Neededware really bothering, help!

I have done many virus scans, and anti spywares.
O15 - Trusted Zone: http://www.neededware.com
It keeps appearing over and over no matter how many times i remove it from hijack.
Also, whenever I do a hijack scan it would freeze at O15 right before it would list neededware.. Not sure if this is important or not.
Here's a fresh hijack log

Logfile of HijackThis v1.99.1
Scan saved at 2:07:10 PM
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\ZoneLabs\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\windows\Explorer.EXE
C:\windows\System32\nvsvc32.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\YOOn\My Documents\hijackthis\HijackThis.exe

O2 - BHO: MainCtrl Class - {ACB9752A-FB42-436E-84AF-35EA8313A587} - C:\Program Files\Club5678\Ctrl\Club5678Login\ClubLogin40.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [fluo] C:\windows\System32\fluo.exe
O4 - HKLM\..\Run: [jlrf] C:\windows\System32\jlrf.exe
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [wwfw] C:\PROGRA~1\COMMON~1\wwfw\wwfwm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Rogers Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: Rogers &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {1A6B786C-9062-4B2F-BD76-AD4653FF480E} (Club5678 Update Control) - http://www.club5678.com/etc/activex/ClubCtrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {2EEFACD4-CA73-4359-8DED-692721A59553} (ClubGameCtrl Control) - http://www.club5678.com/etc/activex/ClubGame.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3119E051-B723-445B-A8D9-56045E53E8C8} (ClubCafeList Control) - http://club.club5678.com/cafe_person/ClubCafe.cab
O16 - DPF: {330ECD70-0778-4BBB-9070-7E0FB3935700} (ClubCafeChat Control) - http://club.club5678.com/cafe_person/ClubCafe.cab
O16 - DPF: {4875D0C5-5FE1-4488-8BB8-5A7D0ECDF93B} (Empas Filebox Control) - http://filebox.empal.empas.com/EmpasFilebox.cab
O16 - DPF: {4E52C32F-C143-4963-A758-2DB07703CB49} (YahooCS Class) - http://kr.memo.yahoo.com/CAB/YahooWCS.cab
O16 - DPF: {53BA3EF6-94B8-4768-9040-0FE1447FE141} (ClubDiscStarter Control) - http://disc.club5678.com:8060/component/ClubDiscStarter.cab
O16 - DPF: {5551F24D-D031-4020-A57E-7E1F06CE8FF1} (DrAX Control) - http://download.drvi.com/ActiveX2/DrAX.cab
O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (Nhnplayer Control) - http://down.hangame.com/iservice/chat/NHNPlayer/nhnplayerx.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {68E69AD6-1A5D-4355-9B58-FEF6E9E223BF} (VDISK) - http://www.vdisk.cn/download/vdisk.dll
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {8C474B2B-BD5E-46A3-91D3-28E0DBD4DFF8} (CGNInfo Control) - http://www.mototek.co.kr/support/trouble/portfwd/CGNInfo.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
O16 - DPF: {93F79C47-F414-4EEE-95C5-A0F0ACE59A0E} (ALDx Class) - http://www.altools.co.kr/ALDX.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co.kr/ycabinet/cab/YahooCabinet.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {A555B624-1393-46BD-ADFF-4455DD650FC5} (MediaShell T-Player Control) - http://mdsvr4.imufe.com/mediashell/tplayer/tplayer.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Pmang & SayClub Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {BD0F9A7F-695B-4AF4-90E9-08C5DD12FA35} (AtlCtrl Class) - http://www.yesicon.com/start001.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab
O16 - DPF: {C6BEC3B9-3446-49E1-BCE7-2B5D3CBAA32B} (Mcicon Control) - http://www.meincam.com/gabicon/mcicon.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/dmcm.cab
O16 - DPF: {E7476A34-7790-4177-AE49-479CC08099B2} (WebEditor Control) - http://www.club5678.com/etc/activex/WebEditor.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by10fd.bay10.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\windows\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



Please help!

 

Hello, welcome to the boards.
The pause in HJT when doing the Trusted Zone is normal, it will do this when nothing is there.

Disable System Restore.

Open HJT, and click on 'Open misc tools section', then click on "Delete a file on reboot', a File Open window will appear. Copy/Paste the following into it.

C:\windows\System32\fluo.exe

Then click on Open, and you will be prompted to reboot, select No at this time. Do the same for this.

