hijacked by res://C:\WINNT\system32\enisb.dll/sp.html#96676

I looked in the previous posts with similar titles, and tried the methods suggested - CWShredder, deleting the enisb.dll file and replace it with a blank txt file (I even made that read-only just to be sure), and I tried deleting all the entries referencing to it in HijackThis (and the BHO just to be safe).
It would work for a while, but after a few minutes / after shutting down and restarting IE a few times, it'd come back with a different filename for the .dll.

Please let me know how to fix it, Thank you very much.

here's the log:

Logfile of HijackThis v1.97.7

Scan saved at 5:00:33 PM, on 7/19/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\System32\ibmpmsvc.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINNT\System32\GEARSEC.EXE

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\javavs32.exe

C:\WINNT\Explorer.exe

C:\WINNT\System32\tp4mon.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE

C:\WINNT\System32\RunDll32.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINNT\atlmt.exe

C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe

C:\Palm\HOTSYNC.EXE

C:\WINNT\System32\MsiExec.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE

C:\WINNT\System32\wuauclt.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Palm\palm.exe

C:\PROGRA~1\WINZIP\wzqkpick.exe

C:\Documents and Settings\ibm\Desktop\CWShredder\CWShredder.exe

C:\Documents and Settings\ibm\Desktop\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\enisb.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://enisb.dll/index.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://enisb.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\enisb.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://enisb.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\enisb.dll/sp.html#96676

O2 - BHO: (no name) - {5121F1B0-6B08-A6A6-A203-481BCDEEC6B3} - C:\WINNT\ntff.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE

O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [winsk.exe] C:\WINNT\system32\winsk.exe

O4 - HKLM\..\Run: [bbepqhdchdg] C:\WINNT\system32\zrmran.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [atlmt.exe] C:\WINNT\atlmt.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet

O4 - HKCU\..\Run: [WAPI] C:\WINNT\system32\wtssvit.exe

O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O12 - Plugin for .DBAboutUsPressRoom: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downl...0367/wmavax.CAB

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downl...922/wmv9VCM.CAB

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8138.8009606482

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/c.../20/SassCln.CAB

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup141.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6CE137E7-516E-401B-BA86-101C04C83729}: NameServer = 203.198.23.208,218.102.32.208

O17 - HKLM\System\CS1\Services\Tcpip\..\{075E93CF-1C3A-4364-A891-EBD0F3402544}: Domain = palmerholt.com

O17 - HKLM\System\CS1\Services\Tcpip\..\{075E93CF-1C3A-4364-A891-EBD0F3402544}: NameServer = 203.198.23.208,218.102.32.208