Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help - loading website [Resolved]


  • This topic is locked This topic is locked

#1
Robwat

Robwat

    Member

  • Member
  • PipPip
  • 27 posts
I have installed ad-aware, spybot and CW shredder but I am still getting loadingwebsite pop-ups and others everytime I connect.
Here is my logfile
Any help would be gratefully appreciated

Logfile of HijackThis v1.99.1
Scan saved at 15:29:05, on 01/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\RunMotive.exe
C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\BTYAHO~2\SMARTB~1\MotiveSB.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\r?ndll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Sue Watson\Application Data\eetu.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\BT Yahoo! Help\bin\mpbtn.exe
C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {404B829D-2560-67B9-07B2-16AADAC1C4FF} - C:\WINDOWS\system32\euudbzb.dll
O2 - BHO: (no name) - {7566B29D-0853-528D-2A82-2687EAF1E9CF} - C:\WINDOWS\system32\euudbzb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FlashInstaller] D:\flashstart.exe D:\D:\start.exe run
O4 - HKLM\..\Run: [RunNetHelp] C:\WINDOWS\RunMotive.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~2\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [ebon] C:\WINDOWS\ebon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [dlsmgr] C:\Program Files\dlsmgr\dlsmgr.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C1-5297EF71F44B}] rundll32.exe C:\WINDOWS\system32\stlbdemo.dll,DllRunMain
O4 - HKLM\..\Run: [MsnExplorer] C:\WINDOWS\msexploren.exe /i
O4 - HKLM\..\Run: [nvsvca32] C:\WINDOWS\nvsvca32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Slyekk] C:\WINDOWS\system32\r?ndll32.exe
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [IwrmRXK6i] mp4dui.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Sue Watson\Application Data\eetu.exe
O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo! Help\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Homepage - {5AA06501-68FA-4989-B5EB-0F43DBC1A053} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {B3146DBC-02AB-4DDA-B1DF-48458A7C1F16} - http://www.bt.com (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'ypclsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activewor...ldsDownload.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.147...es/geaccess.exe
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.co...._1/axofupld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.cyberpatr...line/isetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.cyberpatr...nline/setup.exe
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.bro...tivePreQual.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v5.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.bto...twebcontrol.cab
O16 - DPF: {F04F4F32-6457-401A-8169-D2773DDFF930} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_3uk.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8A7A08F-5ACD-49C6-8FB4-09ACF05DDF91}: NameServer = 194.74.65.86 194.72.9.55
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\enjol1131.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi and welcome Robwat
If your still looking to resolve this issues,

Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {404B829D-2560-67B9-07B2-16AADAC1C4FF} - C:\WINDOWS\system32\euudbzb.dll
O2 - BHO: (no name) - {7566B29D-0853-528D-2A82-2687EAF1E9CF} - C:\WINDOWS\system32\euudbzb.dll
O4 - HKLM\..\Run: [FlashInstaller] D:\flashstart.exe D:\D:\start.exe run
O4 - HKLM\..\Run: [RunNetHelp] C:\WINDOWS\RunMotive.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [ebon] C:\WINDOWS\ebon.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C1-5297EF71F44B}] rundll32.exe C:\WINDOWS\system32\stlbdemo.dll,DllRunMain
O4 - HKLM\..\Run: [MsnExplorer] C:\WINDOWS\msexploren.exe /I
O4 - HKCU\..\Run: [Slyekk] C:\WINDOWS\system32\r?ndll32.exe
O4 - HKCU\..\Run: [IwrmRXK6i] mp4dui.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Sue Watson\Application Data\eetu.exe
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://64.156.31.147...es/geaccess.exe
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\enjol1131.dll (file missing)


Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the files highlighted in BOLD

C:\WINDOWS\system32\euudbzb.dll
D:\flashstart.exe
C:\WINDOWS\RunMotive.exe
C:\Program Files\Windows ServeAd\WinServAd.exe <--Delete Folder
C:\Program Files\Windows ServeAd\WinServSuit.exe <-- Delete Folder
C:\WINDOWS\ebon.exe
C:\WINDOWS\system32\stlbdemo.dll
C:\WINDOWS\msexploren.exe
C:\WINDOWS\system32\r?ndll32.exe <--Be carefull with this, DO NOT delete the legit RUNDLL32.exe
mp4dui.exe
C:\Documents and Settings\Sue Watson\Application Data\eetu.exe
C:\WINDOWS\system32\enjol1131.dll

Restart your computer,

I would like for you too check Ad-aware and Spybot for updates and run a full scan with both of them,
Also,
Please run these two online scans. Make sure they are set to clean automatically:

TrendMicro's HouseCall
ActiveScan

You should try to delete any files that these scanners are unable to clean. Then let us know if its working better and what the scans found.

