Spyware/Adware problems - please help

Hi, I was hoping someone could help me with some problems my computer's been having lately. Originally, I had a virus that pretty much crippled the computer all together. After removing the virus, I'm still having some issues (I'm running Windows 2000 Pro):

1. When my computer boots up, I get the following error message: "An exception occured while trying to run C:\WINNT\system32\xxxx.dll, DllGetVersion". The xxxx is a different file name each time I reboot. Some of the ones I wrote down are sedocvw.dll, cypmtab.dll, aaferror.dll, gn6m13j11.dll, and wvhatm.dll.

2. After my computer has been running for a while, I always get errors relating to SHRLHOST.exe and CSC2DVAG.exe. I don't know what these programs are, so if someone could help me with that, I'd really appreciate it.

3. I get unbelievable amounts of popup ads, usually enough to cause my computer to crash and give me the blue screen if I leave it alone for a while. My default browser is Firefox so most of the ads open up in that, but some still open in IE.

I've already done everything that this website suggested I do before posting my Hijack This file (attached), but nothing seems to work. Any help would be greatly appreciated.

Thanks for your time!

 

Please follow the instructions in teh following thread:
Running Ewido Security Suite

 

Thanks for your help. I ran Ewido again and I've posted the logs (both from the first time I ran it and from when I ran it again in response to your reply). Please let me know what I should do next whenever it's convenient for you.

Thanks again,
Phil

 

Please follow the instructions in teh below thread:
Look2Me VX2 Removal

Post the logs from the above fix and a fresh HijackThis log once you are finished.

 

I followed the instructions in the Look2Me VX Removal thread and I'm still having the same problems. I've attached the log file as well as an updated Hijack This log file. Thanks again for your help.

 

You have HijackThis installed incorrectly, please install HijackThis to C:\HJT.

San with HijackThis and fix the following:

Reboot to safe mode and delete the following file:
C:\WINNT\system32\t28ulcl91fq.dll

Reboot and post a fresh HJT log.

 

Thanks again for your help. I re-installed Hijack This in the right folder, ran the program, and fixed the problems you told me to. I then restarted in Safe Mode, but the dll file you told me to delete was no longer there. I believe it changes names every time the computer starts. As you can see, in the Hijack This log I've attached, it's most recent name is hrn2055oe.dll. In order to determine the current file, I ran Hijack This again in safe mode and didn't fix any problems, just used it to find the right dll file. When I tried to delete it using Windows Explorer, I recieved an error message saying I the file or destination may be in use and I didn't have access to delete it. Please let me know what to do next, and thanks again for your time.

 

Please disable Spybot's Teatimer function, as it will interfer with any fixes; and it really isn't that effective anyway.

Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.

 

I ran the SpySweeper and have posted an updated Hijack This log. I wasn't able to post the SpySweeper log because I think the file size is too large. However, for the most part, the popups appear to be gone. Thanks so much for your help. Is there anything else you think I should do?

 

Please reinstall HijackThis to C:\HJT. Disable Spybot's Teatimer function as it will interfer with any fixes I have you do.

Scan with HijackThis and fix the following:

What is WebDrive Service?

Zip the Spy Sweeper log and attach it.

Please run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

Now come back here and post all three logs as attachments