inetkw.dll ERROR

OMG PLEASE SOMEONE HELP! GOD IT POPS UP EVERY FRIGGIN 5 SECONDS! WITH MORE THAN 5 WINDOWS!!! PLEASE SOMEBODY HELP ME!!!!!!!!

Whoa, your computer ist INFESTED...

At a first glance, these look suspicious:

E:\WINDOWS\system32\or32PEnt.exe
E:\WINDOWS\System32\kipdhlq\jcgidnp.exe
E:\WINDOWS\System32\aulrhuf\peixwme.exe
E:\WINDOWS\System32\cnstgfo.exe
E:\PROGRA~1\INTERN~2\inetsvc.exe
E:\WINDOWS\System32\qhytpfo\rowynhb.exe
E:\WINDOWS\System32\bjgwqsi\encfumw.exe

As well as a lot of other stuff.

Have you downloaded Ad-Aware and Spybot S&D? If yes, make sure you have the latest definition file (both programs have internet upate facilities built in) and run them on your computer.

I've scanned my comp woth both of those and fully updated.....what do i do now?

umm can u help me out??? itz REALLI getting ANNOYING.......

Man O man where have you been ??????
This is going to take some work,,,

First
Please Download LSPFix from http://www.cexx.org/lspfix.zip and Run the Program.

Disconnect from the Internet and close all Internet Explorer Windows.

Check the "I know what I'm doing" Button and remove all traces of lspak.dll
Then Reboot.

Next
Dowload the following program

CWShredder
It should be the current version, but check for updates

Run Program cwshredder and have it fix anything it finds.

Make sure you click the "Fix" button

Next:
Download Ad-aware CHECK FOR UPDATES.
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"

Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK."

Next
Dowload the latest version of Spybot 1.3. Please check it for updates, Run the program and have it fix anything it finds in Red
Restart your computer,

Next
Please disable System Restore,
How to turn off or turn on Windows XP System Restore


Next:
Go Here BitDefender Scan Online
Run a scan with BitDefender as well, Be sure and Check Auto Clean.

Next:
Go here Trend Micro - Free online virus Scan
Be sure and check Auto Clean before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

Next

Go to Add/Remove programs ( Click Start, Click Settings, Click Control Panel, Click Add/Remove Programs, Search for and remove ) " Messenger Plus! "

Restart your Computer Restart HJT and post back a fresh log please,

"I know you have run Ad-aware and spybot but please run them again please,"

Heres my new logfile....

Logfile of HijackThis v1.98.2
Scan saved at 5:19:13 PM, on 9/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
E:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
E:\Program Files\Messenger Plus! 3\MsgPlus.exe
E:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\or32PEnt.exe
E:\WINDOWS\System32\kipdhlq\jcgidnp.exe
E:\WINDOWS\System32\aulrhuf\peixwme.exe
E:\WINDOWS\System32\cnstgfo.exe
E:\PROGRA~1\INTERN~2\inetsvc.exe
E:\WINDOWS\System32\qhytpfo\rowynhb.exe
E:\WINDOWS\System32\bjgwqsi\encfumw.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\winmm64.exe
E:\WINDOWS\32s-.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\ntdtcsetup.log:ecrlw
E:\WINDOWS\system32\pctspk.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
E:\Program Files\Common Files\WinTools\WToolsS.exe
E:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\PROGRA~1\INTERN~2\inetmgr.exe
E:\Program Files\Common Files\WinTools\WToolsA.exe
E:\Program Files\Common Files\WinTools\WSup.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\atlxx32.exe
E:\Program Files\MSN\MSNCoreFiles\msn6.exe
E:\DOCUME~1\SAMPSO~1\LOCALS~1\Temp\ru5p3vs19ssh.exe
E:\Program Files\WinMX\WinMX.exe
E:\WINDOWS\System32\msd2dvag.exe
E:\WINDOWS\System32\atkmgr.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=n-noname
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s-redirect.com/?b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\umhmg.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://E:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=n-noname
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=n-noname
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://E:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - E:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {F3F6EF24-8004-2CA1-869C-76234529E398} - E:\WINDOWS\ntyi.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [Smapp] E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WebRebates0] "E:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [or32PEnt] E:\WINDOWS\system32\or32PEnt.exe
O4 - HKLM\..\Run: [jcgidnp] E:\WINDOWS\System32\kipdhlq\jcgidnp.exe
O4 - HKLM\..\Run: [peixwme] E:\WINDOWS\System32\aulrhuf\peixwme.exe
O4 - HKLM\..\Run: [jbjhzwoqmiboq] E:\WINDOWS\System32\cnstgfo.exe
O4 - HKLM\..\Run: [r74X3FQ] msd2dvag.exe
O4 - HKLM\..\Run: [inetmgr] E:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\Run: [rowynhb] E:\WINDOWS\System32\qhytpfo\rowynhb.exe
O4 - HKLM\..\Run: [encfumw] E:\WINDOWS\System32\bjgwqsi\encfumw.exe
O4 - HKLM\..\Run: [WinTools] E:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [atlxx32.exe] E:\WINDOWS\atlxx32.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\RunOnce: [AAW] "E:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Yahoo! Pager] E:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpywareGuardPlus] E:\WINDOWS\system32\winmm64.exe
O4 - HKCU\..\Run: [or32PEnt] E:\WINDOWS\system32\or32PEnt.exe
O4 - HKCU\..\Run: [32s-] E:\WINDOWS\32s-.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinMX] E:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [awv7RPcFj] atkmgr.exe
O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by NetAnts - E:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &All by NetAnts - E:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: e:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\lspak.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=f66fd496b5b0255a398635d94a18e0d240b46dc5bfc60462bdba0cff3416528dafe86c0f4c1b770ca3276b375f879b328d7cf6c801621e9bc758bda7def25cec:3c29cf5c59c88182cae40308989f203c
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) - http://206.65.172.231/check/netset//install/gtdowngc.cab

