69sexsearch broswer hijack--need assistance removing

HJT is not the first step and we have guidelines about when and how to post logs. Please follow our guidelines. You must not run HJT directly from the ZIP file as you are doing and you must exit all browsers before running. You have several trojans running on your system. You need to follow ALL the steps below.

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

After running all the steps in my previous post and making sure HJT is installed in the proper directory as requested. Run the steps below to fix any remaining problems that the cleaning steps did not fix. I believe some of the trojans I indicated below may be corrected by now (the online scanners shoul d possible fix them), but just incase, complete the steps below and just ignore any items that are already gone.


Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).

Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, End them:
s32atl.exe
xpsp2fw.exe
wuclient.exe

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [9FB7F056] C:\WINDOWS\system32\cnoev.exe
O4 - HKLM\..\Run: [F1DB484E] C:\WINDOWS\system32\s32atl.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O4 - HKCU\..\Run: [9FB7F056] C:\WINDOWS\system32\cnoev.exe
O4 - HKCU\..\Run: [F1DB484E] C:\WINDOWS\system32\s32atl.exe
O15 - Trusted Zone: http://*.69sexsearch.com

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\system32\xpsp2fw.exe
C:\WINDOWS\system32\cnoev.exe
C:\WINDOWS\system32\s32atl.exe
C:\WINDOWS\system32\wuclient.exe

Now reboot in normal mode and post a new HJT log. And tell us how things are working.