Then scan again with HijackThis and post another log.

Sorry for the late reply the board has been busy lately,
  • 0

#3
Robwat

Robwat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi,
Thanks Don77 for your help. My system does seem to be working better with far fewer popups I haven't seen the loadingwebsite appear as yet.
I have done as requested, and have run the 2 scans.
This is the output from the Housecall Scan:
We have detected 2 infected file(s) with 2 virus(es) on your computer.
Detected File Associated Virus Name
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0055900.exe TROJ_AGENT.1

C:\WINDOWS\SYSTEM32\n20050308.exe TROJ_AGENT.MS

These have been deleted.

The ActiveScan found these and I am not sure if I am supposed to search for and delete them?
Incident Status Location

Adware:Adware/MyWay No disinfected C:\Program Files\MySearch
Adware:Adware/nCase No disinfected C:\Temp\FLEOK
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup*
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/DealHelper No disinfected Windows Registry
Adware:Adware/TopRebates No disinfected C:\WINDOWS\bundles\WebRebates*.exe
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/WUpd No disinfected C:\Program Files\Windows ServeAd
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteSideBar
Adware:Adware/TopConvert No disinfected C:\Program Files\Topconverting
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr6945
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\temp.frB8C8
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Sue Watson\Local Settings\Temp\temp.fr92B6
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch\bar\1.bin\S42NS.EXE
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
Adware:Adware/SAHAgent No disinfected C:\temp\SAHPackage.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\bundles\ezStubseedcorn.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\bundles\thin-8-1-x-x.exe
Adware:Adware/TopRebates No disinfected C:\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\bundles\wrapperouter.exe
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.6.inf
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/EliteBar No disinfected C:\WINDOWS\sideb.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\aacore.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\akcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\apdiosrv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\aUcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\aza0013me.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\CLRDS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\CZMSNAP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\DCSPEX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\DJrtWeb.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dn8601lse.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dnl0013me.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\DQCPMON.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dqkquota.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\drsec.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dscprop2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dycprop2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\e8202ifmg82a2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\f0l02a3mgd.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\f6j2lg1o16.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\FGIFS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\gp26l3fs1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\HbdraPnp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\hcetwiz.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\i6420ghoe64c0.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\ibpromon.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\ibr2l59o1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\iletmib1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\ir28l5fu1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\irnul5591.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\j8n20i5oe8.dll
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM32\javex80.vxd[nvms.dll]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM32\javex80.vxd[nls.exe]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\k2nolc531f.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\k6jslg1716.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KCDAL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KGDAL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\kgdinbe1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KNDKAZ.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\kpuser.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KQDHU.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\ksdinmal.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\kwdinmal.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KYDLV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\l0n4la5q1d.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\l2r0lc9m1f.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\LAGHOURS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\LIX2KUSB.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\LXEXPAND.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\m664lgjq16oe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\mcwstr10.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\MFSIGN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\miimtf.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\MQRATELC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\mujetoledb40.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\mzprivs.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\mzxml4.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\NELANUI2.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\nncpl.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\nyinstnt.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\oacache.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[mscb.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[cashback.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[cb.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[flash.exe]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\pvdgen.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\QROLE32.DLL
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\RNDLL3~1.EXE
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\shhedsvc.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\sic.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\sNgnb.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\soecli.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\uaandlg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\VARIFIER.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\vbsapi.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\VDRIFIER.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\wenntbbu.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\whdmtpus.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\wihip6.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\wtvcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\WZN87EM.DLL
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\Temp\akcore.dll
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\Temp\iD.tmp
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\Temp\SskUpdater.exe Here is my latest HijackThis Log


Logfile of HijackThis v1.99.1
Scan saved at 18:29:04, on 14/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\BTYAHO~2\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\BT Yahoo! Help\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Sue Watson\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~2\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [dlsmgr] C:\Program Files\dlsmgr\dlsmgr.exe
O4 - HKLM\..\Run: [nvsvca32] C:\WINDOWS\nvsvca32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo! Help\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Homepage - {5AA06501-68FA-4989-B5EB-0F43DBC1A053} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {B3146DBC-02AB-4DDA-B1DF-48458A7C1F16} - http://www.bt.com (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'ypclsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activewor...ldsDownload.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.co...._1/axofupld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.cyberpatr...line/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.cyberpatr...nline/setup.exe
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.bro...tivePreQual.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v5.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.bto...twebcontrol.cab
O16 - DPF: {F04F4F32-6457-401A-8169-D2773DDFF930} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_3uk.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8A7A08F-5ACD-49C6-8FB4-09ACF05DDF91}: NameServer = 194.74.65.86 194.72.9.55
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.

