Some (extremely un-fun) info concerning Look2Me and its removal:
http://www.kephyr.com/spywarescanner...me/index.phtml

Hunterbar:
http://doxdesk.com/parasite/HuntBar.html

Have you gotten the absolutely most recent patches and fixes from Microsoft? If not, do so now- your system needs to be kept thoroughly up to date to lessen your vulnerability. Also, download and install SpywareBlaster if you haven't already; it blocks the installation of malicious programs which exploit ActiveX controls:
http://www.javacoolsoftware.com/spywareblaster.html

Can you download the following app & run it, making sure to have one internet exploder window open. Save the log & paste the results back here.
VX2Finder

hi guys! Thanks for answering! My problems have increased since I last posted. I'm writing you from a borrowed computer. I cannot turn mine on, at least, not until I get help in shutting it off. Let me explain. I have followed advice the best I could. And although Norton no longer gives me a list of adware, Spybot and Ad-Aware do. No longer do they talk about HuntBar (I'm not sure) after the last cleaning. But they still insist that I have Look2Me and DSO Exploit. Well, for the last four days, I have been having less and less Rundll32 messages as I continued to run the anti-spyware but now, my machine won't shut down! When I try to shut down, it gives me a menu that says:

This program is not responding

If I insist, t gives me a blue screen that reads as follows:

Windows
An error has occurrred. To continue: Press Enter to return to Windows or Press Ctrl + Alt + Del to restart your computer. If you do this, you will lose any unsaved information in all open applications.

File name: VWI32 (05) +000012DO Error> OE: 0028 : C02A44A8
Press any key to continue

If I press enter, it will go into a black screen and do nothing. If I try to reboot, it will do the same and give me another blue screen saying the same thing, and continue that way until I, exhausted, shut if off cold. Or if I refuse to go that route, it will go sort of into hibernation and give me a black screen with a white blinking cursor on the upper left side of the screen and stay like that forever, it will not come out of that state, (at least I don't know how to take it out of it) no matter how many times I try. So, after having done 4 or 5 cold hard shutdowns in a row, you understand that I'm fearful of turning it on until I get some more info. I will keep these instructions, thou and apply them as soon as I get more input on how to safely shut down the machine.

I went to Microsoft and asked a lot of questions, but couldn-t find a thing. I' not a technician, so I guess, I don't know where to go and what to ask in the proper lingo that will get me anwers I can understand and implement.

I get very few attempts to communicate with my computer (the firewall warns me), so I think we are getting the amount of invaders down to a few, but these are really a problem. I also tried to do a Windows update, but Microsoft told me I had the latest ones and refused to do it. I was hoping that if something has gotten corrupted, I could get it repaired that way. I don-t have my Windows ME disks, all I have a re the recovery CDs that came with the computer and those would wipe out my hard drive (my sister used hers once and she was screaming afterwards, when she lost something valuable to her.) This is the first time I don't have my Windows as part of a separate software package, and I regret it.

Can anyone help me with this? I reallyneed to get into my machine! Thank you very, very much for the help you give!
Clotilde

You need to post a hijackthis log.

Download HijackThis from here & unzip it into it's own, permanent folder, (Not a temporary folder or the desktop & not directly on your hard drive).
If you have anything disabled in MsConfig, please re-enable it/them.
Start HJT & with all browser windows closed, press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file, copy the entire contents of the text file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

http://www.downloads.subratam.org/VX2Finder9x.exe

L2M files are slightly different in 9x,
1.) Scan with the finder, select files it finds and delete them.
2.) During the deletion the utility will end both Rundll32 & explorer.exe processes, so when all files are gone.
3.) Click the restore desktop button to get the desktop back.
4.) Click UserAgent$ to delete last registry item.
5.) Clear the contents of your C:\Windows\Temp folder

Okay guys. I got Spywareblaster and SpywareGuard but it was after the fact. I will now download hijack this and see what happens. I was borrowing my sister's computer and waiting for what you guys would say about my shutdown cycle. Because I don't want to continue doing hard shutdowns but if I must, i must. Will post my log as soon as I can.
Thanks again!

Here's my HijackThis log file:

Logfile of HijackThis v1.97.7
Scan saved at 5:08:37 PM, on 6/16/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\PROGRAM FILES\SEEK ADMIN BEND\SUPPORT COAL.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CampTrans] C:\PROGRA~1\Seek Admin Bend\SUPPORT COAL.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...8106.526712963
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

Can you see what's not letting me shutdown?

I'm now going to the VX2Finder place.

Thanks! (hopefully you'll have all the info you need)

Crunchie, I downloaded VX2Finder and when I tried to run it (I have Windows ME), it said that it's currently only for NT systems and refused to run. so I guess, I'll have to remove it. I hope Add/Remove will do.

Crunchie, this link is down:

Hunterbar:
http://doxdesk.com/parasite/HuntBar.html

I got the information on Look2Me. Thank you!

I posted the first VX2Finder link B4 I knew you had W9X. The second link is for your system.
Wintools removal here.

Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :

O4 - HKLM\..\Run: [CampTrans] C:\PROGRA~1\Seek Admin Bend\SUPPORT COAL.exe

O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab

Reboot into safe mode following the instructions here & navigate to & delete the following if found:

C:\PROGRA~1\Seek Admin Bend< folder

Reboot normally.

Lop.com uninstaller.
http://lop.com/new_uninstall.exe

Try this too as you may have an old variant of look2me.
Please download Kill2Me from here & run it to remove Look2Me from your computer.