adware I just cant shift!

[DJMephisto]

Hi I've cleared my PC several times with all recommended programs - all viruses gone! Theres still one thing I cant get rid of though - something is launching advertising browser windows when I'm online. I've sorted the 'hosts' file so the web pages in these advertisements dont display, but the windows themselves are still opening.

The sites that come up are:
ecommerce-e.com
amaena.com
intern-etadvertising.com
popunder.paypopup.com
health-yshopping.com
beliefnetgreetings.com
ad-w-a-r-e.com

I suspect something hidden in the registry that is being stubborn
This is the last step to ridding my computer of those pests!!

I've included my HJT log file - could you take a look please?

Cheers - Mephisto

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system is infected with the look2me malware.

Go HERE and follow the instructions.

Then post a fresh HJT log.

Regards Howard :wave: :wave:

 

[DJMephisto]

Hi
Cheers very much for your advice - prob seems to have cleared up no ads in 1/2 hour browsing!!

Included both log files

Once again - U R D man!!

Mephisto

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O14 - IERESET.INF: START_PAGE_URL=http://www.ergo.co.uk

O17 - HKLM\System\CCS\Services\Tcpip\..\{1EAE56CE-708B-4A61-9C53-9BB71CE31490}: NameServer = 80.225.255.185 80.225.255.177 Only fix this 017 entry, if it doesn`t belong to your ISP.

Click on the fix checked button.

Reboot into normal mode and tunsystem restore back on.

Your system should now be clean.

Regards Howard