0

I am getting "Error loading w11699f5.dll Access is denied." at startup...
Think I've had all sorts of virus on my computer in the last 24hours. Have use AVG to remove what feels like most of it, but would like to make all good again... having been in this position once before, here is my HJT log... please help!!

Logfile of HijackThis v1.99.1
Scan saved at 23:03:56, on 27/04/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\spss_lmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Oliver\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/intl/en/options/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
F1 - win.ini: run= C:\GAMES\RA\INSTICON.EXE
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [w11699f5.dll] RUNDLL32.EXE w11699f5.dll,I2 00098cde011699f5
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [ares] "C:\Ares\Ares.exe" -h
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?135359440f944edb4aeaa8ad6553afa
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?135359440f944edb4aeaa8ad6553afa
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/yregucfg/2004_10_11_1/yregucfg.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097490625655
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\ir26l5fs1.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\iPod\bin\iPodService.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spss License Manager (SpssLM) - Unknown owner - C:\WINDOWS\System32\spss_lmd.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

3
Contributors
5
Replies
6
Views
11 Years
Discussion Span
Last Post by 'Stein
0

Hi, there are still a few infections. Please run HJT again and select the following entries.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;

O4 - HKLM\..\Run: [w11699f5.dll] RUNDLL32.EXE w11699f5.dll,I2 00098cde011699f5

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?135359440f944edb4aeaa8ad6553af a

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?135359440f944edb4aeaa8ad6553af a

O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab

O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\ir26l5fs1.dll

Click Fix Checked

-------------------------------------------------------------------

Please download Look2Me-Destroyer.exe to your desktop.
--Close all windows before continuing.
--Double-click Look2Me-Destroyer.exe to run it.
--Put a check next to Run this program as a task.
--You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
--When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
--Once it's done scanning, click the Remove L2M button.
--You will receive a Done Scanning message, click OK.
--When completed, you will receive this message: Done removing infected files! --Look2Me-Destroyer will now shutdown your computer, click OK.
--Your computer will then shutdown.
--Turn your computer back on.


If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/ne...ib/MSWINSCK.OCX

-----------------------------------------------------------------------

Then please download ewido - www.ewido.net - Install. Update. Scan. Remove anything it finds (Save log)


Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log, and the ewido log

0

Thanks so much for your quick repsonse. :)

All done. Here you go...

Look2Me-Destroyer V1.0.12


Scanning for infected files.....
Scan started at 28/04/2006 15:22:10


Infected! C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484744.dll


Attempting to delete infected files...


Attempting to delete: C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484744.dll
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484744.dll Deleted successfully!


Making registry repairs.



Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D32C7C86-95AB-4945-AAD2-326F8574A27F}"
HKCR\Clsid\{D32C7C86-95AB-4945-AAD2-326F8574A27F}


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3E631C91-DBF5-47A8-B2A4-5BA988CC53B2}"
HKCR\Clsid\{3E631C91-DBF5-47A8-B2A4-5BA988CC53B2}


Restoring Windows certificates.


Replaced hosts file with default windows hosts file



Restoring SeDebugPrivilege for Administrators - Succeeded



Logfile of HijackThis v1.99.1
Scan saved at 20:55:14, on 28/04/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\spss_lmd.exe
C:\WINDOWS\System32\svchost.exe
C:\ewido anti-malware\ewidoguard.exe
C:\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Oliver\Desktop\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/intl/en/options/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer brought to you by Planetis
F1 - win.ini: run= C:\GAMES\RA\INSTICON.EXE
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [ares] "C:\Ares\Ares.exe" -h
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097490625655
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\iPod\bin\iPodService.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spss License Manager (SpssLM) - Unknown owner - C:\WINDOWS\System32\spss_lmd.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           20:54:25, 28/04/2006
+ Report-Checksum:      52EF649E


+ Scan result:


HKLM\SOFTWARE\Classes\Interface\{06CA2DA3-3A44-4FC7-8FD9-246C0F53407C} -> Adware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@banner.paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@project2.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@spylog[2].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Oliver\Cookies\oliver@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Oliver\Local Settings\Temporary Internet Files\Content.IE5\3YMX7GRH\ac2[1].txt -> Downloader.Agent.ahv : Cleaned with backup
C:\Documents and Settings\Oliver\Local Settings\Temporary Internet Files\Content.IE5\4XER0PEV\loader[1].cab/loader.exe -> Downloader.Small.on : Cleaned with backup
C:\Documents and Settings\Oliver\Local Settings\Temporary Internet Files\Content.IE5\8TCZOJ4J\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\Oliver\Local Settings\Temporary Internet Files\Content.IE5\8TCZOJ4J\AppWrap[2].exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\Oliver\Local Settings\Temporary Internet Files\Content.IE5\8TCZOJ4J\AppWrap[3].exe -> Adware.Zestyfind : Cleaned with backup
C:\Program Files\BTopenworld\btwebcontrol.dll -> Dialer.BT.b : Cleaned with backup
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484713.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484714.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484715.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484718.dll -> Adware.Softomate : Cleaned with backup
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484721.exe -> Dropper.Agent.aac : Cleaned with backup
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484723.exe -> Dropper.Agent.aac : Cleaned with backup
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484724.dll -> Adware.TargetServer : Cleaned with backup
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484727.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484730.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484732.exe -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484745.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484746.dll -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484747.exe -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{93F1A46B-AE17-413D-AB01-FAE51B19FAD7}\RP684\A0484748.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\system32\aqnkw.dll -> Adware.WurldMedia : Cleaned with backup
C:\WINDOWS\system32\mocupd.exe -> Adware.WurldMedia : Cleaned with backup
C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : Cleaned with backup



::Report End

so how did I do? Problem solved?

Edited by happygeek: fixed formatting

0

Ja, log's clean :)

Let's finish up by flushing out your System Restore points, as they seem pretty infected:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis

Lastly, are ya having any more problems? If so, post back here.

If not, mark this thread as solved, and we wish ya luck keeping clean.

Thanks again :)

0

hey that's all cool. To be honest, ever since I ran Look2Me destroyer, there has been nothing noticeable.

Just one last question... in terms of keeping my computer protected in future, which program should I be using? AVG or Evidos, or neither, or both? :) I was using Norton before, but it expired and it never seemed to do much...

thanks for all your help! Love live Daniweb.

0

Haha awsome.

Ok, for protection, I would recommend:

1) Antivirus - AVG (free)
2) AntiSpyware 1 - Ewido (free)
3) AntiSpyware 2 - Microsoft Defender (free)
4) Software Firewall - Zone Alarm (free)

I would download and keep running all of these.

AVG
Microsoft Defender
Zone Alarm

If ya could mark this thread as solved, it'd be great.

Thanks.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.