0

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\veilkd.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\binml.exe
C:\WINDOWS\System32\dineman.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\System32\dhci2.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
c:\windows\nic\install.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\nic\System.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\ntrvs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\nic\taskmgr.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Q92194.exe
C:\WINDOWS\system.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Jason\LOCALS~1\Temp\Rar$EX00.391\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kon4ay.biz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kon4ay.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rd.yahoo.com/mail_us/mailto/yessentials_cq/Def1/ymmapi10/?http://mail.yahoo.com/?.redir=ymmapi10
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O1 - Hosts: 69.60.111.224 localhost #this is not an ad server this is your PC
O1 - Hosts: 69.60.111.224 www.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.doubleclick.net #remove this for atomfilms problems
O1 - Hosts: 69.60.111.224 ad.preferences.com
O1 - Hosts: 69.60.111.224 ads.doubleclick.com
O1 - Hosts: 69.60.111.224 ads.infospace.com
O1 - Hosts: 69.60.111.224 ads.msn.com
O1 - Hosts: 69.60.111.224 ads.switchboard.com
O1 - Hosts: 69.60.111.224 ads.doubleclick.net
O1 - Hosts: 69.60.111.224 ad2.doubleclick.net
O1 - Hosts: 69.60.111.224 ad3.doubleclick.net
O1 - Hosts: 69.60.111.224 ad4.doubleclick.net
O1 - Hosts: 69.60.111.224 ad5.doubleclick.net
O1 - Hosts: 69.60.111.224 ad6.doubleclick.net
O1 - Hosts: 69.60.111.224 ad7.doubleclick.net
O1 - Hosts: 69.60.111.224 ad8.doubleclick.net
O1 - Hosts: 69.60.111.224 ad9.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.ch.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linkexchange.com
O1 - Hosts: 69.60.111.224 ads.enliven.com
O1 - Hosts: 69.60.111.224 oz.valueclick.com
O1 - Hosts: 69.60.111.224 banner.linkexchange.com
O1 - Hosts: 69.60.111.224 commonwealth.riddler.com
O1 - Hosts: 69.60.111.224 ad-up.com
O1 - Hosts: 69.60.111.224 ad.adsmart.net
O1 - Hosts: 69.60.111.224 ad.atlas.cz
O1 - Hosts: 69.60.111.224 ad.blm.net
O1 - Hosts: 69.60.111.224 ad.dogpile.com
O1 - Hosts: 69.60.111.224 ad.infoseek.com
O1 - Hosts: 69.60.111.224 ad.net-service.de
O1 - Hosts: 69.60.111.224 adbot.com
O1 - Hosts: 69.60.111.224 ads.criticalmass.com
O1 - Hosts: 69.60.111.224 ads.csi.emcweb.com
O1 - Hosts: 69.60.111.224 ads.filez.com
O1 - Hosts: 69.60.111.224 ads.imagine-inc.com
O1 - Hosts: 69.60.111.224 ads.imdb.com
O1 - Hosts: 69.60.111.224 ads.jwtt3.com
O1 - Hosts: 69.60.111.224 ads.newcitynet.com
O1 - Hosts: 69.60.111.224 ads.realcities.com
O1 - Hosts: 69.60.111.224 ads.realmedia.com
O1 - Hosts: 69.60.111.224 ads.tripod.com
O1 - Hosts: 69.60.111.224 ads.usatoday.com
O1 - Hosts: 69.60.111.224 ads.web.de
O1 - Hosts: 69.60.111.224 ads.web21.com
O1 - Hosts: 69.60.111.224 adserv.newcentury.net
O1 - Hosts: 69.60.111.224 adservant.guj.de
O1 - Hosts: 69.60.111.224 adservant.mediapoint.de
O1 - Hosts: 69.60.111.224 adserver-espnet.sportszone.com
O1 - Hosts: 69.60.111.224 advert.heise.de
O1 - Hosts: 69.60.111.224 banners.internetextra.com
O1 - Hosts: 69.60.111.224 bannerswap.com
O1 - Hosts: 69.60.111.224 dino.mainz.ibm.de
O1 - Hosts: 69.60.111.224 Garden.ngadcenter.net
O1 - Hosts: 69.60.111.224 Ogilvy.ngadcenter.net
O1 - Hosts: 69.60.111.224 ResponseMedia-ad.flycast.com