please reply asap.....iam dieing here....T-T X_X

Umm plz sum1 help........plz....

Logfile of HijackThis v1.98.2
Scan saved at 8:41:28 PM, on 9/9/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\logonui.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
E:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
E:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\or32PEnt.exe
E:\WINDOWS\System32\kipdhlq\jcgidnp.exe
E:\WINDOWS\System32\aulrhuf\peixwme.exe
E:\WINDOWS\System32\qhytpfo\rowynhb.exe
E:\WINDOWS\System32\bjgwqsi\encfumw.exe
E:\WINDOWS\netxm32.exe
E:\Program Files\Common Files\WinTools\WToolsA.exe
E:\WINDOWS\System32\aywonql\cogwkkh.exe
E:\WINDOWS\System32\ewsjksx\aiiyfgk.exe
E:\WINDOWS\System32\vpykxdy\cvsennx.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Yahoo!\Messenger\ypager.exe
E:\WINDOWS\system32\winmm64.exe
E:\WINDOWS\32s-.exe
E:\Program Files\WinMX\WinMX.exe
E:\PROGRA~1\ezula\mmod.exe
E:\PROGRA~1\Web Offer\wo.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\ntdtcsetup.log:ecrlw
E:\WINDOWS\system32\pctspk.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
E:\Program Files\Common Files\WinTools\WToolsS.exe
E:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\WinTools\WSup.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\PROGRA~1\INTERN~2\inetmgr.exe
E:\PROGRA~1\INTERN~2\inetsvc.exe
E:\DOCUME~1\SAMPSO~1\LOCALS~1\Temp\5xd2s8iq282.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\PROGRA~1\Web Offer\apev.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=n-noname
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s-redirect.com/?b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\apepy.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://E:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=n-noname
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=n-noname
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://E:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - E:\Program Files\TV Media\TvmBho.dll
O2 - BHO: Browser - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - E:\PROGRA~1\INTERN~2\inetkw.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - E:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {F3F6EF24-8004-2CA1-869C-76234529E398} - E:\WINDOWS\ntyi.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [Smapp] E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WebRebates0] "E:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [or32PEnt] E:\WINDOWS\system32\or32PEnt.exe
O4 - HKLM\..\Run: [jcgidnp] E:\WINDOWS\System32\kipdhlq\jcgidnp.exe
O4 - HKLM\..\Run: [peixwme] E:\WINDOWS\System32\aulrhuf\peixwme.exe
O4 - HKLM\..\Run: [r74X3FQ] finrsrc.exe
O4 - HKLM\..\Run: [inetmgr] E:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\Run: [rowynhb] E:\WINDOWS\System32\qhytpfo\rowynhb.exe
O4 - HKLM\..\Run: [encfumw] E:\WINDOWS\System32\bjgwqsi\encfumw.exe
O4 - HKLM\..\Run: [netxm32.exe] E:\WINDOWS\netxm32.exe
O4 - HKLM\..\Run: [WinTools] E:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [cogwkkh] E:\WINDOWS\System32\aywonql\cogwkkh.exe
O4 - HKLM\..\Run: [aiiyfgk] E:\WINDOWS\System32\ewsjksx\aiiyfgk.exe
O4 - HKLM\..\Run: [TB_setup] E:\DOCUME~1\SAMPSO~1\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [TV Media] E:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [cvsennx] E:\WINDOWS\System32\vpykxdy\cvsennx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Yahoo! Pager] E:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpywareGuardPlus] E:\WINDOWS\system32\winmm64.exe
O4 - HKCU\..\Run: [or32PEnt] E:\WINDOWS\system32\or32PEnt.exe
O4 - HKCU\..\Run: [32s-] E:\WINDOWS\32s-.exe
O4 - HKCU\..\Run: [WinMX] E:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [awv7RPcFj] spipy.exe
O4 - HKCU\..\Run: [eZmmod] E:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] E:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [TV Media] E:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by NetAnts - E:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &All by NetAnts - E:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=f66fd496b5b0255a398635d94a18e0d240b46dc5bfc60462bdba0cff3416528dafe86c0f4c1b770ca3276b375f879b328d7cf6c801621e9bc758bda7def25cec:3c29cf5c59c88182cae40308989f203c
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) - http://206.65.172.231/check/netset//install/gtdowngc.cab

