Help with stubborn spyware..HJT log posted...Need Help PLZZ

We have guidelines about posting HijackThis logs the must be followed. See below. Also you need to run msconfig and set it to Normal Startup so we can see everything that may be loaded on your PC.
Please follow the directions and do not post HJT logs in line. Also complete all steps of the READ ME FIRST thread. You have not run the Trend Micro online scan.

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Sorry but your log does not indicate that the Trend Micro online scan was run. It shows the Symantec scan but not TrendMicro. When either the Symantec or Trend scan are run, they leave an item that will always show in the O16 section of your HijackThis log.

Where you running two session of Internet Explorer? I see the below in your HJT log:
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

Remember browsers MUST be shut down before running HJT. If you were not running HJT, it could be due to a piece of malware.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ztpmodjfveha.com/9xKWjFF3A/GMOjOuz_yXGJ_nQNgYKDQC73CPOglGKjMq87FikCNxK_4ePom_f77Q.html

Do you recognize the below? I believe it is malware so if you do not know what it is fix the next line too.
O4 - HKCU\..\Run: [Bytesect] C:\DOCUME~1\Jahan\APPLIC~1\OWNSBA~1\SENDCITYSTART.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\DOCUME~1\Jahan\APPLIC~1\OWNSBA~1\SENDCITYSTART.exe <--- delete this if you decided to fix the O4 line above with HJT

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Your log is clean now! Are you having any problems?

 

You could try first making sure you have the definitions for MS Antispyware updated and then boot into safe mode and run a full scan. Then boot normal mode and see what happens. If you still have problems, the only way we will be able to fix them is when we can see them. This we would have to allow them to occur. So that would require disabling all of MS AS's protections or uninstalling if necessary.