Spyware: anything has failed!!!

Hi to everyone,
I'm writing 'cause I think I've done all that was in my possibility to eradicate that son of a spyware which is dwelling in my computer...

I used the Trend Micro's online scan as you said and now it says it's clean, though I was not able to use also the Synabtec in safe mod, I think the spyware blocks it in some way...

Than I started CCleaner, Ad Aware with plug in for VX2, Spybot, CW Shredder, Kill2me, about:Buster, HS remove, spyware Blaster, I even used the trial of Spy Sweeper, and it found even more things...

Then I Hijacked and delete from the log things that seemed dangerous...

Now I still get that when I open the IE, whichever in the URL I put in, it tries to go to http://a-search.biz/?wmid=1010 and sometims a little window shows up saying no modem found...

I did everything you said, the only thing I wasn't able to do was the part of services.msc, 'cause I'm from Italy and I don't know which would be the EXACT translation for RCP or the other running object and since you said to stop only those, I preferred not to do stop anything...

So please, give me any advice, I'm working on this since a week, some more days and I'll be flamethrowing my case...
Thanks

PS By the way, doing the process in safe mode again always bring ADware and Spybot finding some new spyware...

 

Here is my last Hijack Scan called "now"; the old one is "oldall" and has got all the lines before my fixing...

Thank you for your help

 

Hi Chaslang,
sorry if I didn't answer before, but yesterday has been a really hard work' day...

I did al that you said, but my problen still seems to be there, id est when I start I.E. it's redirected from my homepage to http://a-search.biz/?wmid=1010 and then tries to load "sextracker" or something like that, but I stop it immediately...

The name of the window is "about: blank Trusted Start Page Microsoft Explorer - Microsoft Internet Explorer": any idea?

Thank you in advance

 

Greetings Major,
I hope not to create problems, but I'd like to attach my new Hijack log, so you can have a look about what is going on...

It seems to me there are no more "strange" lines (apart from those 4 on svchost.exe, all the same, but repetead four times...), but the problem still lingers there...

Now I've updated my OS to SP2, but nothing has changed, the only event is that I had to shut down Zone Alarm or I wouldn't be able to surf the net...

Thank you again

 

Yes Mayor,
I used the control panel to uninstall WinAD, then the lines disappeared as well...
The strange thing is always svchost.exe: now I have 5 files with the same name running, one more then before and two of them are of Netsystem (the better translation I could give for "Sistema di Rete")... if I HijackThis in safe mode, there would be only two of them running...

 

Hi Chaslang,
I think that my log now looks fine too, but the problem's still there, I.E. is redirected to that page and I've not found a way to stop this... could it be the RCP problem?

Thanks

 

One thing I forgot to say: if I hit the start button and click on Search, the toolbar on the bottom on the screen freeze... and nothing else happen!!!

 

I manage to kill it!!!
With today's update from Norton the antivirus recognize a Trojan start page file: I couldn't delete it even in safe mode, so I used Hijack this to kill the .dll on the next start up!

Thank you very much for everything, finally my computer is clean!!!

 

I'm not very sure, it started with "ENR" and than there were Q B and some other letters, but I cannot remember the right order... sorry, I didn't think it was important...

Later I'll look on the other computer to see if Hijack has keep some record of it, bye!

 

I know that, what I wanted to say was that I was going to look for a log or something like that; I didn't find it in Hijack, but Norton has it and I was able to get the name of the DLL: enrlkqbb.dll !!!

Well, I said "ENR" than Q and B and some other but I didn't remembre the order: not a photografic memory, but perhaps a 0.5 megapixel would do a worse job...

Bye and thanks again!

 

Here I am!
I'm sory Chaslang, but Norton didn't give any additional information, it only says "Trojan start page"...

It also found another file the same day, which was twink64.exe, but again the description was the same.

Bye