Thanks again for your help.
  • 0

#4
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Lets see if we can't get the rest of this cleaned up,

Download and install Cleanup

Please download and install Ad-aware.
Setting up Ad-aware- please make sure you update it first

Next Reboot to safe mode again please,
Open Cleanup! Click on clean up now and let it run,
When it has finished click NO to reboot now.

Next,
Scan with AdAware have it remove what it finds

Restart your computer

run the online scans again please and let us know what they come back with,

Also running 2 Anti Virus programs is not a good idea, Please update 1 ( whichever you choose) and remove the other,
  • 0

#5
Robwat

Robwat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I have performed tasks as requested and run the 2 online scans. Housecall came up with nothing, but activescan has still found 102 infected items, here is what it found:
Incident Status Location

Adware:Adware/MyWay No disinfected C:\Program Files\MySearch
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup*
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/DealHelper No disinfected Windows Registry
Adware:Adware/TopRebates No disinfected C:\WINDOWS\bundles\WebRebates*.exe
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/WUpd No disinfected C:\Program Files\Windows ServeAd
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteSideBar
Adware:Adware/TopConvert No disinfected C:\Program Files\Topconverting
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch\bar\1.bin\S42NS.EXE
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
Adware:Adware/eZula No disinfected C:\WINDOWS\bundles\ezStubseedcorn.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\bundles\thin-8-1-x-x.exe
Adware:Adware/TopRebates No disinfected C:\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\bundles\wrapperouter.exe
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.6.inf
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/EliteBar No disinfected C:\WINDOWS\sideb.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\aacore.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\akcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\apdiosrv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\aUcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\aza0013me.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\CLRDS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\CZMSNAP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\DCSPEX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\DJrtWeb.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dn8601lse.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dnl0013me.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\DQCPMON.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dqkquota.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\drsec.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dscprop2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dycprop2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\e8202ifmg82a2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\f0l02a3mgd.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\f6j2lg1o16.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\FGIFS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\gp26l3fs1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\HbdraPnp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\hcetwiz.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\i6420ghoe64c0.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\ibpromon.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\ibr2l59o1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\iletmib1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\ir28l5fu1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\irnul5591.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\j8n20i5oe8.dll
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM32\javex80.vxd[nvms.dll]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM32\javex80.vxd[nls.exe]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\k2nolc531f.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\k6jslg1716.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KCDAL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KGDAL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\kgdinbe1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KNDKAZ.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\kpuser.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KQDHU.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\ksdinmal.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\kwdinmal.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KYDLV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\l0n4la5q1d.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\l2r0lc9m1f.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\LAGHOURS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\LIX2KUSB.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\LXEXPAND.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\m664lgjq16oe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\mcwstr10.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\MFSIGN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\miimtf.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\MQRATELC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\mujetoledb40.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\mzprivs.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\mzxml4.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\NELANUI2.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\nncpl.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\nyinstnt.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\oacache.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[mscb.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[cashback.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[cb.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[flash.exe]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\pvdgen.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\QROLE32.DLL
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\RNDLL3~1.EXE
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\shhedsvc.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\sic.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\sNgnb.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\soecli.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\uaandlg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\VARIFIER.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\vbsapi.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\VDRIFIER.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\wenntbbu.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\whdmtpus.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\wihip6.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\wtvcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\WZN87EM.DLL
  • 0

#6
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts

Adware:Adware/MyWay No disinfected C:\Program Files\MySearch
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup*
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/DealHelper No disinfected Windows Registry
Adware:Adware/TopRebates No disinfected C:\WINDOWS\bundles\WebRebates*.exe
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/WUpd No disinfected C:\Program Files\Windows ServeAd
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteSideBar
Adware:Adware/TopConvert No disinfected C:\Program Files\Topconverting
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch\bar\1.bin\S42NS.EXE
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
Adware:Adware/eZula No disinfected C:\WINDOWS\bundles\ezStubseedcorn.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\bundles\thin-8-1-x-x.exe
Adware:Adware/TopRebates No disinfected C:\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\bundles\wrapperouter.exe
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.6.inf
Adware:Adware/EliteBar No disinfected C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/EliteBar No disinfected C:\WINDOWS\sideb.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\aacore.dll
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\akcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\apdiosrv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\aUcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\aza0013me.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\CLRDS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\CZMSNAP.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\DCSPEX.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\DJrtWeb.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dn8601lse.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dnl0013me.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\DQCPMON.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dqkquota.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\drsec.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dscprop2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\dycprop2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\e8202ifmg82a2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\f0l02a3mgd.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\f6j2lg1o16.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\FGIFS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\gp26l3fs1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\HbdraPnp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\hcetwiz.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\i6420ghoe64c0.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\ibpromon.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\ibr2l59o1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\iletmib1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\ir28l5fu1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\irnul5591.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\j8n20i5oe8.dll
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM32\javex80.vxd[nvms.dll]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\SYSTEM32\javex80.vxd[nls.exe]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\k2nolc531f.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\k6jslg1716.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KCDAL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KGDAL.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\kgdinbe1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KNDKAZ.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\kpuser.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KQDHU.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\ksdinmal.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\kwdinmal.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\KYDLV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\l0n4la5q1d.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\l2r0lc9m1f.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\LAGHOURS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\LIX2KUSB.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\LXEXPAND.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\m664lgjq16oe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\mcwstr10.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\MFSIGN32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\miimtf.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\MQRATELC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\mujetoledb40.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\mzprivs.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\mzxml4.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\NELANUI2.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\nncpl.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\nyinstnt.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\oacache.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[mscb.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[cashback.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[cb.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\psis80ex.ax[flash.exe]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\pvdgen.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\QROLE32.DLL
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\RNDLL3~1.EXE
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\shhedsvc.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\sic.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\sNgnb.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\soecli.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\uaandlg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\VARIFIER.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\vbsapi.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\VDRIFIER.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\wenntbbu.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\whdmtpus.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\wihip6.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\wtvcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\WZN87EM.DLL


