Look2Me and other pop-up problems after many attempts at cleaning - Ingenue

Ingenue

Hi, I'm new to the forum and I apologize for my last thread, I must've sounded a little rude. Anyway, the problem I've been having is continued pop-ups even after many attempts at cleaning my system of adware and spyware. I originally used Bazooka Spyware and went through the registry myself following instructions to remove all the adware and trojans I had. After a couple of days, I was glad to see that Bazooka was no longer detecting any problems. However, I was still receiving advertisements from Look2Me and other pop-ups prompting me to download other adware.

I got Ad-Aware and NoAdware, both of which picked up some things still on my computer. I still get pop-ups though.

I tried just adding to 'hosts' but all that did was make the pop-ups appear and go to the 'page not found' thing.

I've just downloaded Spybot S & D and it also found a few threats, but nothing about Look2Me or the other pop-ups I get (they are "c.azjmp.com," "adv1.eblocs.com," and "ads1.revenue.net" if that helps at all).

I've also been reading the threads and a few have helped me out in removing a few problems like cdlsp. I really appreciate any help you can give. Here is my Hijack Log:

Logfile of HijackThis v1.97.7
Scan saved at 3:25:08 PM, on 8/17/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\AHQ\CTMIX32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
F:\PROGRAM FILES\WINAMP\WINAMP.EXE
F:\PROGRAMS\TRILLIAN\TRILLIAN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.westchesterlibraries.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Sharedll\AHQ\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKCU\..\Run: [RamBooster] C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Startup: Drempels Desktop.lnk = C:\WINDOWS\drempels.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: ATI TV (HKLM)

Thanks again for your help.

Max

Ingenue

Problem Resolved!

I found a solution to my problem with Look2Me. Kill2Me was suggested a lot but it didn't fix the problem (it wouldn't find Look2Me files and even though it said it would still fix the problem it didn't). Ad-aware found the one file that was still producing pop-ups, but it could not delete it. "IrSetup.dll" was running under explorer so even in safemode I couldn't delete it because it was always in use. I had spent a long time removing registry values...all the programs I had...Norton AV, NoAdware, Spyware S&D, Ad-aware... found their own Look2Me files, and deleted them, but could not completely kill the adware. Apparently that one dll file was able to keep Look2Me working (giving me new adware daily that I had to delete every time I turned my computer on).

Anyway, I found Killbox at: http://www.downloads.subratam.org/KillBox.zip and it was able to delete IrSetup.dll without a problem. Everything is fine now, which is a really nice. I just felt I should write because no one responded to my thread so I assumed that maybe people weren't sure how to completely fix Look2Me (I searched other forums and no one else had an answer...I only found out about Killbox from an old thread here where someone mentioned it breifly but nothing was said about it after). Anyway, I hope this may help out anyone else having this problem.

Ingenue

Dexter

Glad you got it sorted out, sorry we didn't get to your thread sooner, it's been pretty busy in here. We have successfully fixed this problem here before as well.

Let us know if you ever need a hand wth anything else.

Dexter...