Jump to content


Photo

Look2Me?, Major pop-ups, plz help


  • Please log in to reply
4 replies to this topic

#1 MrGym

MrGym

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 22 July 2004 - 01:20 AM

Hello,
I read your FAQ page and ran adaware and Spybot S&D. S&D found LOOK2ME as it does each time I run it. Adaware found several items mostly VX2 and Tracker. I continually get major pop-ups even when I am not using my browser.
Also, my computer will sometimes tell me it is low on resources when I would use Ctl/Alt/Del. At that point I may see like 20 cdhost running. I can finally continue when I close the Rundll32. Here is my recent HiJackThis log. Any help would be truly appreciated.
Thank you.
Logfile of HijackThis v1.97.7
Scan saved at 1:58:51 AM, on 7/22/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\COREL\SUITE8\PROGRAMS\DAD8.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vtm_x.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7942.7204398148
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe

#2 MrGym

MrGym

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 22 July 2004 - 12:34 PM

Bump Plz.

#3 MrGym

MrGym

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 23 July 2004 - 09:49 AM

If I did something wrong please let me know, I followed the FAQ page but am getting no response.
Thanks,
Doug

#4 MrGym

MrGym

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 23 July 2004 - 10:08 PM

BUMP

#5 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 24 July 2004 - 10:23 AM

Hi there,

Please do this first;

Download LSPfix Here

Launch the application, and click the "I know what I'm doing" checkbox.

Check all instances of 'cdlsp.dll' (and nothing else), and move them to the "Remove" pane.
Then click Finish.

Next;


Update HijackThis to version 1.98
run HijackThis
select config> misc tools and select "update online". then yes.
Run a scan and post a new Hijackthis log after you are done.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button