O1 - Hosts: 69.60.111.224 Suissa-ad.flycast.com
O1 - Hosts: 69.60.111.224 UGO.eu-adcenter.net
O1 - Hosts: 69.60.111.224 VNU.eu-adcenter.net
O1 - Hosts: 69.60.111.224 ad.preferances.com
O1 - Hosts: 69.60.111.224 ad.doubleclick.com
O1 - Hosts: 69.60.111.224 adforce.adtech.de
O1 - Hosts: 69.60.111.224 adforce.imgis.com
O1 - Hosts: 69.60.111.224 adimage.blm.net
O1 - Hosts: 69.60.111.224 adlink.deh.de
O1 - Hosts: 69.60.111.224 ad-adex3.flycast.com
O1 - Hosts: 69.60.111.224 ad.ca.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.de.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.fr.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.jp.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linksynergy.com
O1 - Hosts: 69.60.111.224 ad.nl.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.no.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.sma.punto.net
O1 - Hosts: 69.60.111.224 ad.uk.doubleclick.net
O1 - Hosts: 69.60.111.224 ad08.focalink.com
O1 - Hosts: 69.60.111.224 adcontroller.unicast.com
O1 - Hosts: 69.60.111.224 adimg.egroups.com
O1 - Hosts: 69.60.111.224 admedia.xoom.com
O1 - Hosts: 69.60.111.224 adremote.pathfinder.com
O1 - Hosts: 69.60.111.224 ads.bfast.com
O1 - Hosts: 69.60.111.224 ads.clickhouse.com
O1 - Hosts: 69.60.111.224 adpick.switchboard.com
O1 - Hosts: 69.60.111.224 ads.fairfax.com.au
O1 - Hosts: 69.60.111.224 ads.fool.com
O1 - Hosts: 69.60.111.224 ads.freshmeat.net
O1 - Hosts: 69.60.111.224 ads.hollywood.com
O1 - Hosts: 69.60.111.224 ads.i33.com
O1 - Hosts: 69.60.111.224 ads.infi.net
O1 - Hosts: 69.60.111.224 ads.link4ads.com
O1 - Hosts: 69.60.111.224 ads.lycos.com
O1 - Hosts: 69.60.111.224 ads.madison.com
O1 - Hosts: 69.60.111.224 ads.mediaodyssey.com
O1 - Hosts: 69.60.111.224 ads.ninemsn.com.au
O1 - Hosts: 69.60.111.224 ads.seattletimes.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.net
O1 - Hosts: 69.60.111.224 ads.sptimes.com
O1 - Hosts: 69.60.111.224 ads.web.aol.com
O1 - Hosts: 69.60.111.224 ads.x10.com
O1 - Hosts: 69.60.111.224 ads.xtra.co.nz
O1 - Hosts: 69.60.111.224 ads.zdnet.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\System32\hsrb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [MS Windows Update] veilkd.exe
O4 - HKLM\..\Run: [Microsoft Update] prowind32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SDKz0r] SDKc55rezzz2.exe
O4 - HKLM\..\Run: [6yYbF] C:\WINDOWS\binml.exe
O4 - HKLM\..\Run: [4s5g39W] dineman.exe
O4 - HKLM\..\Run: [SearchAssistant] c:\Q92194.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [MS Windows Update] veilkd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] prowind32.exe
O4 - HKLM\..\RunServices: [SDKz0r] SDKc55rezzz2.exe
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Microsoft Update] prowind32.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SDKz0r] SDKc55rezzz2.exe
O4 - HKCU\..\Run: [LBumRVame] dhci2.exe
O4 - HKCU\..\Run: [Floppy Master] C:\WINDOWS\system.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106721527810
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} (iiittt Class) - http://www.hotsearchbar.com/toolbar30/hsrb.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{304EADA1-3D3D-41E1-AF8E-C5CE70F44FB3}: NameServer = 68.238.0.12 68.238.112.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{304EADA1-3D3D-41E1-AF8E-C5CE70F44FB3}: NameServer = 68.238.0.12 68.238.112.12

6
Contributors
13
Replies
14
Views
12 Years
Discussion Span
Last Post by redtopca
0

Hijack This needs to be in its own file! Please move it to a file labeled HiJack This or somthing simmilar.

