need computer help......

well i need some computer help from one of you computer wizards......2 nites ago my bro wakes me up at 2am telling me that whenever he types in a website now, it goes to a **** site, or one of those fake search engine sites....NOT POPUPS......so last nite i went to see what was up and i went to stangnet, and it showed me another **** site.....so i talked to my friend and he was like download the ewido security suite and/or adaware, so i was like fine.....went to download it, and i got 2 more **** sites.....so i went down to ths computer and i downloaded the ewido install file, as well as teh adaware install file, and popped em on a disc....now i go back up and load em both in, and do full computer scans on EACH software....i used ewido first and it found like over 400 infected flies (trojans, adware, etc.), and adaware found only like 10 files so i was happy that at least i knew ewido worked....so then i restarted the comp, and the same thing kept happening online, and now like 10 of his favorites are just **** sites :damnit: ......i dont know what to do now, and dont wanna reinstall XP cause our whole network for the house is on there, and its a custom writted program or something...my dads computer friend set it up.....anyway SOMEONE PLEASE HELP!!!
 
I'll try to help a lil bit. First thing first. Since you're on XP, follow this link to Microsoft's Antispyware software. Install and leave it runnin all the time. Its not the greatest, but it's good.

http://www.microsoft.com/downloads/...A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

After that, you really need to go behind it with another one (I recommend Adaware again). If you are still gettin hit with it, you can find some freeware on the net to reset all of IE's defaults. Do this. Then if you feel brave, start going through your registry (regedit or regedt32) to clean up the remainder.

Some of those can be a pain, especially the porno. Ive seen several that were nasty infections. Just for kicks, yes Im A+ and Network+ certified. Yeah, I know they were gravy tests :D
 
Easiest thing to do... start>run type in msconfig. Go to the startup tab and disable everything from starting up. That should stop the spyware from starting up. Then go to your start menu go to programs and startup make sure theres nothing in there. Then restart and then do spyware removal using SpyBot Search and Destroy. Then get your ass of IE and use Firefox.
 
MOTHER ****ER!!!!!!! i went on and disabled everything in the startup menu, but one of em is for the internet connection, but idk which one it is.... and you need the internet to DL updates for SpyBot S&D.....****!!!!!!! not to mention even after i did disable everything, when i opened up IE, it showed that it was trying to open a **** site.....more help please!!!!!!!!!!!!! :(
 
ok, this might be a certain situation and not apply to you... but this thing happened to my buddy once, it would do almost the same thing

after a few days of us screwing with it, we found some 'fine print' at the bottom of every site it kept going to and all you had to do was follow the instructions and it was disabled

anyways, maybe there's something like that on urs... worth a shot

can't you do a system restore to a time before the virus was attained?
 
donjohn said:
ok, this might be a certain situation and not apply to you... but this thing happened to my buddy once, it would do almost the same thing

after a few days of us screwing with it, we found some 'fine print' at the bottom of every site it kept going to and all you had to do was follow the instructions and it was disabled

anyways, maybe there's something like that on urs... worth a shot

can't you do a system restore to a time before the virus was attained?
may i ask how you do this system restore???....im sry for all the questions, i know a decent amount about computers, i just dont know diagnostic stuff like this :mad:
 
stprorolla49 said:
may i ask how you do this system restore???....im sry for all the questions, i know a decent amount about computers, i just dont know diagnostic stuff like this :mad:

so it sounds like it reset ur homepage, so make sure you change that... even though it will most likely change it again anyways b/c that's what happened to my buddy, make sure to look for the fine print

i was just informend the system restore probably wouldn't work... but it might
start -> accessories -> system tools -> system restore

and stop using IE.. use firefox, or avant... i use avant
 
To restore your internet if it's DSL just go to your network connections and double click on the DSL connection. It should connect, unless you need to open a program like verizon connect which should be in the start menu.
 
thanks guys....well ive been informed by one of my friends whos amazing with computers, that a system restore probably wont work, and that i really needa just back up all my bros stuff on there, and reinstall XP.......i dont wanna have to do all that **** tho.....any other suggestions guys??
 
stprorolla49 said:
thanks guys....well ive been informed by one of my friends whos amazing with computers, that a system restore probably wont work, and that i really needa just back up all my bros stuff on there, and reinstall XP.......i dont wanna have to do all that **** tho.....any other suggestions guys??


See my previous post...Post your HijackThis log then I can help you out some more...

Oh yeah, turn all your startup items back on in msconfig before you run hijackthis.
 
aite guys heres my log.....

