Help on malware, spyware, adware [look2me/hijacker/tracking cookies]

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Wednesday 22.1.2025 / 05:59

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help on malware, spyware, adware [look2me/hijacker/tracking cookies]

Browse by topic

Forums

Start a new thread

Help on malware, spyware, adware [look2me/hijacker/tracking cookies]

Jump to:

Posted

Message

Na1ya

Suspended due to non-functional email address

30. July 2006 @ 14:16

Link to this message

Recently there have been many problems with my computer. There are tons of popups. Sometimes the system turns off by itself.

---------------------------------------------------------
Ad-Aware : Scan Report
---------------------------------------------------------

Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, January 05, 2004 4:08:54 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R116 24.07.2006

References detected during the scan:
Adware.Look2Me(TAC index:7):4 total references
CmdServices(TAC index:4):3 total references
iSearch Toolbar(TAC index:4):1 total references
win32.Trojan.Dnschanger(TAC index:10):1 total references
VX2(TAC index:10):2 total references

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

1/5/2004 4:08:54 PM - Scan started. (Custom mode)

Listing running processes

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 448
ThreadCreationTime : 1/5/2004 11:16:10 PM
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 1/5/2004 11:16:14 PM
BasePriority : High

Adware.Look2Me Object Recognized!
Type : Process
Data : jtlm0731e.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\

Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\jtlm0731e.dll)

#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 1/5/2004 11:16:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 1/5/2004 11:16:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 1/5/2004 11:16:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 788
ThreadCreationTime : 1/5/2004 11:16:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1048
ThreadCreationTime : 1/5/2004 11:16:16 PM
BasePriority : Normal
FileVersion : 2.0.0.635
ProductVersion : 2.0.0.635
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:8 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1072
ThreadCreationTime : 1/5/2004 11:16:16 PM
BasePriority : Normal
FileVersion : 2.0.0.635
ProductVersion : 2.0.0.635
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:9 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1224
ThreadCreationTime : 1/5/2004 11:16:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:10 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1636
ThreadCreationTime : 1/5/2004 11:16:24 PM
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright ? RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:11 [nwnmfg_7.exe]
FilePath : C:\
ProcessID : 1644
ThreadCreationTime : 1/5/2004 11:16:24 PM
BasePriority : Normal
FileVersion : 1.00.0347
ProductVersion : 1.00.0347
ProductName : Project1
CompanyName : &#&*&$*#&*$&*#&$*&*&$*&#*&#*
InternalName : nwnmfg_7
OriginalFilename : nwnmfg_7.exe

#:12 [dfndrfg_7.exe]
FilePath : C:\
ProcessID : 1656
ThreadCreationTime : 1/5/2004 11:16:24 PM
BasePriority : Normal
FileVersion : 1.00.0164
ProductVersion : 1.00.0164
ProductName : Project1
CompanyName : &%&%&%&%%&%&%%&%
InternalName : dfndrfg_7
OriginalFilename : dfndrfg_7.exe

#:13 [kybrdfg_7.exe]
FilePath : C:\
ProcessID : 1664
ThreadCreationTime : 1/5/2004 11:16:24 PM
BasePriority : Normal
FileVersion : 1.00.0116
ProductVersion : 1.00.0116
ProductName : Project1
CompanyName : #$*&$*&#&$&*$&#&*$&*#$&*
InternalName : kybrdfg_7
OriginalFilename : kybrdfg_7.exe

#:14 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1696
ThreadCreationTime : 1/5/2004 11:16:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:15 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1836
ThreadCreationTime : 1/5/2004 11:16:26 PM
BasePriority : Normal
FileVersion : 10.00.109
ProductVersion : 10.00.109
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:16 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1956
ThreadCreationTime : 1/5/2004 11:16:27 PM
BasePriority : Normal
FileVersion : 9.2.0.79
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2003 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:17 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 408
ThreadCreationTime : 1/5/2004 11:16:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [ttraveler.exe]
FilePath : C:\Program Files\Tencent\TT\
ProcessID : 2588
ThreadCreationTime : 1/5/2004 11:17:12 PM
BasePriority : Normal
FileVersion : 2, 0, 14, 196
ProductVersion : 2, 0, 14, 196
ProductName : Tencent Traveler
CompanyName : Shenzhen Tencent Computer Systems Company Limted
FileDescription : Tencent Traveler
InternalName : Tencent Traveler
LegalCopyright : Shenzhen Tencent Computer Systems Company Limited (C)
All right reserved 2000-2004
OriginalFilename : TBrowser.EXE

#:19 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3884
ThreadCreationTime : 1/5/2004 11:42:34 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright ? Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:20 [conime.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1804
ThreadCreationTime : 1/5/2004 11:48:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Console IME
InternalName : Console
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : CONIME.EXE

#:21 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3756
ThreadCreationTime : 1/6/2004 12:01:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : guard.tmp
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\

Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\guard.tmp)

"C:\WINDOWS\system32\rundll32.exe"Process terminated successfully

#:22 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 860
ThreadCreationTime : 1/6/2004 12:08:47 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : guard.tmp
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\

Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\guard.tmp)

Memory scan result:

New critical objects: 0
Objects found so far: 3

Started registry scan

Registry Scan result:
New critical objects: 0
Objects found so far: 3

Started deep registry scan

Deep registry scan result:

New critical objects: 0
Objects found so far: 3

Started Tracking Cookie scan

Tracking cookie scan result:
New critical objects: 0
Objects found so far: 3

Deep scanning and examining files (C:)

win32.Trojan.Dnschanger Object Recognized!
Type : File
Data : A0004518.exe
TAC Rating : 10
Category : Monitoring Tool
Comment :
Object : C:\System Volume Information\_restore{36A60E72-2A74-4D17-8231-F1C107C3453E}\RP14\

iSearch Toolbar Object Recognized!
Type : File
Data : A0004519.dll
TAC Rating : 4
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{36A60E72-2A74-4D17-8231-F1C107C3453E}\RP14\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0

CmdServices Object Recognized!
Type : File
Data : A0004520.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{36A60E72-2A74-4D17-8231-F1C107C3453E}\RP14\

VX2 Object Recognized!
Type : File
Data : A0004521.dLL
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{36A60E72-2A74-4D17-8231-F1C107C3453E}\RP14\

Disk Scan Result for C:\
New critical objects: 0
Objects found so far: 7

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

Hosts file scan result:

1 entries scanned.
New critical objects:0
Objects found so far: 7

Performing conditional scans...

Adware.Look2Me Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon\notify

CmdServices Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice

CmdServices Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\cmdservice

VX2 Object Recognized!
Type : RegData
Data : explorer.exe
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe

Conditional scan result:
New critical objects: 4
Objects found so far: 11

4:17:08 PM Scan Complete

Summary Of This Scan
Total scanning time:00:08:13.390
Objects scanned:104471
Objects identified:8
Objects ignored:0
New critical objects:8

END OF REPORT

I tried to clean it out, but it just shows up the next time i scan it.
The look2me is driving me nuts. On ewido anti-spyware when i try to delete it the "error while deleting" will show. I've downloaded the L2M destroyer, but it never completely whipes it out. Every time I start my computer there's a .dll error

[ + quote]

Niobis

Senior Member

30. July 2006 @ 21:20

Link to this message

Try this.
http://www.pandasoftware.com/download/register.asp?CodigoProducto...

[ + quote]

Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

encryptme

Newbie

31. July 2006 @ 11:54

Link to this message