0

Hijack This needs to be in its own file! Please move it to a file labeled HiJack This or somthing simmilar.

Yes-

C:\DOCUME~1\Jason\LOCALS~1\Temp\Rar$EX00.391\HijackThis.exe

The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.


-------------------------------------------------------------------------------------------------------------------

C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

The log entries above indicates that you had at least 2 instances of Internet Explorer running when you ran HijackThis.
Before fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browser! HijackThis cannot fully perform its fixes while browsers are running.


Please take care of the above and post a new log.

0

ok i think i got it now


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\veilkd.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\binml.exe
C:\WINDOWS\System32\dineman.exe
C:\Q92194.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\System32\dhci2.exe
C:\WINDOWS\system.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
c:\windows\nic\install.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\nic\System.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\ntrvs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\nic\taskmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kon4ay.biz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kon4ay.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rd.yahoo.com/mail_us/mailto/yessentials_cq/Def1/ymmapi10/?http://mail.yahoo.com/?.redir=ymmapi10
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O1 - Hosts: 69.60.111.224 localhost #this is not an ad server this is your PC
O1 - Hosts: 69.60.111.224 www.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.doubleclick.net #remove this for atomfilms problems
O1 - Hosts: 69.60.111.224 ad.preferences.com
O1 - Hosts: 69.60.111.224 ads.doubleclick.com
O1 - Hosts: 69.60.111.224 ads.infospace.com
O1 - Hosts: 69.60.111.224 ads.msn.com
O1 - Hosts: 69.60.111.224 ads.switchboard.com
O1 - Hosts: 69.60.111.224 ads.doubleclick.net
O1 - Hosts: 69.60.111.224 ad2.doubleclick.net
O1 - Hosts: 69.60.111.224 ad3.doubleclick.net
O1 - Hosts: 69.60.111.224 ad4.doubleclick.net
O1 - Hosts: 69.60.111.224 ad5.doubleclick.net
O1 - Hosts: 69.60.111.224 ad6.doubleclick.net
O1 - Hosts: 69.60.111.224 ad7.doubleclick.net
O1 - Hosts: 69.60.111.224 ad8.doubleclick.net
O1 - Hosts: 69.60.111.224 ad9.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.ch.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linkexchange.com
O1 - Hosts: 69.60.111.224 ads.enliven.com
O1 - Hosts: 69.60.111.224 oz.valueclick.com
O1 - Hosts: 69.60.111.224 banner.linkexchange.com
O1 - Hosts: 69.60.111.224 commonwealth.riddler.com
O1 - Hosts: 69.60.111.224 ad-up.com
O1 - Hosts: 69.60.111.224 ad.adsmart.net
O1 - Hosts: 69.60.111.224 ad.atlas.cz
O1 - Hosts: 69.60.111.224 ad.blm.net
O1 - Hosts: 69.60.111.224 ad.dogpile.com
O1 - Hosts: 69.60.111.224 ad.infoseek.com
O1 - Hosts: 69.60.111.224 ad.net-service.de
O1 - Hosts: 69.60.111.224 adbot.com
O1 - Hosts: 69.60.111.224 ads.criticalmass.com
O1 - Hosts: 69.60.111.224 ads.csi.emcweb.com
O1 - Hosts: 69.60.111.224 ads.filez.com
O1 - Hosts: 69.60.111.224 ads.imagine-inc.com
O1 - Hosts: 69.60.111.224 ads.imdb.com
O1 - Hosts: 69.60.111.224 ads.jwtt3.com
O1 - Hosts: 69.60.111.224 ads.newcitynet.com
O1 - Hosts: 69.60.111.224 ads.realcities.com
O1 - Hosts: 69.60.111.224 ads.realmedia.com
O1 - Hosts: 69.60.111.224 ads.tripod.com
O1 - Hosts: 69.60.111.224 ads.usatoday.com
O1 - Hosts: 69.60.111.224 ads.web.de
O1 - Hosts: 69.60.111.224 ads.web21.com
O1 - Hosts: 69.60.111.224 adserv.newcentury.net
O1 - Hosts: 69.60.111.224 adservant.guj.de
O1 - Hosts: 69.60.111.224 adservant.mediapoint.de
O1 - Hosts: 69.60.111.224 adserver-espnet.sportszone.com
O1 - Hosts: 69.60.111.224 advert.heise.de
O1 - Hosts: 69.60.111.224 banners.internetextra.com
O1 - Hosts: 69.60.111.224 bannerswap.com