C:\windows\System32\jlrf.exe

Rescan with HJT, and remove these items.
O4 - HKLM\..\Run: [fluo] C:\windows\System32\fluo.exe
O4 - HKLM\..\Run: [jlrf] C:\windows\System32\jlrf.exe
O4 - HKCU\..\Run: [wwfw] C:\PROGRA~1\COMMON~1\wwfw\wwfwm.exe
O15 - Trusted Zone: http://www.neededware.com

Reboot into Safe Mode.
Delete all files and folders located in these folders.
C:\Windows\Prefetch
C:\Windows\Temp
C:\Documents and Settings\username\Local Settings\Temp

Delete this folder.
C:\Program Files\Common Files\wwfw

Then reboot into Normal mode, and then enable System Restore. Please post a new HJT log.

You may be interested in SpywareBlaster, it puts sites like neededware into the Restricted Zone.

 

Thanks for responding.
I did everything you said except
O15 - Trusted Zone: http://www.neededware.com
wasn't there. It seems to appear and disappear by itself thats why I thought the coincident "freezing" at O15 trusted zone enumeration had something to do with it.
And also I did as you said about doing another scan/log and fluo was never deleted.
Logfile of HijackThis v1.99.1
Scan saved at 10:09:39 PM
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\YOOn\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baka-updates.com/releases.php?PHPSESSID=7db184dbc6582809cc6f327d344b1efb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\YOOn\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
O2 - BHO: MainCtrl Class - {ACB9752A-FB42-436E-84AF-35EA8313A587} - C:\Program Files\Club5678\Ctrl\Club5678Login\ClubLogin40.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [fluo] C:\windows\System32\fluo.exe
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Rogers Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: Rogers &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {1A6B786C-9062-4B2F-BD76-AD4653FF480E} (Club5678 Update Control) - http://www.club5678.com/etc/activex/ClubCtrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {2EEFACD4-CA73-4359-8DED-692721A59553} (ClubGameCtrl Control) - http://www.club5678.com/etc/activex/ClubGame.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3119E051-B723-445B-A8D9-56045E53E8C8} (ClubCafeList Control) - http://club.club5678.com/cafe_person/ClubCafe.cab
O16 - DPF: {330ECD70-0778-4BBB-9070-7E0FB3935700} (ClubCafeChat Control) - http://club.club5678.com/cafe_person/ClubCafe.cab
O16 - DPF: {4875D0C5-5FE1-4488-8BB8-5A7D0ECDF93B} (Empas Filebox Control) - http://filebox.empal.empas.com/EmpasFilebox.cab
O16 - DPF: {4E52C32F-C143-4963-A758-2DB07703CB49} (YahooCS Class) - http://kr.memo.yahoo.com/CAB/YahooWCS.cab
O16 - DPF: {53BA3EF6-94B8-4768-9040-0FE1447FE141} (ClubDiscStarter Control) - http://disc.club5678.com:8060/component/ClubDiscStarter.cab
O16 - DPF: {5551F24D-D031-4020-A57E-7E1F06CE8FF1} (DrAX Control) - http://download.drvi.com/ActiveX2/DrAX.cab
O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (Nhnplayer Control) - http://down.hangame.com/iservice/chat/NHNPlayer/nhnplayerx.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {68E69AD6-1A5D-4355-9B58-FEF6E9E223BF} (VDISK) - http://www.vdisk.cn/download/vdisk.dll
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner.cab
O16 - DPF: {85AF9A98-3423-45E4-8BAD-85645F16AC31} (P3 Bugs VoD Loader Class) - http://player.bugs.co.kr/install/mv/p3bvset.cab
O16 - DPF: {8C474B2B-BD5E-46A3-91D3-28E0DBD4DFF8} (CGNInfo Control) - http://www.mototek.co.kr/support/trouble/portfwd/CGNInfo.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
O16 - DPF: {93F79C47-F414-4EEE-95C5-A0F0ACE59A0E} (ALDx Class) - http://www.altools.co.kr/ALDX.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co.kr/ycabinet/cab/YahooCabinet.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {A555B624-1393-46BD-ADFF-4455DD650FC5} (MediaShell T-Player Control) - http://mdsvr4.imufe.com/mediashell/tplayer/tplayer.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Pmang & SayClub Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {BD0F9A7F-695B-4AF4-90E9-08C5DD12FA35} (AtlCtrl Class) - http://www.yesicon.com/start001.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab
O16 - DPF: {C6BEC3B9-3446-49E1-BCE7-2B5D3CBAA32B} (Mcicon Control) - http://www.meincam.com/gabicon/mcicon.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/dmcm.cab
O16 - DPF: {E7476A34-7790-4177-AE49-479CC08099B2} (WebEditor Control) - http://www.club5678.com/etc/activex/WebEditor.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by10fd.bay10.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\windows\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