I would have thought quite a bit of that would have been cleaned running the tools,

Check Ad-aware, CWS and Spybot for updates, Run them in safe mode ( By tapping the F8 key on start up) After you run them in safe mode run them again in normal mode,
Then run the Free online scans again please,
Then post back a fresh log

Umm yea my IE has ActiveX on umm how do i un-activate it so i can scan with trend micro....

sum1 please tell me how so i can scan.....

Hmmm... try Tools -> Internet options (or however it's called in English, I only have the German version of IE), there go to the security settings, click on the change button andthe topsmost options are for ActiveX.

OK umm i've scanned with all the stuff u told me to scan and heres the new log.....

Logfile of HijackThis v1.98.2
Scan saved at 9:11:06 PM, on 9/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
E:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
E:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\or32PEnt.exe
E:\WINDOWS\System32\kipdhlq\jcgidnp.exe
E:\WINDOWS\System32\aulrhuf\peixwme.exe
E:\PROGRA~1\INTERN~2\inetmgr.exe
E:\WINDOWS\System32\qhytpfo\rowynhb.exe
E:\WINDOWS\System32\bjgwqsi\encfumw.exe
E:\WINDOWS\netxm32.exe
E:\Program Files\Common Files\WinTools\WToolsA.exe
E:\WINDOWS\System32\aywonql\cogwkkh.exe
E:\WINDOWS\System32\ewsjksx\aiiyfgk.exe
E:\PROGRA~1\INTERN~2\inetsvc.exe
E:\WINDOWS\System32\vpykxdy\cvsennx.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Yahoo!\Messenger\ypager.exe
E:\WINDOWS\system32\winmm64.exe
E:\WINDOWS\32s-.exe
E:\Program Files\WinMX\WinMX.exe
E:\PROGRA~1\ezula\mmod.exe
E:\PROGRA~1\Web Offer\wo.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\ntdtcsetup.log:ecrlw
E:\WINDOWS\system32\pctspk.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
E:\Program Files\Common Files\WinTools\WToolsS.exe
E:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\WinTools\WSup.exe
e:\program files\warcraft iii\war3.exe
E:\DOCUME~1\SAMPSO~1\LOCALS~1\Temp\nmll53mq.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\system32\twxqh.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\twxqh.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\system32\twxqh.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://E:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\system32\twxqh.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\twxqh.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\system32\twxqh.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\system32\twxqh.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://E:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - E:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - E:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {F3F6EF24-8004-2CA1-869C-76234529E398} - E:\WINDOWS\ntyi.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [Smapp] E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WebRebates0] "E:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [or32PEnt] E:\WINDOWS\system32\or32PEnt.exe
O4 - HKLM\..\Run: [jcgidnp] E:\WINDOWS\System32\kipdhlq\jcgidnp.exe
O4 - HKLM\..\Run: [peixwme] E:\WINDOWS\System32\aulrhuf\peixwme.exe
O4 - HKLM\..\Run: [r74X3FQ] finrsrc.exe
O4 - HKLM\..\Run: [inetmgr] E:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\Run: [rowynhb] E:\WINDOWS\System32\qhytpfo\rowynhb.exe
O4 - HKLM\..\Run: [encfumw] E:\WINDOWS\System32\bjgwqsi\encfumw.exe
O4 - HKLM\..\Run: [netxm32.exe] E:\WINDOWS\netxm32.exe
O4 - HKLM\..\Run: [WinTools] E:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [cogwkkh] E:\WINDOWS\System32\aywonql\cogwkkh.exe
O4 - HKLM\..\Run: [aiiyfgk] E:\WINDOWS\System32\ewsjksx\aiiyfgk.exe
O4 - HKLM\..\Run: [TB_setup] E:\DOCUME~1\SAMPSO~1\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [TV Media] E:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [cvsennx] E:\WINDOWS\System32\vpykxdy\cvsennx.exe
O4 - HKLM\..\Run: [CC9BD85E] E:\WINDOWS\system32\67aawd.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Yahoo! Pager] E:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpywareGuardPlus] E:\WINDOWS\system32\winmm64.exe
O4 - HKCU\..\Run: [or32PEnt] E:\WINDOWS\system32\or32PEnt.exe
O4 - HKCU\..\Run: [32s-] E:\WINDOWS\32s-.exe
O4 - HKCU\..\Run: [WinMX] E:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [awv7RPcFj] spipy.exe
O4 - HKCU\..\Run: [eZmmod] E:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] E:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [TV Media] E:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CC9BD85E] E:\WINDOWS\system32\67aawd.exe
O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by NetAnts - E:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &All by NetAnts - E:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=f66fd496b5b0255a398635d94a18e0d240b46dc5bfc60462bdba0cff3416528dafe86c0f4c1b770ca3276b375f879b328d7cf6c801621e9bc758bda7def25cec:3c29cf5c59c88182cae40308989f203c
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) - http://206.65.172.231/check/netset//install/gtdowngc.cab