O1 - Hosts: 69.60.111.224 dino.mainz.ibm.de
O1 - Hosts: 69.60.111.224 Garden.ngadcenter.net
O1 - Hosts: 69.60.111.224 Ogilvy.ngadcenter.net
O1 - Hosts: 69.60.111.224 ResponseMedia-ad.flycast.com
O1 - Hosts: 69.60.111.224 Suissa-ad.flycast.com
O1 - Hosts: 69.60.111.224 UGO.eu-adcenter.net
O1 - Hosts: 69.60.111.224 VNU.eu-adcenter.net
O1 - Hosts: 69.60.111.224 ad.preferances.com
O1 - Hosts: 69.60.111.224 ad.doubleclick.com
O1 - Hosts: 69.60.111.224 adforce.adtech.de
O1 - Hosts: 69.60.111.224 adforce.imgis.com
O1 - Hosts: 69.60.111.224 adimage.blm.net
O1 - Hosts: 69.60.111.224 adlink.deh.de
O1 - Hosts: 69.60.111.224 ad-adex3.flycast.com
O1 - Hosts: 69.60.111.224 ad.ca.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.de.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.fr.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.jp.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linksynergy.com
O1 - Hosts: 69.60.111.224 ad.nl.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.no.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.sma.punto.net
O1 - Hosts: 69.60.111.224 ad.uk.doubleclick.net
O1 - Hosts: 69.60.111.224 ad08.focalink.com
O1 - Hosts: 69.60.111.224 adcontroller.unicast.com
O1 - Hosts: 69.60.111.224 adimg.egroups.com
O1 - Hosts: 69.60.111.224 admedia.xoom.com
O1 - Hosts: 69.60.111.224 adremote.pathfinder.com
O1 - Hosts: 69.60.111.224 ads.bfast.com
O1 - Hosts: 69.60.111.224 ads.clickhouse.com
O1 - Hosts: 69.60.111.224 adpick.switchboard.com
O1 - Hosts: 69.60.111.224 ads.fairfax.com.au
O1 - Hosts: 69.60.111.224 ads.fool.com
O1 - Hosts: 69.60.111.224 ads.freshmeat.net
O1 - Hosts: 69.60.111.224 ads.hollywood.com
O1 - Hosts: 69.60.111.224 ads.i33.com
O1 - Hosts: 69.60.111.224 ads.infi.net
O1 - Hosts: 69.60.111.224 ads.link4ads.com
O1 - Hosts: 69.60.111.224 ads.lycos.com
O1 - Hosts: 69.60.111.224 ads.madison.com
O1 - Hosts: 69.60.111.224 ads.mediaodyssey.com
O1 - Hosts: 69.60.111.224 ads.ninemsn.com.au
O1 - Hosts: 69.60.111.224 ads.seattletimes.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.net
O1 - Hosts: 69.60.111.224 ads.sptimes.com
O1 - Hosts: 69.60.111.224 ads.web.aol.com
O1 - Hosts: 69.60.111.224 ads.x10.com
O1 - Hosts: 69.60.111.224 ads.xtra.co.nz
O1 - Hosts: 69.60.111.224 ads.zdnet.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\System32\hsrb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [MS Windows Update] veilkd.exe
O4 - HKLM\..\Run: [Microsoft Update] prowind32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SDKz0r] SDKc55rezzz2.exe
O4 - HKLM\..\Run: [6yYbF] C:\WINDOWS\binml.exe
O4 - HKLM\..\Run: [4s5g39W] dineman.exe
O4 - HKLM\..\Run: [SearchAssistant] "C:\Q92194.exe "
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [MS Windows Update] veilkd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] prowind32.exe
O4 - HKLM\..\RunServices: [SDKz0r] SDKc55rezzz2.exe
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Microsoft Update] prowind32.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SDKz0r] SDKc55rezzz2.exe
O4 - HKCU\..\Run: [LBumRVame] dhci2.exe
O4 - HKCU\..\Run: [Floppy Master] C:\WINDOWS\system.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106721527810
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} (iiittt Class) - http://www.hotsearchbar.com/toolbar30/hsrb.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{304EADA1-3D3D-41E1-AF8E-C5CE70F44FB3}: NameServer = 68.238.0.12 68.238.112.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{304EADA1-3D3D-41E1-AF8E-C5CE70F44FB3}: NameServer = 68.238.0.12 68.238.112.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: b - Unknown owner - c:\windows\nic\install.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Microsoft Security Subsystem Provider (eProxy) - Unknown owner - C:\WINDOWS\ntrvs.exe" " (file missing)
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Task Manager Help (TskHlp) - Unknown owner - c:\windows\nic\taskmgr.exe

