cnbabe.dll

Sorry but I need your help - I've run ad-aware, spysweeper, and spybot S&D, and there's still an infuriating piece of code somewhere that wants cnbabe.dll the dll file got destroyed a while ago, probably by all 3 anti adware programs, but some of whatever it is survived. Please help - I've had 4 error messages in the time it took to type this.

Here's my hijackthis log

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\gearsec.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\unldrexe.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\winnt\system32\sncntr.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
E:\WINNT\system32\internat.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
E:\PROGRA~1\COMMON~2\ADDRES~1\comwiz.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\DOCUME~2\ADMINI~1\LOCALS~1\Temp\HijackThis.exe
E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
E:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btinternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = partner;<local>
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - E:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
F1 - win.ini: run=e:\winnt\system32\unldrexe.exe
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-AB2D-8D32436313D9} - E:\WINNT\bsx5.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - E:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - E:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2B3452C5-1B9A-440F-A203-F6ED0F64C895} - E:\WINNT\rem00001.dll
O2 - BHO: (no name) - {392BE62B-E7DE-430A-8859-0AFE677DE6E1} - E:\WINNT\bs2.dll
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - E:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\winnt\downloaded program files\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - E:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\winnt\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Norton Program Scheduler Event Checker] C:\Program Files\Navnt\NPSCheck.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sncntr] e:\winnt\system32\sncntr.exe /nocomm
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [winnet] E:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [bxsx5] RunDLL32.EXE E:\WINNT\bsx5.dll,DllRun
O4 - HKLM\..\Run: [BookedSpace] RunDLL32.EXE E:\WINNT\bs2.dll,DllRun
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Unldrexe] e:\winnt\system32\unldrexe.exe
O4 - Startup: BBCTicker.lnk = E:\Program Files\BBC Ticker\BBCTicker.exe
O4 - Startup: DLHelperEXE.exe
O4 - Startup: WinProxy 1.5.lnk = C:\WinProxy\WinProxy.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://e:\winnt\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://e:\winnt\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\winnt\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://e:\winnt\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\winnt\downloaded program files\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: BT Yahoo! Sidebar (HKLM)
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar (HKLM)
O9 - Extra button: Coches (HKLM)
O12 - Plugin for .ccn: E:\Program Files\Internet Explorer\PLUGINS\npcnc32.dll
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.btinternet.com/
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} -
O16 - DPF: {A0F0D762-D1DE-43AF-B70E-D87864743EB3} (NSLiteUpdateCtrl Class) - http://217.145.76.16/nslite/nslite.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://hamptonpool.squarespace.com/universal/activex/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D707309-993C-4DD7-B5C5-41704F189985}: NameServer = 207.44.140.102 64.191.22.247
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D707309-993C-4DD7-B5C5-41704F189985}: NameServer = 207.44.140.102 64.191.22.247

Incase that doesn't solve it, has anybody got a hammer they can lend me?

 

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - E:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
F1 - win.ini: run=e:\winnt\system32\unldrexe.exe
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-AB2D-8D32436313D9} - E:\WINNT\bsx5.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - E:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - E:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {2B3452C5-1B9A-440F-A203-F6ED0F64C895} - E:\WINNT\rem00001.dll
O2 - BHO: (no name) - {392BE62B-E7DE-430A-8859-0AFE677DE6E1} - E:\WINNT\bs2.dll
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - E:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - E:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O4 - HKLM\..\Run: [sncntr] e:\winnt\system32\sncntr.exe /nocomm
O4 - HKLM\..\Run: [winnet] E:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [bxsx5] RunDLL32.EXE E:\WINNT\bsx5.dll,DllRun
O4 - HKLM\..\Run: [BookedSpace] RunDLL32.EXE E:\WINNT\bs2.dll,DllRun
O4 - HKCU\..\Run: [Unldrexe] e:\winnt\system32\unldrexe.exe

O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/diale...Recomendada.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} -
O16 - DPF: {A0F0D762-D1DE-43AF-B70E-D87864743EB3} (NSLiteUpdateCtrl Class) - http://217.145.76.16/nslite/nslite.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3D707309-993C-4DD7-B5C5-41704F189985}: NameServer = 207.44.140.102 64.191.22.247
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D707309-993C-4DD7-B5C5-41704F189985}: NameServer = 207.44.140.102 64.191.22.247

Reboot, and delete

files
e:\winnt\system32\unldrexe.exe
e:\winnt\system32\sncntr.exe
E:\WINNT\bsx5.dll
E:\WINNT\bs2.dll

folders
E:\Program Files\CommonName

These may be hidden files. See HERE for how to show hidden files.

If you ISP is still BTinternet, fix the two O17 entries also, as they point at Everyones Internet, and Network Operations, both US providers!