[Mobo]

Lets at this time rescan once again with hijack, insert a check next to each of the following then close all other open browser windows and click "fix checked"


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com


R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain

O4 - HKLM\..\Run: [NvmhiKsS] C:\WINDOWS\advfwe.exe

O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe

O4 - HKLM\..\Run: [-
] C:\WINDOWS\advfwe.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)

O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.cheatdomain.de/Instal...sAssistent.ocx


Then set the syetm to show hidden files & folders http://www.spyware911.net/forum/index.php?...ge&pg=showfiles

reboot into safe mode http://www.spyware911.net/forum/index.php?...age&pg=safemode

Locate then delete:
C:\Program Files\Ebates_MoeMoneyMaker
C:\WINDOWS\advfwe.exe
C:\WINDOWS\system32\wsxsvc
C:\Program Files\WildTangent

Reboot, rescan again with hijack and post a fresh hijack log as well as whether or not it has cleared.