0

You've almost got it; right-click on your desktop, select New, Folder; name the new folder something like HJT or hijackthis; drag the hijackthis.exe icon that is on your desktop into that new folder.

Go to Add/Remove Programs in your Control Panel and remove (if found):

ISTsvc, IST, or something similar

Scan with hijjackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?ap...ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kon4ay.biz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kon4ay.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kon4ay.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://kon4ay.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://rd.yahoo.com/mail_us/mailto/....redir=ymmapi10
O1 - Hosts: 69.60.111.224 localhost #this is not an ad server this is your PC
O1 - Hosts: 69.60.111.224 www.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.doubleclick.net #remove this for atomfilms problems
O1 - Hosts: 69.60.111.224 ad.preferences.com
O1 - Hosts: 69.60.111.224 ads.doubleclick.com
O1 - Hosts: 69.60.111.224 ads.infospace.com
O1 - Hosts: 69.60.111.224 ads.msn.com
O1 - Hosts: 69.60.111.224 ads.switchboard.com
O1 - Hosts: 69.60.111.224 ads.doubleclick.net
O1 - Hosts: 69.60.111.224 ad2.doubleclick.net
O1 - Hosts: 69.60.111.224 ad3.doubleclick.net
O1 - Hosts: 69.60.111.224 ad4.doubleclick.net
O1 - Hosts: 69.60.111.224 ad5.doubleclick.net
O1 - Hosts: 69.60.111.224 ad6.doubleclick.net
O1 - Hosts: 69.60.111.224 ad7.doubleclick.net
O1 - Hosts: 69.60.111.224 ad8.doubleclick.net
O1 - Hosts: 69.60.111.224 ad9.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.ch.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linkexchange.com
O1 - Hosts: 69.60.111.224 ads.enliven.com
O1 - Hosts: 69.60.111.224 oz.valueclick.com
O1 - Hosts: 69.60.111.224 banner.linkexchange.com
O1 - Hosts: 69.60.111.224 commonwealth.riddler.com
O1 - Hosts: 69.60.111.224 ad-up.com
O1 - Hosts: 69.60.111.224 ad.adsmart.net
O1 - Hosts: 69.60.111.224 ad.atlas.cz
O1 - Hosts: 69.60.111.224 ad.blm.net
O1 - Hosts: 69.60.111.224 ad.dogpile.com
O1 - Hosts: 69.60.111.224 ad.infoseek.com
O1 - Hosts: 69.60.111.224 ad.net-service.de
O1 - Hosts: 69.60.111.224 adbot.com
O1 - Hosts: 69.60.111.224 ads.criticalmass.com
O1 - Hosts: 69.60.111.224 ads.csi.emcweb.com
O1 - Hosts: 69.60.111.224 ads.filez.com
O1 - Hosts: 69.60.111.224 ads.imagine-inc.com
O1 - Hosts: 69.60.111.224 ads.imdb.com
O1 - Hosts: 69.60.111.224 ads.jwtt3.com
O1 - Hosts: 69.60.111.224 ads.newcitynet.com
O1 - Hosts: 69.60.111.224 ads.realcities.com
O1 - Hosts: 69.60.111.224 ads.realmedia.com
O1 - Hosts: 69.60.111.224 ads.tripod.com
O1 - Hosts: 69.60.111.224 ads.usatoday.com
O1 - Hosts: 69.60.111.224 ads.web.de
O1 - Hosts: 69.60.111.224 ads.web21.com
O1 - Hosts: 69.60.111.224 adserv.newcentury.net
O1 - Hosts: 69.60.111.224 adservant.guj.de
O1 - Hosts: 69.60.111.224 adservant.mediapoint.de
O1 - Hosts: 69.60.111.224 adserver-espnet.sportszone.com
O1 - Hosts: 69.60.111.224 advert.heise.de
O1 - Hosts: 69.60.111.224 banners.internetextra.com
O1 - Hosts: 69.60.111.224 bannerswap.com
O1 - Hosts: 69.60.111.224 dino.mainz.ibm.de
O1 - Hosts: 69.60.111.224 Garden.ngadcenter.net
O1 - Hosts: 69.60.111.224 Ogilvy.ngadcenter.net
O1 - Hosts: 69.60.111.224 ResponseMedia-ad.flycast.com
O1 - Hosts: 69.60.111.224 Suissa-ad.flycast.com
O1 - Hosts: 69.60.111.224 UGO.eu-adcenter.net
O1 - Hosts: 69.60.111.224 VNU.eu-adcenter.net
O1 - Hosts: 69.60.111.224 ad.preferances.com
O1 - Hosts: 69.60.111.224 ad.doubleclick.com
O1 - Hosts: 69.60.111.224 adforce.adtech.de
