log - I will report back shortly ref:if my comp is displaying the same symptoms/probs after running Hijack this.

Logfile of HijackThis v1.99.1
Scan saved at 09:11:18, on 10/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.onlineauto.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onlineauto.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onlineauto.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.amw.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O1 - Hosts: 1
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Wanadoo - !!8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxPro] "C:\Program Files\Prevx Pro\SAGUI.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Wise-FTP Scheduler] C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: !!04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: !!26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
O16 - DPF: !!2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: !!31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: !!406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: !!4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: !!4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139063607296
O16 - DPF: !!74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: !!7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner.cab
O16 - DPF: !!80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\!!15885F7C-D3AB-4163-85B1-771C2A33150E}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CS1\Services\Tcpip\..\!!15885F7C-D3AB-4163-85B1-771C2A33150E}: NameServer = 195.92.195.94 195.92.195.95
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\lv4s09h7e.dll
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\s288lclu1fq8.dll (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

Huggins · 10 February 2006 at 10:25AM

Just to confirm that yes I am still getting very annoying pop-up advertising for screensavers,virus scans (don't laugh!), music ringtones etc ets Approx rate of 1 per minute - obv. only when on the net. regards Huggins

pchelpman · 10 February 2006 at 10:50AM

Hi

Those l2mfix and HJT logs now give us the "before" position.

Close any programs you have open since this step requires a reboot.

1. From the l2mfix folder on your desktop, double click l2mfix.bat

2. Select option #2 for Run Fix by typing 2 and then pressing enter

3. Press any key to reboot your computer.

4. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log.

5. Copy the contents of that log and paste it back into this thread along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

The new l2mfix and HJT logs will giove us the "after" position.

When posting back please let me know how the computer is operating now.

Any better? Pop ups stopped? Anything elese wrong?

Found Spyware Look2me - Is this safe to remove?

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free