So ive been using spybot and adware... And "Cool Web Search.aaf.winshow" and "Trek Blue Error Nuker" always seem to pop up... And once they both get deleted... They pop up back again 5 min later when i scan my computer... And my homepage cant be changed either.... Everytime I do it goes back again to some weird page... Anyway heres my hijackthis report

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ykzmr.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ykzmr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ykzmr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ykzmr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ykzmr.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ykzmr.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ykzmr.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {C40122F1-A8B0-A3C3-6FB0-84B04256A6CB} - C:\WINDOWS\system32\atlxs32.dll
O2 - BHO: Class - {C74F8C59-7B4A-EAD1-B9DA-0FD02ABAE0E2} - C:\WINDOWS\system32\netku32.dll
O2 - BHO: Class - {E3BCE414-E67C-A5E2-B041-270AA8258696} - C:\WINDOWS\mfcre32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iesn32.exe] C:\WINDOWS\system32\iesn32.exe
O4 - HKLM\..\RunOnce: [atlvh32.exe] C:\WINDOWS\system32\atlvh32.exe
O4 - HKLM\..\RunOnce: [appam32.exe] C:\WINDOWS\appam32.exe
O4 - HKLM\..\RunOnce: [ipli.exe] C:\WINDOWS\system32\ipli.exe
O4 - HKLM\..\RunOnce: [ipdu32.exe] C:\WINDOWS\ipdu32.exe
O4 - HKLM\..\RunOnce: [ipdc.exe] C:\WINDOWS\system32\ipdc.exe
O4 - HKLM\..\RunOnce: [appif32.exe] C:\WINDOWS\appif32.exe
O4 - HKLM\..\RunOnce: [appca32.exe] C:\WINDOWS\appca32.exe
O4 - HKLM\..\RunOnce: [crno32.exe] C:\WINDOWS\crno32.exe
O4 - HKLM\..\RunOnce: [javaaz.exe] C:\WINDOWS\javaaz.exe
O4 - HKLM\..\RunOnce: [apinb32.exe] C:\WINDOWS\system32\apinb32.exe
O4 - HKLM\..\RunOnce: [ipnf.exe] C:\WINDOWS\ipnf.exe
O4 - HKLM\..\RunOnce: [javapu32.exe] C:\WINDOWS\javapu32.exe
O4 - HKLM\..\RunOnce: [mfccw.exe] C:\WINDOWS\mfccw.exe
O4 - HKLM\..\RunOnce: [addjf32.exe] C:\WINDOWS\addjf32.exe
O4 - HKLM\..\RunOnce: [javasl32.exe] C:\WINDOWS\system32\javasl32.exe
O4 - HKLM\..\RunOnce: [apixn32.exe] C:\WINDOWS\system32\apixn32.exe
O4 - HKLM\..\RunOnce: [apidc.exe] C:\WINDOWS\apidc.exe
O4 - HKLM\..\RunOnce: [winqe32.exe] C:\WINDOWS\winqe32.exe
O4 - HKLM\..\RunOnce: [ieqg.exe] C:\WINDOWS\system32\ieqg.exe
O4 - HKLM\..\RunOnce: [sdkva.exe] C:\WINDOWS\system32\sdkva.exe
O4 - HKLM\..\RunOnce: [addqm32.exe] C:\WINDOWS\addqm32.exe
O4 - HKLM\..\RunOnce: [crvo32.exe] C:\WINDOWS\crvo32.exe
O4 - HKLM\..\RunOnce: [mfcgt32.exe] C:\WINDOWS\mfcgt32.exe
O4 - HKLM\..\RunOnce: [appjf.exe] C:\WINDOWS\system32\appjf.exe
O4 - HKLM\..\RunOnce: [appeo.exe] C:\WINDOWS\appeo.exe
O4 - HKLM\..\RunOnce: [croe32.exe] C:\WINDOWS\croe32.exe
O4 - HKLM\..\RunOnce: [msin32.exe] C:\WINDOWS\msin32.exe
O4 - HKLM\..\RunOnce: [sdkfx.exe] C:\WINDOWS\system32\sdkfx.exe
O4 - HKLM\..\RunOnce: [sdkyc.exe] C:\WINDOWS\sdkyc.exe
O4 - HKLM\..\RunOnce: [netor.exe] C:\WINDOWS\netor.exe
O4 - HKLM\..\RunOnce: [netre32.exe] C:\WINDOWS\system32\netre32.exe
O4 - HKLM\..\RunOnce: [sdksy32.exe] C:\WINDOWS\system32\sdksy32.exe
O4 - HKLM\..\RunOnce: [atlxs32.exe] C:\WINDOWS\system32\atlxs32.exe
O4 - HKLM\..\RunOnce: [d3kj32.exe] C:\WINDOWS\d3kj32.exe
O4 - HKLM\..\RunOnce: [addqw.exe] C:\WINDOWS\system32\addqw.exe
O4 - HKLM\..\RunOnce: [iefd.exe] C:\WINDOWS\system32\iefd.exe
O4 - HKLM\..\RunOnce: [sdklg.exe] C:\WINDOWS\sdklg.exe
O4 - HKLM\..\RunOnce: [ipqr.exe] C:\WINDOWS\system32\ipqr.exe
O4 - HKLM\..\RunOnce: [addkg32.exe] C:\WINDOWS\system32\addkg32.exe
O4 - HKLM\..\RunOnce: [d3yi.exe] C:\WINDOWS\system32\d3yi.exe
O4 - HKLM\..\RunOnce: [ieos.exe] C:\WINDOWS\ieos.exe
O4 - HKLM\..\RunOnce: [ntum.exe] C:\WINDOWS\ntum.exe
O4 - HKLM\..\RunOnce: [apijd.exe] C:\WINDOWS\apijd.exe
O4 - HKLM\..\RunOnce: [winox.exe] C:\WINDOWS\system32\winox.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Blackjack -
O16 - DPF: Yahoo! Chess -
O16 - DPF: Yahoo! Literati -
O16 - DPF: Yahoo! Poker -
O16 - DPF: Yahoo! Pool 2 -
O16 - DPF: Yahoo! Towers 2.0 -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) -
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} -
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LEC TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Before going to the HijackThis, please perform these steps:-

1] Download and install CCLeaner. Run it, click "Options" button and here go to "Settings" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" for the warning messge.

2] Run an online virus scan at Panda ActiveScan and save the log file it gives.

3] Download and install Ewido. When you run it for the first time, you receive the warning "No database found", click "OK" to this. Next in the main screen of the Ewido, click "Update" and click "Start update" button. After the update process, click the "Scanner" button, and click "Start".
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK. When the scan finishes, click on "Save Report".

4] Restart the PC, run HijackThis agian, and post a new log, along with this, please post the log files of Panda ActiveScan and Ewido.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.