O1 - Hosts: 69.60.111.224 adforce.imgis.com
O1 - Hosts: 69.60.111.224 adimage.blm.net
O1 - Hosts: 69.60.111.224 adlink.deh.de
O1 - Hosts: 69.60.111.224 ad-adex3.flycast.com
O1 - Hosts: 69.60.111.224 ad.ca.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.de.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.fr.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.jp.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linksynergy.com
O1 - Hosts: 69.60.111.224 ad.nl.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.no.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.sma.punto.net
O1 - Hosts: 69.60.111.224 ad.uk.doubleclick.net
O1 - Hosts: 69.60.111.224 ad08.focalink.com
O1 - Hosts: 69.60.111.224 adcontroller.unicast.com
O1 - Hosts: 69.60.111.224 adimg.egroups.com
O1 - Hosts: 69.60.111.224 admedia.xoom.com
O1 - Hosts: 69.60.111.224 adremote.pathfinder.com
O1 - Hosts: 69.60.111.224 ads.bfast.com
O1 - Hosts: 69.60.111.224 ads.clickhouse.com
O1 - Hosts: 69.60.111.224 adpick.switchboard.com
O1 - Hosts: 69.60.111.224 ads.fairfax.com.au
O1 - Hosts: 69.60.111.224 ads.fool.com
O1 - Hosts: 69.60.111.224 ads.freshmeat.net
O1 - Hosts: 69.60.111.224 ads.hollywood.com
O1 - Hosts: 69.60.111.224 ads.i33.com
O1 - Hosts: 69.60.111.224 ads.infi.net
O1 - Hosts: 69.60.111.224 ads.link4ads.com
O1 - Hosts: 69.60.111.224 ads.lycos.com
O1 - Hosts: 69.60.111.224 ads.madison.com
O1 - Hosts: 69.60.111.224 ads.mediaodyssey.com
O1 - Hosts: 69.60.111.224 ads.ninemsn.com.au
O1 - Hosts: 69.60.111.224 ads.seattletimes.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.net
O1 - Hosts: 69.60.111.224 ads.sptimes.com
O1 - Hosts: 69.60.111.224 ads.web.aol.com
O1 - Hosts: 69.60.111.224 ads.x10.com
O1 - Hosts: 69.60.111.224 ads.xtra.co.nz
O1 - Hosts: 69.60.111.224 ads.zdnet.com
O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\System32\hsrb.dll (file missing)
O4 - HKLM\..\Run: [MS Windows Update] veilkd.exe
O4 - HKLM\..\Run: [Microsoft Update] prowind32.exe
O4 - HKLM\..\Run: [SDKz0r] SDKc55rezzz2.exe
O4 - HKLM\..\Run: [6yYbF] C:\WINDOWS\binml.exe
O4 - HKLM\..\Run: [4s5g39W] dineman.exe
O4 - HKLM\..\Run: [SearchAssistant] "C:\Q92194.exe "
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [MS Windows Update] veilkd.exe
O4 - HKLM\..\RunServices: [Microsoft Update] prowind32.exe
O4 - HKLM\..\RunServices: [SDKz0r] SDKc55rezzz2.exe
O4 - HKCU\..\Run: [Microsoft Update] prowind32.exe
O4 - HKCU\..\Run: [SDKz0r] SDKc55rezzz2.exe
O4 - HKCU\..\Run: [LBumRVame] dhci2.exe
O4 - HKCU\..\Run: [Floppy Master] C:\WINDOWS\system.exe
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/gam...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/gam...nts/y/kt4_x.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/act...l_v1-0-3-17.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1106721527810
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O16 - DPF: {DE910060-8EFB-44B9-B492-75180696643F} (iiittt Class) - http://www.hotsearchbar.com/toolbar30/hsrb.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/gam...aploader_v6.cab
(Don't worry if any of these O16 entries are ones you use, if they are legit, they will return next time you go to the site -- it's just easier to fix them all rather then research each one)
O23 - Service: b - Unknown owner - c:\windows\nic\install.exe
O23 - Service: Microsoft Security Subsystem Provider (eProxy) - Unknown owner - C:\WINDOWS\ntrvs.exe" " (file missing)
O23 - Service: Task Manager Help (TskHlp) - Unknown owner - c:\windows\nic\taskmgr.exe

