Jump to content


Is this still Look2Me?

  • Please log in to reply
1 reply to this topic

#1 comptips



  • New Member
  • Pip
  • 1 posts

Posted 15 July 2004 - 05:44 AM

I have reduced the number of popups, but still get IE windows coming up without even having an IE browser opened. I have run the look2me cleanup instructions, including the resetting of the hosts file -- the hosts file, however, gets reset to bad stuff within seconds of reseting it to the default.

Here is the HJT output:

Logfile of HijackThis v1.97.7
Scan saved at 1:09:59 PM, on 7/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\OldhamTurner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://oldham.webagent4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

#2 DawsonV5


    The Lurvely

  • Retired Staff - Helper
  • PipPipPip
  • 230 posts

Posted 08 August 2004 - 07:25 AM

Hi Comptips,

Whenever using hijackthis make sure that you run it in a permanet location so it is able to make backups. This also allievates any congestion that you might have by placing it on your desktop. Go to your C: drive and create a new folder called "hjt" from now on run hijackthis.exe from this location. Please make sure all browsers and windows are closed when using hijackthis.

You need to Update HiJackThis to its current version 1.98.2. Do the following:
1. Open HiJackThis, click on the Config button (bottom right corner)
2. Click on Misc. Tools (button at the top)
3. Click on *Check for online Update*
4. Check for updates often (weekly is recommended) or just before scanning.

Next I have a few questions. Is your Norton Antivirus paid and up to date? If not you can download a free AVG antivirus here: http://www.grisoft.com/us/us_index.php

Do the following:
-Double-click on the My Computer icon.
-Select the Tools menu and click Folder Options.
-After the new window appears select the View tab.
-Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
-Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
-Remove the checkmark from the checkbox labeled Hide protected operating system files.
-Press the Apply button and then the OK button.
-Now your computer is configured to show all hidden files.

Can you check the properties on this file C:\WINDOWS\System32\tighnyv.exe When was it created, and how big is the file? Also why do you think you have a Look2Me infection when there is nothing in your log that indicates it? Have you put anything on the ignore list for hijackthis? You also stated that your hosts file gets reset to bad stuff, but there is nothing in HJT indicating this aswell.

Please run a new updated scan and post your hijackthis log.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!