You are not clean by a long way!
And I am not sure if I should help you at all! You don't even have any Antivirus or Antispyware on that PC!
Makes me wonder how you got away with that.
Download and install Adaware and Spybot from the links in this post:
https://www.techspot.com/vb/topic17297.html
Install an Antivirus program. A good free one is e.g. AVG from
www.grisoft.com
Once installed, update all those programs regularly, so you always have the latest definitions.
Boot in Safe Mode
Switch Off System Restore
My advise: UNinstall all those toolbars! You got Google, MSN, Yahoo, why? All they do is clutter your PC.
Press ctrl/alt/del and in Taskmanager try to STOP:
LOADQM.EXE
WINAMPA.EXE
IR5OLE32.EXE
IOSIL400.EXE
CP32NBTN.EXE
Next, try to UNinstall anything to do with:
C:\PROGRA~1\ONE-TO~1\CP32NBTN.EXE
Next, run Hijackthis on its own and let it 'fix' (if still there):
C:\WINDOWS\
LOADQM.EXE
C:\PROGRAM FILES\WINAMP\
WINAMPA.EXE
C:\WINDOWS\SYSTEM\
IR5OLE32.EXE
C:\WINDOWS\SYSTEM\
IOSIL400.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.120.75.136:80
O4 - HKLM\..\Run: [CP32NOT] C:\PROGRA~1\
ONE-TO~1\CP32NBTN.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [rs8V36X] IR5OLE32.EXE
O4 - HKCU\..\Run: [aBr9RWbmX] IOSIL400.EXE
O14 - IERESET.INF: START_PAGE_URL=http://welcome.hp.com/country/uk/eng/welcome.htm
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) -
http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.com/download/cult.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
When done, delete the
bold files. When a
directory is also
bold, delete everything in it, including that directory itself.
Clean your Temp directory, you temp. internet files, all your cookies etc.
Boot back in normal.
If all is OK, switch on System Restore if you like.