Go to the following folders and delete the highlighted file or folder:

C:\Q92194.exe
C:\Program Files\ISTsvc
C:\WINDOWS\system.exe
C:\WINDOWS\nic
C:\WINDOWS\binml.exe
C:\WINDOWS\ntrvs.exe
C:\WINDOWS\System32\dineman.exe
C:\WINDOWS\System32\veilkd.exe
C:\WINDOWS\System32\dhci2.exe
C:\WINDOWS\System32\SDKc55rezzz2.exe
Also do a search for SDKc55rezzz2.exe and delete any instances found

I hope I didn't miss anything! Make sure all windows are closed other than hijackthis before hitting the Fix button.

Empty your recycle bin.

Get SpywareBlaster, update it, and have it enable all protection; link to it in this thread:

http://www.daniweb.com/techtalkforums/thread5690.html

You should review and consider some of the other utilities there as well.

You may want 'Customize' your ActiveX settings:

The easiest way to get to your ActiveX settings is to Open Internet Explorer, click on the Tools tab, click on Internet Options, click on the Security tab, and then click on the Custom Level button. You will see several options for different settings; go down the list and make the appropriate changes, for example:

This is how I have my ActiveX settings; you can use this as a guide to set your own (If you Enable all the options, you are leaving your system open to unwanted intrusions.):
Download signed ActiveX controls -- Prompt
Download unsigned ActiveX controls -- Disable
Initialize and script ActiveX controls not marked as safe -- Disable
Run ActiveX controls and plug-ins -- Enable
Script ActiveX controls marked safe for scripting -- Enable

The more of these you have Disabled, the safer your system is, but there will be sites that you can't access. Prompting is the next best thing, but constantly clicking OK can be tedious and you usually don't know whether it should be allowed or not. The described combination works best for me, but not be best for you -- it is just shown as a reference.

