• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
swnlake

look2me

4 posts in this topic

I tried the destroyer.exe but it wouldn't open, please help me!!

Aware SE Build 1.06r1

Logfile Created on:Monday, May 01, 2006 3:03:55 PM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R105 26.04.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

0 Possible New Malware 0(TAC index:3):2 total references

Adware.Look2Me(TAC index:7):3 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

5-1-2006 3:03:55 PM - Scan started. (Smart mode)

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 284

ThreadCreationTime : 5-1-2006 6:54:52 PM

BasePriority : Normal

 

 

#:2 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 408

ThreadCreationTime : 5-1-2006 6:54:57 PM

BasePriority : High

 

 

Adware.Look2Me Object Recognized!

Type : Process

Data : dn0u01d9e.dll

TAC Rating : 7

Category : Adware

Comment : iieshare.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\dn0u01d9e.dll)

 

 

#:3 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 452

ThreadCreationTime : 5-1-2006 6:55:00 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:4 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 464

ThreadCreationTime : 5-1-2006 6:55:00 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:5 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 628

ThreadCreationTime : 5-1-2006 6:55:04 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 788

ThreadCreationTime : 5-1-2006 6:55:05 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1092

ThreadCreationTime : 5-1-2006 6:55:16 PM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:8 [frameworkservice.exe]

FilePath : C:\Program Files\Network Associates\Common Framework\

ProcessID : 1464

ThreadCreationTime : 5-1-2006 6:55:26 PM

BasePriority : Normal

FileVersion : 3.5.0.412

ProductName : McAfee Common Framework

CompanyName : Network Associates, Inc.

FileDescription : Framework Service

InternalName : Framework

LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.

OriginalFilename : Framework.exe

 

#:9 [mcshield.exe]

FilePath : C:\Program Files\Network Associates\VirusScan\

ProcessID : 1556

ThreadCreationTime : 5-1-2006 6:55:28 PM

BasePriority : High

 

 

#:10 [vstskmgr.exe]

FilePath : C:\Program Files\Network Associates\VirusScan\

ProcessID : 1604

ThreadCreationTime : 5-1-2006 6:55:34 PM

BasePriority : Normal

 

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1680

ThreadCreationTime : 5-1-2006 6:55:37 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [shstat.exe]

FilePath : C:\Program Files\Network Associates\VirusScan\

ProcessID : 332

ThreadCreationTime : 5-1-2006 6:56:15 PM

BasePriority : Normal

 

 

#:13 [updaterui.exe]

FilePath : C:\Program Files\Network Associates\Common Framework\

ProcessID : 340

ThreadCreationTime : 5-1-2006 6:56:15 PM

BasePriority : Normal

FileVersion : 3.5.0.412

ProductName : McAfee Common Framework

CompanyName : Network Associates, Inc.

FileDescription : Common User Interface

InternalName : UpdaterUI

LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.

OriginalFilename : UpdaterUI.exe

 

#:14 [tbmon.exe]

FilePath : C:\Program Files\Common Files\Network Associates\TalkBack\

ProcessID : 352

ThreadCreationTime : 5-1-2006 6:56:16 PM

BasePriority : Normal

FileVersion : 2.0.275.0

ProductVersion : 2.0.275.0

ProductName : TalkBack Monitor

CompanyName : Network Associates, Inc.

FileDescription : TalkBack Monitor

InternalName : TBMON

LegalCopyright : ©2003 Networks Associates Technology, Inc. All Rights Reserved.

LegalTrademarks : McAfee & Network Associates are registered trademarks of Network Associates and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. © 2003 Network Associates Technology, Inc. All Rights Reserved.

OriginalFilename : TBMON.EXE

 

#:15 [jusched.exe]

FilePath : C:\Program Files\Java\jre1.5.0_03\bin\

ProcessID : 364

ThreadCreationTime : 5-1-2006 6:56:17 PM

BasePriority : Normal

 

 

#:16 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ProcessID : 816

ThreadCreationTime : 5-1-2006 6:56:21 PM

BasePriority : Normal

FileVersion : 4.7.3001

ProductVersion : Version 4.7.3001

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

#:17 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2116

ThreadCreationTime : 5-1-2006 6:57:05 PM

BasePriority : Normal

FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

ProductVersion : 5.8.0.2469

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

#:18 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 2816

ThreadCreationTime : 5-1-2006 6:58:50 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

Adware.Look2Me Object Recognized!

Type : Process

Data : ksdlv1.dll

TAC Rating : 7

Category : Adware

Comment : iieshare.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\ksdlv1.dll)

 

 

#:19 [hpqgalry.exe]

FilePath : C:\Program Files\HP\Digital Imaging\bin\

ProcessID : 2888

ThreadCreationTime : 5-1-2006 6:58:59 PM

BasePriority : Normal

 

 

#:20 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3080

ThreadCreationTime : 5-1-2006 6:59:28 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

Adware.Look2Me Object Recognized!

Type : Process

Data : guard.tmp

TAC Rating : 7

Category : Adware

Comment : iieshare.dll.dmp

Object : C:\WINDOWS\system32\

 

 

Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\guard.tmp)

 

"C:\WINDOWS\system32\rundll32.exe"Process terminated successfully

 

#:21 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 3468

ThreadCreationTime : 5-1-2006 7:02:17 PM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

 

 

Deep scanning and examining files...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

0 Possible New Malware 0 Object Recognized!

Type : File

Data : twbyuv.dll

TAC Rating : 0

Category : Data Miner

Comment :

Object : C:\WINDOWS\system32\

 

 

 

0 Possible New Malware 0 Object Recognized!

Type : File

Data : guard.tmp

TAC Rating : 0

Category : Data Miner

Comment :

Object : C:\WINDOWS\system32\

Share this post


Link to post
Share on other sites

sorry posted the wrong info. her is the right stuff.

file of HijackThis v1.99.1

Scan saved at 10:18:25 AM, on 5/3/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\DOCUME~1\Diana\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/p/hp/us/?http://hp.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PeoplePC

F2 - REG:system.ini: UserInit=userinit.exe

O3 - Toolbar: PeoplePal Toolbar - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\PPCToolbar.dll (file missing)

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [uIUCU] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} - c:\windows\PeoplePC\hta\peopledialer.hta (file missing)

O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE

O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - C:\WINDOWS\PEOPLEPC\BIN\PAYMEN~1.DLL (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O20 - Winlogon Notify: FS Templates - C:\WINDOWS\system32\k6jslg1716.dll

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

Share this post


Link to post
Share on other sites

Why wouldn't Atribune's Look2Me destroyer open? Did you get an error message? F-Secure has a Look2ME removal tool that has been developed from their Blacklight rootkit removal tool. The link to download their tool is found in the article about Blacklight in their web blog:

http://www.f-secure.com/weblog/

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0