enjoywebsurf has taken over my IE - please help!!

Hi, I have a really anoying problem and was wondering if anyone knows how to help me.

Whenever I go on to internet explorer a page called http://enjoywebsurf.com/images/img.JPG comes up which is a page saying 'e search'.

I have tried running all the programs on the trojan, viruses and spyware help page here, but they haven't help solve the problem. I've also downloaded hijackthis and followed the advice given to me about my log on Help2Go detective and Hijack This Analysis. This also hasn't helped...

Would anyone here be able to look at my Hijackthis log and tell me what to fix??

Thanks,
Sip

 

After doing ALL of the TUTORIAL if you still have a problem send is a HJT log. I won't be around this morning but maybe someone else will show up and take a look at it.
Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, INCLUDING YOUR WEB BROWSER, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder for example C:\Program Files\HJT

 

Here's my log:

 

I hate spyware, makes me money but I hate it!

The key to solve this problem is to remove the following registy key.

HKLM\system\currentcontrolset\enum\root\LEGACY_(some random numbers)

It is normally the first one that says LEGACY_something.

It wont normally let you remove it so you need to change the Permissions on it. Right Click the key, Permissions add Administrator (yes you have to be one to remove it) and give yourself full control. Now you can delete it.

Use Adaware and remove everything else it finds, then reboot. Or use HJT to remove the keys that look like

res://C:\WINDOWS\vaepx.dll/sp.html#10213

the dll filename changes randomly and the number at the end too. Remove the dll from your HDD too. If you only remove the dll but dont remove the LEGACY registry entry, the problem will be there when you reboot with another dll name.

Problem should be solved. Worked for me after loosing half a day solving the problem.

Good luck.

 

G'day!
The steps relayed so far worked to an extent, but not permanently.
I tried CWShredder:

http://www.spywareinfo.com/~merijn/downloads.html

and that seems to be just the thing! No more enjoywebsurf.
You'll have a "aww, crap, it didn't work" moment or two when you re-open your IE browser as it will go to the about:blank page, but do nothing. All you have to do is reset your home page to whatever it used to be and you're done!

I also found a couple of JavaScripts in the root directory that appear to have been generated about the same time. I renamed them and deleted them later when the process was all done.

Pretty ingenious, actually. This exploit appears to take advantage of a JavaScript error in the URL-encoded part. Once escaped, it becomes a couple of JavaScript function definitions. The rest of it is a semi-encrypted JavaScript. If anyone is interested, I'll post up the decrypted code...it was fun busting this thing open!

So, all in all, it seems to be another CoolWebSearch variant. But it's killable!