Spy Sweeper & Malware Help Please.

  leedaz 10:55 06 Nov 2006
Locked

Since yesterday, when I start up the PC Webroot Spysweeper is reporting this...

10:02: The Spy Communication shield has blocked access to: ACTIVEX.MATCASH.COM
10:01: The Spy Communication shield has blocked access to: ABOUT-BLANK.BIZ
10:01: The Spy Communication shield has blocked access to: A7P7.COM
10:01: The Spy Communication shield has blocked access to: A.TARGETSAVER.COM
10:00: The Spy Communication shield has blocked access to: 99CALZE.COM
10:00: The Spy Communication shield has blocked access to: 80GW6RY3I3X3QBRKWHXHW.032439.COM
10:00: The Spy Communication shield has blocked access to: 600PICS.COM
10:00: The Spy Communication shield has blocked access to: 5SEC.ORG
10:00: The Spy Communication shield has blocked access to: 5SEC.INFO
09:59: The Spy Communication shield has blocked access to: 5SEC.BIZ
09:59: The Spy Communication shield has blocked access to: 2PURSUIT.COM
09:59: The Spy Communication shield has blocked access to: 2AWM.COM
09:59: The Spy Communication shield has blocked access to: 2005-SEARCH.COM
09:58: The Spy Communication shield has blocked access to: 1800TAXFREE.COM
09:58: The Spy Communication shield has blocked access to: 1800-SEARCH.COM
09:58: The Spy Communication shield has blocked access to: 09.JUSTCOUNTER.COM
09:57: The Spy Communication shield has blocked access to: 08.JUSTCOUNTER.COM
09:57: The Spy Communication shield has blocked access to: 07.JUSTCOUNTER.COM
09:57: The Spy Communication shield has blocked access to: 06.JUSTCOUNTER.COM
09:57: The Spy Communication shield has blocked access to: 05.JUSTCOUNTER.COM
09:57: The Spy Communication shield has blocked access to: 04.JUSTCOUNTER.COM
09:57: The Spy Communication shield has blocked access to: 03.JUSTCOUNTER.COM
09:56: The Spy Communication shield has blocked access to: 02.JUSTCOUNTER.COM
09:56: The Spy Communication shield has blocked access to: 01.JUSTCOUNTER.COM
09:56: The Spy Communication shield has blocked access to: _218_.JUSTCOUNTER.COM

Obviously something is wrong but I don't know what. I've googled some of these sites and it's becoming obvious they are not to be visited because they can harm your PC but something on my PC is trying to connect with them. I've run countless anti virus scans both with my Zone Labs ISS and Avast free, Prevx1 free, Xsoft Spy, Ad aware, and Spybot.

SpySweeper found and removed this lot...

07:54: HKLM\software\classes\clsid\{e21be468-5c18-43eb-b0cc-db93a847d769}\ (ID = 1637841)
07:54: HKLM\software\classes\clsid\{941a4793-a705-4312-8dfc-c11ca05f397e}\ (ID = 1637826)
07:54: HKLM\software\classes\clsid\{765035b3-5944-4a94-806b-20ee3415f26f}\ (ID = 1637816)
07:54: HKLM\software\classes\clsid\{238d0f23-5dc9-45a6-9be2-666160c324dd}\ (ID = 1637806)
07:54: HKLM\software\classes\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{e21be468-5c18-43eb-b0cc-db93a847d769}\ (ID = 1637802)
07:54: HKLM\software\classes\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{941a4793-a705-4312-8dfc-c11ca05f397e}\ (ID = 1637790)
07:54: HKLM\software\classes\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{765035b3-5944-4a94-806b-20ee3415f26f}\ (ID = 1637782)
07:54: HKLM\software\classes\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{238d0f23-5dc9-45a6-9be2-666160c324dd}\ (ID = 1637774)
07:54: HKCR\clsid\{e21be468-5c18-43eb-b0cc-db93a847d769}\ (ID = 1637719)
07:54: HKCR\clsid\{941a4793-a705-4312-8dfc-c11ca05f397e}\ (ID = 1637704)
07:54: HKCR\clsid\{765035b3-5944-4a94-806b-20ee3415f26f}\ (ID = 1637694)
07:54: HKCR\clsid\{238d0f23-5dc9-45a6-9be2-666160c324dd}\ (ID = 1637684)
07:54: HKCR\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{e21be468-5c18-43eb-b0cc-db93a847d769}\ (ID = 1637680)
07:54: HKCR\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{941a4793-a705-4312-8dfc-c11ca05f397e}\ (ID = 1637668)
07:54: HKCR\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{238d0f23-5dc9-45a6-9be2-666160c324dd}\ (ID = 1637652)
07:54: Found Adware: koowo lyrics software

and online Housecall removed 4 low risk items which I unfortunately didn't jot down.
Anyone got any ideas whats going on here ? TIA.

  rawprawn 12:08 06 Nov 2006

I don't use Spysweeper, but if it's saying "Blocked access" surely there isn't a problem. Can you configure it to stop warning you about programs it has blocked and just let it get on with it quietly in the background?
You have used Housecall so I doubt there is a problem.

  leedaz 13:01 06 Nov 2006

Thanks rawprawn, I know what you mean but this has just started happening so am a little worried by it. I'm just gonna go through these steps here.. click here

and will report back if any news.

  rawprawn 16:49 06 Nov 2006

If you are going to post an HJT log, this is the best place to get the right answers
click here

  leedaz 18:48 06 Nov 2006

Thanks rawprawn. Most of the way through the procedure and 2 more infections discovered and removed.

1 winuns32.dll
2 Trojan.Klone.H

  skidzy 19:02 06 Nov 2006

Also try running A2 click here and AVg antispy previously Ewido click here

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

Alice Saey's mesmerising animation for Dutch singer Mark Lotterman

iPad Pro 10.5in (2017) review

Comment booster votre iPhone ?