Need Help with Generic Solution

You really should have followed this this Sticky thread first:
< READ ME FIRST: Basic Spyware, Trojan And Virus Removal >

And note there are guidelines in another Sticky thread on posting HijackThis logs (when and how).
< Hijack This Tutorial And How To Post Your Log File >

Do not post a HijackThis log until we ask you to and when we do it must be text document attachment to your message.

Update! Due to Hijack This logs destroying search engine and web site searches, we now ask you do not post your Hijack This log file unless requested by us. It is for advanced users, so if you do not understand how to use it, you do not need it....yet. Instead, please tell us in your post what symptoms you are experiencing so we can try and resolve it that way. When, and if, we ask you to post your log file, please attach it as a file. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!

I changed you log into an attachment.

 

Before continuing with the Generic Solution steps you should run HijackThis (HJT) and fix the following lines:

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobid

The only O8 line I see is:
O4 - HKLM\..\Run: [ipjr.exe] C:\WINDOWS\system32\ipjr.exe

But that could change (along with other items) if you have rebooted your PC since posting your HJT log.

I don't like the looks of this: C:\WINDOWS\accessories.ico:kvuhp showing in your processes list.
It looks like ADS (Alternate Data Stream). Make note of whether About:Buster catches this later when you run it.

Did you find NSS or WNS in step 6?

 

Well if you go thru that read me first sticky now it will require a reboot to safe mode which is going to require a new HijackThis log. I would really like you to try something first though before you start or continue the Generic Solution. It will be faster (if it works). It is something that came out from Symantec and sounds to me like it may be useful.

Please try this: Backdoor.Agent.B Removal Tool 1.0.1.2:
http://www.majorgeeks.com/download4337.html

Follow the directions on that link exactly. Tell me how it works out.

 

Here is a link to more information on this tool:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.agent.b.removal.tool.html

and another on the trojan itself:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.agent.b.html

 

No! I guess you did not have the exact form they look for. Reading thu their info I see there are similarities and also major differences to the HSA hijack. So back to the Generic Solution. I assume you now have a new HJT log we will have to look at because your PC may now have been rebooted?

 

About:Buster does not do anything with O14 lines.

You should have posted the About:Buster logs and also post a new HijackThis log. Post then as an attachment or attachments. It is not unusal to have to try some repetition to fix this problem. Especially since the hijackers are constantly evolving. However, this also happens if a particular instruction is not followed correctly, a step is skipped, or we fail to see a particular running process that is part of the problem and we do not end it and delete it.

Did this go away? C:\WINDOWS\accessories.ico:kvuhp