Reboot

Close all browser windows, scan with hijackthis, and this time post the entire log (including the information at the top that shows your version of hijackthis, operating system, etc.)

0

Logfile of HijackThis v1.99.1
Scan saved at 12:03:11 PM, on 2/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\ntrvs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\nic\taskmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Floppy Master] C:\WINDOWS\system.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O17 - HKLM\System\CCS\Services\Tcpip\..\{304EADA1-3D3D-41E1-AF8E-C5CE70F44FB3}: NameServer = 68.238.0.12 68.238.112.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{304EADA1-3D3D-41E1-AF8E-C5CE70F44FB3}: NameServer = 68.238.0.12 68.238.112.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Microsoft Security Subsystem Provider (eProxy) - Unknown owner - C:\WINDOWS\ntrvs.exe" " (file missing)
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Task Manager Help (TskHlp) - Unknown owner - c:\windows\nic\taskmgr.exe

0

i am also now gettin a runner error when i first start up the computer it says
Runner Error
Invalid Backweb application id 8876480

Thanks Brad

0

Did you remove this if you did you might wanna replace it if you backed up your files/

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

0

i must have because i tried 2 open it and it gave me that message.

thanks

0

its still in the last log you posted


O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

0

You need to go to Windows Update and get the Critical Updates for your system, at least SP2.

Get SpywareBlaster (use the Software tools link in caperjack's signature), update it, and have it enable all protection.

Doing these two things will prevent most of the type of problems that just got cleaned up.

Are you still having trouble with searchfeed and kon4ay?

0

Yikes, hang on a minute- before proceeding with an upgrade to SP2, we need to get that system clean, and it isn't quite there yet.

These entries in the latest log still show signs of infection:

C:\WINDOWS\system.exe
C:\WINDOWS\ntrvs.exe
c:\windows\nic\taskmgr.exe
O4 - HKCU\..\Run: [Floppy Master] C:\WINDOWS\system.exe
O23 - Service: Microsoft Security Subsystem Provider (eProxy) - Unknown owner - C:\WINDOWS\ntrvs.exe" " (file missing)
O23 - Service: Task Manager Help (TskHlp) - Unknown owner - c:\windows\nic\taskmgr.exe


rmsmx,

In one of his previous posts, dlh6213 provided instructions which should have eliminated most of the above entries; did you follow his instructions exactly? At the very least, the entire c:\windows\nic folder should not exist anymore.

0

Ooooo, sorry about that, I meant SP1! Typo! Thanks Dave :)

"Show hidden files and folders" may need to be enabled in order to see those entries DMR noted.

0

Sorry to be jumping on this thread, but I have no idea how to start my own new thread and this one seems to have some of the same problems I'm having. I'm getting pop-ups that appear to be generated from searchfeed.com. As well, my computer in running like it's on the beach (slowly through the sand if you know what I mean). Here is the file generated by Highjackthis. Please let me know what I need to do.
Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 8:12:46 PM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\WINDOWS\io43mvuiw4kj.exe
C:\PROGRA~1\ROCKWE~1\RSCommon\RSObServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
C:\PROGRA~1\ROCKWE~1\RSLINX\RSLINX.EXE
C:\WINDOWS\system32\r_server.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [io43mvuiw4kj] C:\WINDOWS\io43mvuiw4kj.exe
O4 - HKLM\..\Run: [24ab65f1] rundll32.exe "C:\WINDOWS\system32\wqensjgw.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://portal.shiloh.com/swproxy/rdp/msrdp.cab
O16 - DPF: {86151F1E-864B-4419-BAB5-318476BD831B} (TrustedSitesControl Control) - https://portal.shiloh.com/swproxy/rdp/TrustedSitesControl.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://portal.shiloh.com/apps/rdp/msrdp.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://www.shockwave.com/content/zenerchi/sis/ZenerchiWeb.1.0.0.10.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E03EEB49-B0CB-46A3-A84B-BA758243A7B0} (Orbital Launcher) - http://www.shockwave.com/content/thwartpoker/sis/OrbitalLauncher-2.0.3.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCommon\RSObServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OPCEnum - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLINX\RSLINX.EXE
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.