Whoah, either you catched a LOT of new stuff since the last log or...

So why don't you just remove all the propblematic stuff using programs such as Ad-Aware, Spybot Search & Destroy and PestPatrol?

.........................................
i did use all of those programs....wtf i got more?! omfg..........help....

Yep you got more but thats because this hijack morph's on you,

Please print out or copy to notebook or something you can access, Do not get back online till your finished with the instructions please

First
Download AboutBuster
Then Unzip it to your desktop.. ( Don't run it yet)

NextReboot into 'SAFE MODE'. (By tapping the F8 key on start up)


Please restart HJT put a check next to the following if they still exist, close all open windows and click "fix.checked"
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\system32\twxqh.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\twxqh.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\system32\twxqh.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://E:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\system32\twxqh.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\twxqh.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\system32\twxqh.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\system32\twxqh.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://E:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - E:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - E:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {F3F6EF24-8004-2CA1-869C-76234529E398} - E:\WINDOWS\ntyi.dll
O4 - HKLM\..\Run: [or32PEnt] E:\WINDOWS\system32\or32PEnt.exe
O4 - HKLM\..\Run: [jcgidnp] E:\WINDOWS\System32\kipdhlq\jcgidnp.exe
O4 - HKLM\..\Run: [peixwme] E:\WINDOWS\System32\aulrhuf\peixwme.exe
O4 - HKLM\..\Run: [r74X3FQ] finrsrc.exe
O4 - HKLM\..\Run: [inetmgr] E:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\Run: [rowynhb] E:\WINDOWS\System32\qhytpfo\rowynhb.exe
O4 - HKLM\..\Run: [encfumw] E:\WINDOWS\System32\bjgwqsi\encfumw.exe
O4 - HKLM\..\Run: [netxm32.exe] E:\WINDOWS\netxm32.exe
O4 - HKLM\..\Run: [WinTools] E:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [cogwkkh] E:\WINDOWS\System32\aywonql\cogwkkh.exe
O4 - HKLM\..\Run: [aiiyfgk] E:\WINDOWS\System32\ewsjksx\aiiyfgk.exe
O4 - HKLM\..\Run: [TB_setup] E:\DOCUME~1\SAMPSO~1\LOCALS~1\Temp\tb_setup.exe /dcheck
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [TV Media] E:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [cvsennx] E:\WINDOWS\System32\vpykxdy\cvsennx.exe
O4 - HKLM\..\Run: [CC9BD85E] E:\WINDOWS\system32\67aawd.exe
O4 - HKCU\..\Run: [or32PEnt] E:\WINDOWS\system32\or32PEnt.exe
O4 - HKCU\..\Run: [32s-] E:\WINDOWS\32s-.exe
O4 - HKCU\..\Run: [awv7RPcFj] spipy.exe
O4 - HKCU\..\Run: [eZmmod] E:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] E:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [TV Media] E:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [CC9BD85E] E:\WINDOWS\system32\67aawd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=f66fd496b5b0255a398635d94a18e0d240b46dc5bfc60462bdba0cff3416528dafe86c0f4c1b770ca3276b375f879b328d7cf6c801621e9bc758bda7def25cec
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab


Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD
E:\WINDOWS\ntyi.dll
E:\WINDOWS\system32\or32PEnt.exe
E:\WINDOWS\System32\kipdhlq\jcgidnp.exe
OE:\WINDOWS\System32\aulrhuf\peixwme.exe
finrsrc.exe
E:\PROGRA~1\INTERN~2\inetmgr.exe
E:\WINDOWS\System32\qhytpfo\rowynhb.exe
E:\WINDOWS\System32\bjgwqsi\encfumw.exe
E:\WINDOWS\netxm32.exe
E:\Program Files\Common Files\WinTools\WToolsA.exe
E:\Program Files\Common Files\WinTools\WSup.exe
E:\WINDOWS\System32\aywonql\cogwkkh.exe
E:\WINDOWS\System32\ewsjksx\aiiyfgk.exe
E:\DOCUME~1\SAMPSO~1\LOCALS~1\Temp\tb_setup.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
E:\Program Files\TV Media\Tvm.exe
E:\WINDOWS\System32\vpykxdy\cvsennx.exe
E:\WINDOWS\system32\67aawd.exe
E:\WINDOWS\system32\or32PEnt.exe
E:\WINDOWS\32s-.exe
spipy.exe
E:\PROGRA~1\ezula\mmod.exe
E:\PROGRA~1\Web Offer\wo.exe
E:\Program Files\TV Media\Tvm.exe
E:\WINDOWS\system32\67aawd.exe

Next
While still in safe mode,
Run About Buster twice in safe Mode Save the logs it generates,

Next
Restart your computer,

Run About Buster twice again please, Again save the logs from it and post back all the logs from AboutBuster and a fresh HJT log please.

Don't stress if we don't get it all the first time, This may take a couple runs

OMFG THANK U SO MUCH! YOUR A GODSEND! HAHAAH SO HAPPY ^^
n e ways here are the logs:

Logfile of HijackThis v1.98.2
Scan saved at 4:04:36 PM, on 9/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\pctspk.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
E:\Program Files\Common Files\WinTools\WToolsS.exe
E:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
E:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
E:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
E:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Yahoo!\Messenger\ypager.exe
E:\WINDOWS\system32\winmm64.exe
E:\Program Files\WinMX\WinMX.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
E:\Documents and Settings\Sampson & Staz\Desktop\AboutBuster\AboutBuster.exe
E:\Program Files\Windows Media Player\wmplayer.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=n-noname
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-noname
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [Smapp] E:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WebRebates0] "E:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Yahoo! Pager] E:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpywareGuardPlus] E:\WINDOWS\system32\winmm64.exe
O4 - HKCU\..\Run: [WinMX] E:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by NetAnts - E:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &All by NetAnts - E:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) - http://206.65.172.231/check/netset//install/gtdowngc.cab

