|
| ||
| RUNDLL error I am getting "Error loading w11699f5.dll Access is denied." at startup... Think I've had all sorts of virus on my computer in the last 24hours. Have use AVG to remove what feels like most of it, but would like to make all good again... having been in this position once before, here is my HJT log... please help!! Logfile of HijackThis v1.99.1 Scan saved at 23:03:56, on 27/04/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Apps\ActivBoard\MMKeybd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Apps\ActivBoard\TrayMon.exe C:\Apps\ActivBoard\OSD.exe C:\Apps\ActivBoard\nhksrv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\spss_lmd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\Oliver\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/intl/en/options/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local> F1 - win.ini: run= C:\GAMES\RA\INSTICON.EXE F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Winamp3\winampa.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [w11699f5.dll] RUNDLL32.EXE w11699f5.dll,I2 00098cde011699f5 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [ares] "C:\Ares\Ares.exe" -h O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?135359440f944edb4aeaa8ad6553afa O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?135359440f944edb4aeaa8ad6553afa O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097490625655 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\ir26l5fs1.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: iPod Service (iPodService) - Unknown owner - C:\iPod\bin\iPodService.exe (file missing) O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Spss License Manager (SpssLM) - Unknown owner - C:\WINDOWS\System32\spss_lmd.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
| ||
| Re: RUNDLL error Hi, there are still a few infections. Please run HJT again and select the following entries. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ; O4 - HKLM\..\Run: [w11699f5.dll] RUNDLL32.EXE w11699f5.dll,I2 00098cde011699f5 O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?135359440f944edb4aeaa8ad6553af a O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?135359440f944edb4aeaa8ad6553af a O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\ir26l5fs1.dll Click Fix Checked ------------------------------------------------------------------- Please download Look2Me-Destroyer.exe to your desktop. --Close all windows before continuing. --Double-click Look2Me-Destroyer.exe to run it. --Put a check next to Run this program as a task. --You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK --When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. --Once it's done scanning, click the Remove L2M button. --You will receive a Done Scanning message, click OK. --When completed, you will receive this message: Done removing infected files! --Look2Me-Destroyer will now shutdown your computer, click OK. --Your computer will then shutdown. --Turn your computer back on. If you receive a message from your firewall about this program accessing the internet please allow it. If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory. http://www.ascentive.com/support/ne...ib/MSWINSCK.OCX ----------------------------------------------------------------------- Then please download ewido - www.ewido.net - Install. Update. Scan. Remove anything it finds (Save log) Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log, and the ewido log |
| ||
| Re: RUNDLL error Thanks so much for your quick repsonse. :) All done. Here you go... Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 28/04/2006 15:22:10 Infected! C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484744.dll Attempting to delete infected files... Attempting to delete: C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484744.dll C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484744.dll Deleted successfully! Making registry repairs. Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D32C7C86-95AB-4945-AAD2-326F8574A27F}" HKCR\Clsid\{D32C7C86-95AB-4945-AAD2-326F8574A27F} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3E631C91-DBF5-47A8-B2A4-5BA988CC53B2}" HKCR\Clsid\{3E631C91-DBF5-47A8-B2A4-5BA988CC53B2} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrators - Succeeded Logfile of HijackThis v1.99.1 Scan saved at 20:55:14, on 28/04/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Apps\ActivBoard\MMKeybd.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Apps\ActivBoard\TrayMon.exe C:\Apps\ActivBoard\OSD.exe C:\Apps\ActivBoard\nhksrv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\spss_lmd.exe C:\WINDOWS\System32\svchost.exe C:\ewido anti-malware\ewidoguard.exe C:\ewido anti-malware\ewidoctrl.exe C:\Documents and Settings\Oliver\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/intl/en/options/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis F1 - win.ini: run= C:\GAMES\RA\INSTICON.EXE F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Winamp3\winampa.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [ares] "C:\Ares\Ares.exe" -h O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097490625655 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\ewido anti-malware\ewidoguard.exe O23 - Service: iPod Service (iPodService) - Unknown owner - C:\iPod\bin\iPodService.exe (file missing) O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Spss License Manager (SpssLM) - Unknown owner - C:\WINDOWS\System32\spss_lmd.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 20:54:25, 28/04/2006 + Report-Checksum: 52EF649E + Scan result: HKLM\SOFTWARE\Classes\Interface\{06CA2DA3-3A44-4FC7-8FD9-246C0F53407C} -> Adware.CoolWebSearch : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@banner.paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@project2.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@spylog[2].txt -> TrackingCookie.Spylog : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup C:\Documents and Settings\Oliver\Cookies\oliver@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Oliver\Local Settings\Temporary Internet Files\Content.IE5\3YMX7GRH\ac2[1].txt -> Downloader.Agent.ahv : Cleaned with backup C:\Documents and Settings\Oliver\Local Settings\Temporary Internet Files\Content.IE5\4XER0PEV\loader[1].cab/loader.exe -> Downloader.Small.on : Cleaned with backup C:\Documents and Settings\Oliver\Local Settings\Temporary Internet Files\Content.IE5\8TCZOJ4J\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup C:\Documents and Settings\Oliver\Local Settings\Temporary Internet Files\Content.IE5\8TCZOJ4J\AppWrap[2].exe -> Adware.AdURL : Cleaned with backup C:\Documents and Settings\Oliver\Local Settings\Temporary Internet Files\Content.IE5\8TCZOJ4J\AppWrap[3].exe -> Adware.Zestyfind : Cleaned with backup C:\Program Files\BTopenworld\btwebcontrol.dll -> Dialer.BT.b : Cleaned with backup C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484713.dll -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484714.exe -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484715.exe -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484718.dll -> Adware.Softomate : Cleaned with backup C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484721.exe -> Dropper.Agent.aac : Cleaned with backup C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484723.exe -> Dropper.Agent.aac : Cleaned with backup C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484724.dll -> Adware.TargetServer : Cleaned with backup C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484727.exe -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484730.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484732.exe -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484745.dll -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484746.dll -> Adware.CommAd : Cleaned with backup C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484747.exe -> Adware.CommAd : Cleaned with backup C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484748.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup C:\WINDOWS\system32\aqnkw.dll -> Adware.WurldMedia : Cleaned with backup C:\WINDOWS\system32\mocupd.exe -> Adware.WurldMedia : Cleaned with backup C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : Cleaned with backup ::Report End so how did I do? Problem solved? |
| ||
| Re: RUNDLL error Ja, log's clean :) Let's finish up by flushing out your System Restore points, as they seem pretty infected: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points. 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK. NOTE: only do this ONCE,NOT on a regular basis Lastly, are ya having any more problems? If so, post back here. If not, mark this thread as solved, and we wish ya luck keeping clean. Thanks again :) |
| ||
| Re: RUNDLL error hey that's all cool. To be honest, ever since I ran Look2Me destroyer, there has been nothing noticeable. Just one last question... in terms of keeping my computer protected in future, which program should I be using? AVG or Evidos, or neither, or both? :) I was using Norton before, but it expired and it never seemed to do much... thanks for all your help! Love live Daniweb. |
| ||
| Re: RUNDLL error Haha awsome. Ok, for protection, I would recommend: 1) Antivirus - AVG (free) 2) AntiSpyware 1 - Ewido (free) 3) AntiSpyware 2 - Microsoft Defender (free) 4) Software Firewall - Zone Alarm (free) I would download and keep running all of these. AVG Microsoft Defender Zone Alarm If ya could mark this thread as solved, it'd be great. Thanks. |
| All times are GMT -4. The time now is 8:24 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC