http://rl.webtracer.cc/-/?bayzm

After doing what Tblue suggested (make sure you follow all the steps), if you still have a problem:
- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENTto your next message. (Do NOT copy/paste the log into your post).

 

Before continuing with repairs, a few up front observation, comments and questions.

You should uninstall SpyHunter as it is a rogue/suspect spyware removal tool.

Questions:
1) Why are you installing software into inappropriate folders!
- You have MailFrontier Desktop (Matador) email spam blocker software installed into a folder that belongs to ZoneAlarm. Here is the file I'm referring too:
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe

2) The only trace I see of an antivirus application installed is:
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe

which is used by Zonelabs as part of their AV. But it seems like there is no antivirus application itself. Do you have it disabled or uninstalled.

3) Aluria is a company that is associated with spyware/adware. You have the below:
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\Program Files\Aluria Security Center\ascserv.exe
Is this something you purchased! It is not rated very highly either. Do you feel comfortable with this package and do you think it is actually helping you? (I don't!).

 

Why did you post the help file for locate.bat? You were supposed to post the log file it created after running it.

You MUST remember to exit all browsers before you run HijackThis. Not doing so could make it impossible to fix problems. You had the below running:
C:\Program Files\Internet Explorer\iexplore.exe

 

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixss.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixss.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Reboot into to Safe Mode and use Windows Explorer to navigate to the below folder:
C:\WINDOWS\SYSTEM32\DRIVERS

No look for the following file: disdna.sys
Right click on this files and select rename. Change the name to: disdna.sss

Now reboot back ino Normal Mode.
Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
O1 - Hosts: 1159680172 auto.search.msn.com
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O19 - User stylesheet: C:\WINDOWS\stsheets.dat
After clicking Fix, exit HJT.

Reboot into safe mode and find and delete:
C:\WINDOWS\stsheets.dat

Reboot again into Normal Mode.

Download this proram and follow the below steps Hoster.

1. Unzip Hoster to a convenient folder such as C:\Hoster.

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

Post a new HijackThis Log!

 

Okay! Be sure to post a copy of the log from locate.bat too.

 

Phil,

You are not saving and attaching these files correctly. They have no carriage returns in them. You must save them directly from HijackThis as a log file which should open up notepad. Then you should directly upload that notepad file. Do not use any other tools or editors to manipulate or work with the log files.

 

That was the problem! I was guess since you did not post the locate log file the first time.
Go back and repeat the process but instead of disdna.sys

look for C:\WINDOWS\SYSTEM32\DRIVERS\CBIDF2KZ.SYS

and rename it to CBIDF2KZ.SSS

 

Don't bother right now. Just redo the process with the new .SYS file I gave you.

Then do what was mention in the thread PP gave you with the RegSrch Tool
We need to find other place where stsheets occurs.

 

You still posting you HJT logs incorrectly. Please stop using Wordpad!

 

Still not correct. What are you doing differently than you did in message number 5? In that message you attached it properly. Just save the file with HJT (yes the name must be different each time but that is easy to do as HJT saves the file). When you save a log with HJT is it bringup notepad or Wordpad.
If it is Wordpad you must have changed the file associations.

 

Are you still forgetting to exit browsers or is something else running IE?

C:\Program Files\Internet Explorer\iexplore.exe

And what is this below program?
C:\Program Files\crc\crc.exe

 

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixsts.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixsts.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

 

You're welcome! You should make sure you have done the steps in the below thread (or the equivalent of those steps) to help avoid future problems:

How to Protect yourself from malware!

 

Thanks for the info on crc. Did you see my message below? We posted at the same time.

 

I learned about PC's and Windows thru many years of use and programming.
As far as spyware, just applying knowledge of the OS together with lots of daily learning myself since malware changes constantly. Most of our typical procedure work pretty well on getting quite a bit of malware problems removed. But sometimes, some extra little tweaking is required and we learn that as we go along. Since we did not create the malware, when new ones come along we have to figure out how the stubborn ones are working and how and where they hide themselves. Then we figure out when we need to do to fix the buggers.

 

You're welcome! Happy safe surfing!