Scanned at: 2:55:40 PM on: 9/12/2004


-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 3 Random Key Entries
Deleted 1 Service Keys Successfully!
Removed! : E:\WINDOWS\agtkz.dat
Removed! : E:\WINDOWS\aoyig.dat
Removed! : E:\WINDOWS\appex32.exe
Removed! : E:\WINDOWS\aybzm.dat
Removed! : E:\WINDOWS\bcpba.dat
Removed! : E:\WINDOWS\bqrcu.dat
Removed! : E:\WINDOWS\crpk.exe
Removed! : E:\WINDOWS\dfjhm.dat
Removed! : E:\WINDOWS\dhuoo.dat
Removed! : E:\WINDOWS\dsojv.dat
Removed! : E:\WINDOWS\ggdqp.dat
Removed! : E:\WINDOWS\ibdda.dat
Removed! : E:\WINDOWS\javayn32.exe
Removed! : E:\WINDOWS\lbzkz.dat
Removed! : E:\WINDOWS\ltjji.dat
Removed! : E:\WINDOWS\lubxl.dat
Removed! : E:\WINDOWS\mjymg.dat
Removed! : E:\WINDOWS\ntdo32.exe
Removed! : E:\WINDOWS\nycvk.dat
Removed! : E:\WINDOWS\onrrw.dat
Removed! : E:\WINDOWS\psaju.dat
Removed! : E:\WINDOWS\QuickBrowser.exe.$$$
Removed! : E:\WINDOWS\qxngu.dat
Removed! : E:\WINDOWS\rwjaf.dat
Removed! : E:\WINDOWS\sbgpd.dat
Removed! : E:\WINDOWS\sdkeq32.exe
Removed! : E:\WINDOWS\sysde32.exe
Removed! : E:\WINDOWS\sysjf.exe
Removed! : E:\WINDOWS\sysoa.exe.bak
Removed! : E:\WINDOWS\tmyoo.dat
Removed! : E:\WINDOWS\tywpu.dat
Removed! : E:\WINDOWS\ueiqm.dat
Removed! : E:\WINDOWS\vlont.dat
Removed! : E:\WINDOWS\wsacx.dat
Removed! : E:\WINDOWS\xwefp.dat
Removed! : E:\WINDOWS\yjklc.dat
Removed! : E:\WINDOWS\zsvyr.dat
Removed! : E:\WINDOWS\System32\acrhm.dat
Removed! : E:\WINDOWS\System32\apiuh32.exe
Removed! : E:\WINDOWS\System32\appeg32.exe
Removed! : E:\WINDOWS\System32\atlls.exe
Removed! : E:\WINDOWS\System32\bdqkk.dat
Removed! : E:\WINDOWS\System32\chcox.dat
Removed! : E:\WINDOWS\System32\crnb32.exe
Removed! : E:\WINDOWS\System32\czcyi.dat
Removed! : E:\WINDOWS\System32\fmato.dat
Removed! : E:\WINDOWS\System32\gmdiw.dat
Removed! : E:\WINDOWS\System32\gubyv.dat
Removed! : E:\WINDOWS\System32\gvztq.dat
Removed! : E:\WINDOWS\System32\ipnw.exe
Removed! : E:\WINDOWS\System32\ixxdw.dat
Removed! : E:\WINDOWS\System32\javacw.exe
Removed! : E:\WINDOWS\System32\jtudy.dat
Removed! : E:\WINDOWS\System32\lgmau.dat
Removed! : E:\WINDOWS\System32\ljhva.dat
Removed! : E:\WINDOWS\System32\mfcwu32.exe
Removed! : E:\WINDOWS\System32\mswua.dat
Removed! : E:\WINDOWS\System32\mszw32.exe
Removed! : E:\WINDOWS\System32\netcq.exe
Removed! : E:\WINDOWS\System32\nettf.exe
Removed! : E:\WINDOWS\System32\netxo32.exe
Removed! : E:\WINDOWS\System32\noqpj.dat
Removed! : E:\WINDOWS\System32\nthz32.exe
Removed! : E:\WINDOWS\System32\ohknh.dat
Removed! : E:\WINDOWS\System32\pnrjw.dat
Removed! : E:\WINDOWS\System32\sdkqq.exe
Removed! : E:\WINDOWS\System32\sysuk32.exe
Removed! : E:\WINDOWS\System32\tgtur.dat
Removed! : E:\WINDOWS\System32\ttqym.dat
Removed! : E:\WINDOWS\System32\ueagn.dat
Removed! : E:\WINDOWS\System32\vrgbh.dat
Removed! : E:\WINDOWS\System32\vskgo.dat
Removed! : E:\WINDOWS\System32\wgbsg.dat
Removed! : E:\WINDOWS\System32\winaz.exe
Removed! : E:\WINDOWS\System32\ztoca.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 3 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!






Scanned at: 3:21:34 PM on: 9/12/2004


-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 3 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 3 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!






Scanned at: 4:04:10 PM on: 9/12/2004


-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 6 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 6 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!


Umm one more thing....uhhh do u have any idea why i cant sign into msn messanger?

Now that looks abit better!
Couple more to fix though,
Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=n-noname
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=n-noname
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-noname
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-noname
O4 - HKLM\..\Run: [WebRebates0] "E:\Program Files\Web_Rebates\WebRebates0.exe"

. Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD
E:\Program Files\Web_Rebates\WebRebates0.exe

Restart your computer and post back a fresh log please,


I see it running in your start ups, do you mean it wont open for you ?

Umm no it wont sign me in....i have everything correct (user name and pass) but it wont sign me in....