Hi, I have been getting ad popups constantly so I scan my computer with ad-aware and find adware. I can delete all of the adware but two, both adware.look2me, I've tried using regedit to delete the files, but the file keeps coming back, even after deleting all files of that name. They are both .dll files in my WINDOWS\SYSTEM folder and they both seem to create new adware and copies of themselves. I have no idea what to do now, what do you recommend doing?
Here is the Logfile
Thanks
---------------------------------------
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, June 25, 2006 10:15:55 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R112 15.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Look2Me(TAC index:7):2 total references
CoolWebSearch(TAC index:10):28 total references
MRU List(TAC index:0):18 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
6-25-2006 10:15:55 AM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : .DEFAULT\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279205167
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294948315
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294954863
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE
#:4 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294844527
Threads : 2
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:5 [SSDPSRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294860951
Threads : 4
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : SSDP Service on Windows Millennium
InternalName : ssdpsrv.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : ssdpsrv.exe
#:6 [STIMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294877191
Threads : 5
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : STIMON.EXE
#:7 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294887387
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk
#:8 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294784955
Threads : 32
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE
Adware.Look2Me Object Recognized!
Type : Process
Data : DO3J.DLL
TAC Rating : 7
Category : Adware
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\DO3J.DLL)
#:9 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294789539
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
Adware.Look2Me Object Recognized!
Type : Process
Data : MLRSERV.DLL
TAC Rating : 7
Category : Adware
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\MLRSERV.DLL)
#:10 [STMGR.EXE]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294825567
Threads : 4
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft ® PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft ® PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe
#:11 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294749951
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:12 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294739263
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE
#:13 [MMKEYBD.EXE]
FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4294756315
Threads : 4
Priority : Normal
FileVersion : 3.2.1.9
ProductVersion : 3.2.1.9
ProductName : One-touch Multimedia Keyboard
CompanyName : Netropa Corp.
FileDescription : One-touch Multimedia Keyboard
InternalName : MMKEYBD
LegalCopyright : Copyright © 1995-2000 Netropa Corp.
All Rights Reserved.
OriginalFilename : MMKEYBD.EXE
#:14 [HPSYSDRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294745363
Threads : 1
Priority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe
#:15 [HP_FINDER.EXE]
FilePath : C:\WINDOWS\OPTIONS\CABS\LOGITECH\
ProcessID : 4294662027
Threads : 1
Priority : Normal
#:16 [DIRECTCD.EXE]
FilePath : C:\PROGRAM FILES\ADAPTEC\DIRECTCD\
ProcessID : 4294741011
Threads : 1
Priority : Normal
FileVersion : 3.01e (187S)
ProductVersion : 3.01e (187S)
ProductName : DirectCD
CompanyName : Adaptec
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 1996-2000 Adaptec, Inc.
OriginalFilename : DirectCD.EXE
#:17 [HPCMPMGR.EXE]
FilePath : C:\PROGRAM FILES\HP\HPCORETECH\
ProcessID : 4294679703
Threads : 4
Priority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe
#:18 [QTTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294667331
Threads : 2
Priority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:19 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294674007
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe
#:20 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294697055
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE
#:21 [AVGCC.EXE]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\
ProcessID : 4294588555
Threads : 5
Priority : Normal
FileVersion : 7,1,0,381
ProductVersion : 7.1.0.381
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:22 [AVGEMC.EXE]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\
ProcessID : 4294661567
Threads : 6
Priority : Normal
FileVersion : 7,1,0,371
ProductVersion : 7.1.0.371
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:23 [AVGAMSVR.EXE]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\
ProcessID : 4294618459
Threads : 4
Priority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:24 [HPWUSCHD.EXE]
FilePath : C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\
ProcessID : 4294610771
Threads : 1
Priority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe
#:25 [RunDLL.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294637007
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft® Windows® Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
#:26 [KEYBDMGR.EXE]
FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4294695767
Threads : 1
Priority : Normal
FileVersion : 3.0.0
ProductVersion : 3.0.0
ProductName : Keyboard Manager
CompanyName : Netropa Corp.
FileDescription : Keyboard Manager
InternalName : Keyboard Manager
LegalCopyright : Copyright © 2000, Netropa Corp.
OriginalFilename : KeybdMgr.exe
#:27 [TEATIMER.EXE]
FilePath : C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\
ProcessID : 4294832947
Threads : 3
Priority : Idle
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.
