Hi and Welcome to TSF
Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.
Also make sure you are using the the latest version (1.99.1) of
HijackThis and it's installed in it's own folder on the root drive.
(C:\HJT)
Please download
LQfix batch here:
http://www.downloads.subratam.org/LQfix.zip
Unzip it to the desktop but do
NOT run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml
Once in Safe Mode, please run
LQfix.bat. Once it completes run hijackthis and fix the following entrys..
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.xosearchox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xosearchox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.xosearchox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.xosearchox.com/sp2.php
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\ETB\POKAPOKA63.EXE
O15 - Trusted Zone: *.verisign.com
C:\WINDOWS\
ETB<--delete that folder
C:\WINDOWS\SYSTEM\
ONPB.EXE<---delete that file
Run the
Cleanup utility again and reboot/logoff when prompted.
Once back to normal windows....
Please run an online scan at
http://www.pandasoftware.com/actives..._principal.htm
Once it has finished save the activescan log. Then post that log in your next post along with a new hijackthis log.