I been hijacked !

[relaxedman]

Ok noticed this problem for about a week and came here to read up on what is needed to fix ... Hi I need help here is my hijack this log file

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\dad\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk788KUUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...reeInstall.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_c...ex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://sympatico.zone.msn.com/bingam...jolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
O16 - DPF: {F7B91BD4-2325-47E1-8EBD-AA4262C577A5} - http://www.ikbtws.com/download/traffix.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09DD7503-3E84-4AE2-9AE9-10927EB4C0D7}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{41B869D8-A32B-4DA7-B941-2E4ADE54A2CD}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{711218DB-7804-41A0-BD6D-24A81048B747}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{7415842B-785A-43AB-9847-815EBD9EBF76}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AEC986E-C7F6-4115-AFEB-15F9696B022A}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8A03B72-36A5-4C74-8F62-C57FB4BB6894}: NameServer = 85.255.116.25,85.255.112.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{09DD7503-3E84-4AE2-9AE9-10927EB4C0D7}: NameServer = 85.255.116.25,85.255.112.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

I have deinstalled all the old java updates and found an i-search gladiator program hiding in one of them which I got out.
I can not do disk clean-ups, searches, and Ad-Aware SE locks up every time in the temp internet files at a certain point everytime so please tell me what to look for as I will be reading other posts here and seeing if there is anything I can do in the mean time.

Thanks ahead of time for the help

[Milwaukee]

Hey try that http://free.grisoft.com/softw/70free...p-7.5.0.50.exe

[EXreaction]

Bad ones I noticed:
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk788KUUS
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
Unknown
O16 - DPF: {F7B91BD4-2325-47E1-8EBD-AA4262C577A5} - http://www.ikbtws.com/download/traffix.cab

Also, if you did not manually configure your IP address settings, fix all of the O17 stuff.

[relaxedman]

What about the R1's ?
oh and when I do a yahoo search for anything I get
PC-illin a warning that it's a dangerous page with the following address given

http://85.255.119.186/frame.php

Oh and when I do my ADware scan I stop on the following spot everytime
C:\Documents and Settings\dad/Local Settings\Temp\Temporary Internet Files\Content.IE5\KPAJK917
I do a search on this and I get a windows error and it kicks me out everytime.

[EXreaction]

Ok, then it sounds like the problem is from all those O17's I mentioned. Someone is making you go through their proxy (could be recording anything you send, including passwords and other sensitive data).

Then install Crap Cleaner and run it.
http://www.filehippo.com/download/df...a0eb/download/

[relaxedman]

Well the cleaner got me to where I can do scans now and I don't get that warning when I use a search engine so thank you

if anyone sees stuff on there that also needs to get blocked/taken off please let me know

[kenboyles72]

Delete these (bad):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk788KUUS

This is QuickTime Installer, safe to delete or fix.
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe

The following point to xbox.dedi.inhoster.com, this may be you ISP. If you do not recognize this, delete/fix it.

O17 - HKLM\System\CCS\Services\Tcpip\..\{09DD7503-3E84-4AE2-9AE9-10927EB4C0D7}: NameServer = 85.255.116.25,85.255.112.94

O17 - HKLM\System\CCS\Services\Tcpip\..\{41B869D8-A32B-4DA7-B941-2E4ADE54A2CD}: NameServer = 85.255.116.25,85.255.112.94

O17 - HKLM\System\CCS\Services\Tcpip\..\{711218DB-7804-41A0-BD6D-24A81048B747}: NameServer = 85.255.116.25,85.255.112.94

O17 - HKLM\System\CCS\Services\Tcpip\..\{7415842B-785A-43AB-9847-815EBD9EBF76}: NameServer = 85.255.116.25,85.255.112.94

O17 - HKLM\System\CCS\Services\Tcpip\..\{8AEC986E-C7F6-4115-AFEB-15F9696B022A}: NameServer = 85.255.116.25,85.255.112.94

O17 - HKLM\System\CCS\Services\Tcpip\..\{C8A03B72-36A5-4C74-8F62-C57FB4BB6894}: NameServer = 85.255.116.25,85.255.112.94

O17 - HKLM\System\CS1\Services\Tcpip\..\{09DD7503-3E84-4AE2-9AE9-10927EB4C0D7}: NameServer = 85.255.116.25,85.255.112.94

[FRANKSnBEANS]

http://www.techimo.com/forum/t137826.html