#:28 [OSD.EXE]
FilePath : C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\
ProcessID : 4294697563
Threads : 1
Priority : Normal
FileVersion : 2.01
ProductVersion : 2.01
ProductName : Onscreen Display
CompanyName : Netropa Corp.
FileDescription : Netropa™ Onscreen Display
InternalName : OSD
LegalCopyright : Copyright © 2000 Netropa Corp.
OriginalFilename : osd.exe
#:29 [MMUSBKB2.EXE]
FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4294562323
Threads : 1
Priority : Normal
FileVersion : 1.1
ProductVersion : 1.1
ProductName : USB Multimedia Keyboard Driver 2
CompanyName : Netropa Corporation
FileDescription : USB Multimedia Keyboard Driver 2
InternalName : mmusbkb2
LegalCopyright : Copyright © 1998-1999 Netropa Corporation
OriginalFilename : mmusbkb2.exe
#:30 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294466675
Threads : 2
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:31 [FIREFOX.EXE]
FilePath : C:\PROGRAM FILES\MOZILLA FIREFOX\
ProcessID : 4294483851
Threads : 5
Priority : Normal
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : File
Data : WQBVW.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : CSBVIEW.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : wgpdxm.dll
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : aeisynth.dll
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : MRC71FRA.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : mxjetoledb40.dll
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : RCCLTS3.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MJIEFTP.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MCIHRNSP.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : OABCCONF.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : SGRMDLL.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : EUTIER2.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MPAPSSPC.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MYPRINT.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MWRD3X40.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : LEBMYSQL.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : VTMDBG.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MDRATING.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : OWDBSE32.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : UODM32.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : SRCUR32.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MYPP32.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : AADCXC32.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : IDETCOMM.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : UGRAR3.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MOUNI10.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : RTVPSP.1
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 47
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 47
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : File
Data : hosts
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 48
10:35:52 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:19:57.760
Objects scanned:202466
Objects identified:28
Objects ignored:0
New critical objects:28
Full Version: adware that won't delete
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
ad-aware user,
please can you clear out your cache folder ie: temporary internet folder There are some free programs that you can use that will do that for you if needed like
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
also in the settup of CCleaner The LS Staff would perfuer if you un-tick (un-check) "Utilities" (i.e., Ad-Aware, ewido and other security program logs.)at leat till your pc is clean of spyware/malware
now use the WebUpDate
(to make sure you are upto date) if you want to clean your PC then scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
GRAFX
please can you clear out your cache folder ie: temporary internet folder There are some free programs that you can use that will do that for you if needed like
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
also in the settup of CCleaner The LS Staff would perfuer if you un-tick (un-check) "Utilities" (i.e., Ad-Aware, ewido and other security program logs.)at leat till your pc is clean of spyware/malware
now use the WebUpDate
(to make sure you are upto date) if you want to clean your PC then scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
GRAFX
Ok I ran CCleaner, and restarted then ran Ad-Aware, but when I went to delete it said deleting... and the bar just sat there at full for a long time but I did get the log. (I still have the constant adware popups as well.)
--------------------------------------------------
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, June 25, 2006 3:49:04 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R112 15.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Look2Me(TAC index:7):2 total references <-----------------------this one will not delete
CoolWebSearch(TAC index:10):30 total references
MRU List(TAC index:0):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
6-25-2006 3:49:05 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : .DEFAULT\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279176155
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft� Windows� Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright � Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294921531
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft� Windows� Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright � Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294960791
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft� Windows� Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright � Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE
#:4 [STMGR.EXE]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294850527
Threads : 4
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft � PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft � PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright � Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe
#:5 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294963151
Threads : 16
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft� Windows � 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright � Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE
Adware.Look2Me Object Recognized!
Type : Process
Data : DO3J.DLL
TAC Rating : 7
Category : Adware
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\DO3J.DLL)
#:6 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294772375
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft� Windows� Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright � Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
Adware.Look2Me Object Recognized!
Type : Process
Data : DKKMAINT.DLL
TAC Rating : 7
Category : Adware
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\DKKMAINT.DLL)
#:7 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294893311
Threads : 2
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9
Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : File
Data : WOASERVC.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : MUCN30.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : MLRSERV.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : AWYCFILT.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : RYSAPI32.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : GKDEF.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : LYCMP11n.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : pghreadVC.dll
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : RCCLTS3.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MJIEFTP.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MCIHRNSP.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : OABCCONF.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : EUTIER2.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MPAPSSPC.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MYPRINT.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MWRD3X40.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : LEBMYSQL.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : VTMDBG.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MDRATING.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : DAGHELP.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : OWDBSE32.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : UODM32.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : SRCUR32.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MYPP32.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : AADCXC32.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : IDETCOMM.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : UGRAR3.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MOUNI10.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : RTVPSP.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 38
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : File
Data : hosts
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 39
4:00:04 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:59.820
Objects scanned:201573
Objects identified:30
Objects ignored:0
New critical objects:30
--------------------------------------------------
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, June 25, 2006 3:49:04 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R112 15.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Look2Me(TAC index:7):2 total references <-----------------------this one will not delete
CoolWebSearch(TAC index:10):30 total references
MRU List(TAC index:0):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
6-25-2006 3:49:05 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : .DEFAULT\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279176155
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft� Windows� Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright � Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294921531
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft� Windows� Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright � Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294960791
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft� Windows� Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright � Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE
#:4 [STMGR.EXE]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294850527
Threads : 4
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft � PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft � PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright � Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe
#:5 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294963151
Threads : 16
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft� Windows � 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright � Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE
Adware.Look2Me Object Recognized!
Type : Process
Data : DO3J.DLL
TAC Rating : 7
Category : Adware
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\DO3J.DLL)
#:6 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294772375
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft� Windows� Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright � Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
Adware.Look2Me Object Recognized!
Type : Process
Data : DKKMAINT.DLL
TAC Rating : 7
Category : Adware
Comment : Muxdm.dll.dmp
Object : C:\WINDOWS\SYSTEM\
Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\SYSTEM\DKKMAINT.DLL)
#:7 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294893311
Threads : 2
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9
Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : File
Data : WOASERVC.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : MUCN30.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : MLRSERV.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : AWYCFILT.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : RYSAPI32.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : GKDEF.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : LYCMP11n.DLL
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : pghreadVC.dll
TAC Rating : 10
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
CoolWebSearch Object Recognized!
Type : File
Data : RCCLTS3.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MJIEFTP.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MCIHRNSP.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : OABCCONF.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : EUTIER2.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MPAPSSPC.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MYPRINT.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MWRD3X40.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : LEBMYSQL.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : VTMDBG.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MDRATING.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : DAGHELP.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : OWDBSE32.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : UODM32.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : SRCUR32.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MYPP32.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : AADCXC32.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : IDETCOMM.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : UGRAR3.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : MOUNI10.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
CoolWebSearch Object Recognized!
Type : File
Data : RTVPSP.0
TAC Rating : 10
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 38
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : File
Data : hosts
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 39
4:00:04 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:59.820
Objects scanned:201573
Objects identified:30
Objects ignored:0
New critical objects:30
ad-aware user
Please download Look2Me-Destroyer toyour desktop
Now Close all windows before continuing
Double-click Look2Me-Destroyer.exe to run it
Put a Tick (check) next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
GRAFX
Please download Look2Me-Destroyer toyour desktop
Now Close all windows before continuing
Double-click Look2Me-Destroyer.exe to run it
Put a Tick (check) next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
GRAFX
Ok, I downloaded look2me destroyer.exe, and it's on my desktop but when I check that box, it never returns.
What am I doing wrong?
What am I doing wrong?
ad-aware user,
ok can you redownload it just to be sure that the copy you got was not corrupt but if you find that the same thing happens then can you clear out your cache folder ie: Run CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
also in the settup of CCleaner The LS Staff would perfuer if you un-tick (un-check) "Utilities" (i.e., Ad-Aware, ewido and other security program logs.)at leat till your pc is clean of spyware/malware.
Then run the Look2Me-Destroyer.
GRAFX
ok can you redownload it just to be sure that the copy you got was not corrupt but if you find that the same thing happens then can you clear out your cache folder ie: Run CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
also in the settup of CCleaner The LS Staff would perfuer if you un-tick (un-check) "Utilities" (i.e., Ad-Aware, ewido and other security program logs.)at leat till your pc is clean of spyware/malware.
Then run the Look2Me-Destroyer.
GRAFX
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.