Look2Me is killing me!! Help with Removal

Please disable Spybot's Teatimer as it can get in the way of fixing things.

To disable TeaTimer, run Spybot and click Mode and select Advanced Mode. Then click Tools and select Resident. Now in the right window pane, uncheck TeaTimer.
Also while this is open, in the left column now select IE Tweaks and then in the right pane make sure all the Miscellaneous locks are unchecked.
Now quit Spybot!

Then run L2MeFix again and choose option 2 this time instead of option 1. Post the log from L2MeFix again.

Now also post a new HJT log (make sure you are in normal boot mode this time). You have more problems we need to fix.

 

You must ony use one antivirus application. You appear to be using both Symantec and AV Personal. Pick the one you prefer and uninstall the other. Do this before continuing.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O4 - HKCU\..\Run: [Aaou] C:\Program Files\ipee\othb.exe
O4 - HKCU\..\Run: [Cgvr] C:\WINDOWS\System32\w?auboot.exe
O4 - HKCU\..\Run: [Pywyv] C:\WINDOWS\system32\??stem32\msconfig.exe
O4 - HKCU\..\Run: [Tbsa] C:\Program Files\trus\astr.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\ipee <--- the whole folder
C:\Program Files\trus <--- the whole folder
C:\WINDOWS\System32\w?auboot.exe
C:\WINDOWS\system32\??stem32 <--- the whole folder! Be careful!!!! Do not delete c:\windows\system32!!!! You are looking for another subfolder within the c:\windows\system32 folder named ??stem32. The ?? could be anything. When you find the correct subfolder you should see msconfig.exe in it and probably very few other files. If you are not sure, don't delete it! Just come back and tell me what you found.

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Well your log is clean now! How are things working?

However you still have some Symantec stuff:

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Are you sure you uninstalled ALL of it? You may need to give this a run: Norton Removal Tool (SymNRT)

If that does not work we may need to do it manually.

 

Your welcome. Now to help keep you clean, follow the steps in the below:

How to Protect yourself from malware!