 

Sorry double post.
I managed to add neededware.com to restricted zone using the spyware blaster you recommended. Does this mean I won't be receiving anymore popups and such?

 

No, that isn't a double post, just an addon.
There is a neat little thing I like about the Restricted and Trusted Zones. That is the fact that a website cannot exist in both zones at the same time. When a site is in the Restricted, and the settings are at least their default level, they are restricted so much as not able to put so much as a cookie on you. Yes, it can stop some popups, but not all.
When in the Trusted, and the Trusted settings are at the default, all ActiveX controls (they are the DPF's or Downloaded Program Files in HJT) are enabled for them, you are not prompted if you want to download and install things, it just happens. That is why neededware kept wanting to be there.

You have something new here, along with "fluo ", please download About:Buster.
Please 'Delete on reboot' as before with this. It is possible the file is already gone, it just put it's startup before it was deleted on reboot as it was running hidden when you removed the startup with HJT.

C:\windows\System32\fluo.exe

Rescan with HJT, and remove these with all internet browsers and Windows Explorer windows closed.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\YOOn\LOCALS~1\Temp\se.dll/sp.html
O4 - HKLM\..\Run: [fluo] C:\windows\System32\fluo.exe

Close HJT and open About:Buster and have it update itself, close for now.

Reboot into Safe Mode. Set Folder Options to show all files. This is important as you may not see this file (C:\DOCUME~1\YOOn\LOCALS~1\Temp\se.dll) unless you do.
Delete all files and folders located in these folders.
C:\Windows\Prefetch
C:\Windows\Temp
C:\Documents and Settings\YOOn\Local Settings\Temp

If you want to make sure those files are all deleted in that last folder, copy/paste this commands into the Start\Run window, one line at a time.
attrib -h -s -r C:\Documents and Settings\YOOn\Local Settings\Temp\*.*
del C:\Documents and Settings\YOOn\Local Settings\Temp\*.*

Then reboot in Normal mode, and run About:Buster twice, back to back.

 

fluo.exe doesnt appear on the hijack but
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
does now.
And the about:buster gives me an error "run-time error '5' "

del C:\Documents and Settings\YOOn\Local Settings\Temp\*.*
Gives me an error when I try to start/run it.

 

I deleted everything+the folder C:\Documents and Settings\YOOn\Local Settings\Temp\
but can't delete the Application Data, History, temporary internet files folders which I am sure isn't suppose to be deleted.

 

can't delete the Application Data, History, temporary internet files folders which I am sure isn't suppose to be deleted
No, you shouldn't. I only suggested the files contained in this folder.
C:\Documents and Settings\YOOn\Local Settings\Temp
Apparently About:Buster is corrupt, as the error code means 'Invalid procedure call or argument'.

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

That will automatically appear when using Msconfig. The next time you boot, you will get the message box about things being changed at startup, check the box and click on OK, or just remove it with HJT.

Gives me an error when I try to start/run it.

Do this instead, take both of those dos commands, and copy\paste them into Notepad, Make sure they are still two seperate lines. Then go to Edit and select Save As.
Then in the new window, where it says 'Save as Type' change it from (Text Documents) to (All files), use this name, "rundel.bat ". Then go to where you saved it (My Documents?) and doubleclick it. A dos window will appear and go away, it is then done.

 

Ok, cool.. Done all you said.
Oh and are all file/folders that are located in any of the "Temp" folders bad?
Oh and thanks for your time.

 

Not all are bad, just a location of temp files, for use by bad and good things. Malware will store things there, to infect you.
C:\DOCUME~1\YOOn\LOCALS~1\Temp\se.dll/sp.html
This was there.
Legit applications will store things there, for their use. After all, they are only temp files, and will only clutter up the system as they are looked at as the system starts up, always good to clean it out.