UNKOWN spyware!!!!

Hi major and everyone, I have been hunted by a spyware that I cannot control. I really dont know where to start. but I will start like this: I have read and did the read me first page that you have listed. I have gone through it very carefully. here is the spyware. it is a loop, I cant figure out where it starts and where it ends.

it all starts (in my opinion) with any of these websites popups:

http://searchmiracle.com/ads/search.php?qq=casino
http://ads1.revenue.net/l?O_RANK=1&O_CREATIVE_ID=206179&O_SITE_ID
http://ads1.revenue.net/l?O_RANK=-1&O_CREATIVE_ID=206179&O_SITE_ID=13417&
http://ads1.revenue.net/r?site_id=13417&pplacement_id=1
http://web.tickle.com/tests/uiq/index2.jsp?sid=2577&supp=banemedia1&z=
http://install.searchmiracle.com/ads/search.php?qq=health insurance
http://install.searchmiracle.com/ads/search.php?qq=viagra
http://searchmiracle.com/ads/search.php?qq=debt consolidation
http://images.trafficmp.com/tmpad/content/space.gif

----------------------
then the homepages start to change to any of these:

http://www.coolsearch.biz/over-frame.htm
http://coolsearch.biz/over-frame.htm
http://www.n-udd.com/?id=royal&c=jJj1i0jF9xw56xeZ1lAv9H5zmC70i7m3
http://www.slotchbar.com/uninstall/removed.html
http://www.slotch.com/
----------
the add remove program unknown entries become like the following.

active alert
internet optimizer
sidefind
( if removed then i get this)
elitebar internet explorer toolbar

----------------------------------------------

how on to what i have done so far.:
1) in safemode
- ran symantec anivirus client
- ran mcafee antispyware
- ran ad-aware se personal
- ran plvx2cleaner
- ran ccleaner
- ran spybootsd
- ran spywareblaster (though i disabled it because it was useless)
- ran stinger
- ran cwshredder
- ran kill2me
- ran jdtrmobr
- ran hijackthis. (removed everything logically to be removed)
- gone into regedit, removed searchmiracle entries values keys...
- add remove program , removed the enties above.
- i have used windows xp professional cd to remove internet explorer (thought it would still open misteriously)
- downloaded sp 2 ( and ever since , i am not able to restore a point prior to its installation... bastards... even thats out of the question)
- removed registery for elitebar: **** and please note this one::: every time i unregister the dll and i remove it from safemode and i restart, it reappears. both the in the windows folder and in the add remove.

EVERY THING STATED ABOVE I HAVE TRIED ATLEAST 10 TIMES, AND EVERY TIME THIS SPYWARE/VIRUS/PIECE OF CRAP RELOOPS AND RE STARTS AT SQUARE ONE.

now having said all that ... and having released some anger... this is the point at which i stand. i may have missed a couple of other thing.. here and their. but i feel that i have tried everything and I am about to throw this out the window (because my xp reinstall cd wouldnt even reinstall (for some reason))

now my friends, this is my situation not to mention my life situations.... (I will leave that for another thread though)

I am open to your help. I cant be the only one in this world who has cought this nasty thing. this is not a gradual process, i take care of my computer. this was a sudden thing. their is one thing that has/is causing this.. but again i dont know where to start.

 

i have uploaded the txt file of my hijack log.

please note that even after removing some obovious entries:

popups like:
http://searchmiracle.com/ads/search.php?qq=casino
http://searchmiracle.com/ads/search.php?qq=debt+consolidation
http://searchmiracle.com/ads/search.php?qq=viagra
http://ads1.revenue.net/l?O_RANK=-1&O_CREATIVE_ID=206179&O_SITE_ID=13417&

and the process of all the entries in add/emove program and homepage reloop
even after running the below entries. my intuition tells me this is all relating to the elitebar. but for some reason it does not unregister.



------------
some entries that i have removed in the past and have reappeared are:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=137837
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=137837
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=137837
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.coolsearch.biz/
...
..
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\WINDOWS\EliteBar\EliteBar.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\WINDOWS\EliteBar\EliteBar.dll



please advise. I appreciate your time major... i have great respect for you for helping people.

 

other pop ups are from "searchmiracle" .com (these entries did not appear in my previous post).

 

major,

thanks for the help. its gone now. I o u a b e e r buddy