The above Files in bold need to be removed, The above items in Red I would like for you to check the Add/Remove programs and remove from there if found, Do this in safe mode.
Probably a good idea to printy out these instructions so you have them

Dowload the latest version of Spybot 1.3. Please check it for updates, Run a scan with it and fix anything it finds in red, ( It will like remove some of the files above)

I need you to run a scan in safe mode as well with both Spybot and Ad-aware,

Reboot to normal mode and run Active scan again please and let us know what it comes back with
  • 0

#7
Robwat

Robwat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I have removed as many of the files as I could find and have run Spybot and Ad-aware in Safe mode.
This is what the Active scan has found:
Incident Status Location

Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/DelFinMedia No disinfected C:\keys.ini

Adware:Adware/DealHelper No disinfected Windows Registry
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\bundles\thin-8-1-x-x.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\bundles\wrapperouter.exe
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.6.inf
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\RNDLL3~1.EXE Thanks
  • 0

#8
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Getting cleaner Rob,

Next Reboot into SAFE MODE Make sure you can view all Hidden Files/Folders search for and delete the files highlighted in BOLD

C:\WINDOWS\bundles <-- Delete folder
C:\keys.ini
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.6.inf <-- Delete Folder
C:\WINDOWS\SYSTEM32\RNDLL3~1.EXE <-- Delete File
C:\WINDOWS\bundles\wrapperouter.exe <-- Delete Folder

Restart your computer,
Run another scan with Active scan and lets us know what it finds please
  • 0

#9
Robwat

Robwat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I rebooted into safe mode and made sure that I could see hidden files/folders but I am still unable to find and delete:

f3initialsetup1.0.0.6.inf and RNDLL3~1.EXE

Therefore when I ran ActiveScan they were still there, along with one other.

Here is what the scan found

Incident Status Location

Adware:Adware/PortalScan No disinfected Windows Registry
Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.6.inf
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\RNDLL3~1.EXE
  • 0

#10
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Download Pocket Killbox from. Here Paste the full file path (C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.6.inf ) in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" and post a new log when you have rebooted.
Let us know how you make out,

Do the same for

C:\WINDOWS\SYSTEM32\RNDLL3~1.EXE

Run another scan with Active and post back what it finds please
  • 0

Advertisements


#11
Robwat

Robwat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I have deleted the 2 files using killbox.
This is what the active scan found:

Incident Status Location

Adware:Adware/PortalScan No disinfected Windows Registry


Hopefully this is nearly the end. Thanks for all your help so far
  • 0

#12
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit

Then click OK. (The Registry Editor opens.)


Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


In the right pane, delete the value:

"absr"="<path to file name>"


Exit the Registry Editor.

Reboot,
Rescan one and hopefully the last time with Active and post with it finds if it finds anything
  • 0

#13
Robwat

Robwat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi, I followed instructions but I am unable to find"absr". I must be doing something wrong but not sure what?!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I followed this and then clicked on Run which brought up various items in the right pane but nothing remotely similar to absr.
Sorry but I am a bit of a novice when it comes to computers.
  • 0

#14
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Go to regedit again please and search for PortalScan

If found delete Please, Run a scan with active one more time and let us know what it comes back with,

Sorry for the late reply I was away for a few days,
  • 0

#15
Robwat

Robwat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Unable to find portalScan
Run active scan and it is still coming up with one infected file:
Adware:Adware/PortalScan No disinfected Windows Registry
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP