i have tried all of the suggestions given to all other posters but nothing worked. i get the changing file and the guard.tmp every time. i have tried in safe mode also. i have been at this for a week. help!!!
Aware SE Build 1.06r1
Logfile Created on:Monday, May 01, 2006 3:03:55 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R105 26.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 Possible New Malware 0(TAC index:3):2 total references
Adware.Look2Me(TAC index:7):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-1-2006 3:03:55 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 284
ThreadCreationTime : 5-1-2006 6:54:52 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 408
ThreadCreationTime : 5-1-2006 6:54:57 PM
BasePriority : High


Adware.Look2Me Object Recognized!
Type : Process
Data : dn0u01d9e.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\dn0u01d9e.dll)


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 452
ThreadCreationTime : 5-1-2006 6:55:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 464
ThreadCreationTime : 5-1-2006 6:55:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 628
ThreadCreationTime : 5-1-2006 6:55:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 788
ThreadCreationTime : 5-1-2006 6:55:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1092
ThreadCreationTime : 5-1-2006 6:55:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [frameworkservice.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 1464
ThreadCreationTime : 5-1-2006 6:55:26 PM
BasePriority : Normal
FileVersion : 3.5.0.412
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:9 [mcshield.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 1556
ThreadCreationTime : 5-1-2006 6:55:28 PM
BasePriority : High


#:10 [vstskmgr.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 1604
ThreadCreationTime : 5-1-2006 6:55:34 PM
BasePriority : Normal


#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1680
ThreadCreationTime : 5-1-2006 6:55:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [shstat.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 332
ThreadCreationTime : 5-1-2006 6:56:15 PM
BasePriority : Normal


#:13 [updaterui.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 340
ThreadCreationTime : 5-1-2006 6:56:15 PM
BasePriority : Normal
FileVersion : 3.5.0.412
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe

#:14 [tbmon.exe]
FilePath : C:\Program Files\Common Files\Network Associates\TalkBack\
ProcessID : 352
ThreadCreationTime : 5-1-2006 6:56:16 PM
BasePriority : Normal
FileVersion : 2.0.275.0
ProductVersion : 2.0.275.0
ProductName : TalkBack Monitor
CompanyName : Network Associates, Inc.
FileDescription : TalkBack Monitor
InternalName : TBMON
LegalCopyright : ©2003 Networks Associates Technology, Inc. All Rights Reserved.
LegalTrademarks : McAfee & Network Associates are registered trademarks of Network Associates and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. © 2003 Network Associates Technology, Inc. All Rights Reserved.
OriginalFilename : TBMON.EXE

#:15 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_03\bin\
ProcessID : 364
ThreadCreationTime : 5-1-2006 6:56:17 PM
BasePriority : Normal


#:16 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 816
ThreadCreationTime : 5-1-2006 6:56:21 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:17 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2116
ThreadCreationTime : 5-1-2006 6:57:05 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2816
ThreadCreationTime : 5-1-2006 6:58:50 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : ksdlv1.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\ksdlv1.dll)


#:19 [hpqgalry.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2888
ThreadCreationTime : 5-1-2006 6:58:59 PM
BasePriority : Normal


#:20 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3080
ThreadCreationTime : 5-1-2006 6:59:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

Adware.Look2Me Object Recognized!
Type : Process
Data : guard.tmp
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\guard.tmp)

"C:\WINDOWS\system32\rundll32.exe"Process terminated successfully

#:21 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3468
ThreadCreationTime : 5-1-2006 7:02:17 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3

0 Possible New Malware 0 Object Recognized!
Type : File
Data : twbyuv.dll
TAC Rating : 0
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



0 Possible New Malware 0 Object Recognized!
Type : File
Data : guard.tmp
TAC Rating : 0
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

Welcome. Better post an HijackThis log. Before you do that, follow these instructions HERE (will help you with Look2Me issue)

Then post that log,

Please follow these instructions HERE.