Logfile of HijackThis v1.99.1
Scan saved at 2:13:24 PM, on 7/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\mwsvm.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\emsw.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\gooon\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/gall.php?url=msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=0F617045-C68A-4805-B822-CE5D3CAE85BA&version_id=18
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts file is located at: C:\WINDOWS\help\hosts
O1 - Hosts: 88.88.88.88 elite
O1 - Hosts: 207.44.220.30 www.google.akadns.net
O1 - Hosts: 207.44.220.30 www.google.com
O1 - Hosts: 207.44.220.30 google.com
O1 - Hosts: 207.44.220.30 www.altavista.com
O1 - Hosts: 207.44.220.30 altavista.com
O1 - Hosts: 207.44.220.30 search.yahoo.com
O1 - Hosts: 207.44.220.30 uk.search.yahoo.com
O1 - Hosts: 207.44.220.30 ca.search.yahoo.com
O1 - Hosts: 207.44.220.30 jp.search.yahoo.com
O1 - Hosts: 207.44.220.30 au.search.yahoo.com
O1 - Hosts: 207.44.220.30 de.search.yahoo.com
O1 - Hosts: 207.44.220.30 search.yahoo.co.jp
O1 - Hosts: 207.44.220.30 www.lycos.de
O1 - Hosts: 207.44.220.30 www.lycos.ca
O1 - Hosts: 207.44.220.30 www.lycos.jp
O1 - Hosts: 207.44.220.30 www.lycos.co.jp
O1 - Hosts: 207.44.220.30 alltheweb.com
O1 - Hosts: 207.44.220.30 web.ask.com
O1 - Hosts: 207.44.220.30 ask.com
O1 - Hosts: 207.44.220.30 www.ask.com
O1 - Hosts: 207.44.220.30 www.teoma.com
O1 - Hosts: 207.44.220.30 search.aol.com
O1 - Hosts: 207.44.220.30 www.looksmart.com
O1 - Hosts: 207.44.220.30 auto.search.msn.com
O1 - Hosts: 207.44.220.30 search.msn.com
O1 - Hosts: 207.44.220.30 ca.search.msn.com
O1 - Hosts: 207.44.220.30 fr.ca.search.msn.com
O1 - Hosts: 207.44.220.30 search.fr.msn.be
O1 - Hosts: 207.44.220.30 search.fr.msn.ch
O1 - Hosts: 207.44.220.30 search.latam.yupimsn.com
O1 - Hosts: 207.44.220.30 search.msn.at
O1 - Hosts: 207.44.220.30 search.msn.be
O1 - Hosts: 207.44.220.30 search.msn.ch
O1 - Hosts: 207.44.220.30 search.msn.co.in
O1 - Hosts: 207.44.220.30 search.msn.co.jp
O1 - Hosts: 207.44.220.30 search.msn.co.kr
O1 - Hosts: 207.44.220.30 search.msn.com.br
O1 - Hosts: 207.44.220.30 search.msn.com.hk
O1 - Hosts: 207.44.220.30 search.msn.com.my
O1 - Hosts: 207.44.220.30 search.msn.com.sg
O1 - Hosts: 207.44.220.30 search.msn.com.tw
O1 - Hosts: 207.44.220.30 search.msn.co.za
O1 - Hosts: 207.44.220.30 search.msn.de
O1 - Hosts: 207.44.220.30 search.msn.dk
O1 - Hosts: 207.44.220.30 search.msn.es
O1 - Hosts: 207.44.220.30 search.msn.fi
O1 - Hosts: 207.44.220.30 search.msn.fr
O1 - Hosts: 207.44.220.30 search.msn.it
O1 - Hosts: 207.44.220.30 search.msn.nl
O1 - Hosts: 207.44.220.30 search.msn.no
O1 - Hosts: 207.44.220.30 search.msn.se
O1 - Hosts: 207.44.220.30 search.ninemsn.com.au
O1 - Hosts: 207.44.220.30 search.t1msn.com.mx
O1 - Hosts: 207.44.220.30 search.xtramsn.co.nz
O1 - Hosts: 207.44.220.30 search.yupimsn.com
O1 - Hosts: 207.44.220.30 uk.search.msn.com
O1 - Hosts: 207.44.220.30 search.lycos.com
O1 - Hosts: 207.44.220.30 www.lycos.com
O1 - Hosts: 207.44.220.30 www.google.ca
O1 - Hosts: 207.44.220.30 google.ca
O1 - Hosts: 207.44.220.30 www.google.uk
O1 - Hosts: 207.44.220.30 www.google.co.uk
O1 - Hosts: 207.44.220.30 www.google.com.au
O1 - Hosts: 207.44.220.30 www.google.co.jp
O1 - Hosts: 207.44.220.30 www.google.jp
O1 - Hosts: 207.44.220.30 www.google.at
O1 - Hosts: 207.44.220.30 www.google.be
O1 - Hosts: 207.44.220.30 www.google.ch
O1 - Hosts: 207.44.220.30 www.google.de
O1 - Hosts: 207.44.220.30 www.google.se
O1 - Hosts: 207.44.220.30 www.google.dk
O1 - Hosts: 207.44.220.30 www.google.fi
O1 - Hosts: 207.44.220.30 www.google.fr
O1 - Hosts: 207.44.220.30 www.google.com.gr
O1 - Hosts: 207.44.220.30 www.google.com.hk
O1 - Hosts: 207.44.220.30 www.google.ie
O1 - Hosts: 207.44.220.30 www.google.co.il
O1 - Hosts: 207.44.220.30 www.google.it
O1 - Hosts: 207.44.220.30 www.google.co.kr
O1 - Hosts: 207.44.220.30 www.google.com.mx
O1 - Hosts: 207.44.220.30 www.google.nl
O1 - Hosts: 207.44.220.30 www.google.co.nz
O1 - Hosts: 207.44.220.30 www.google.pl
O1 - Hosts: 207.44.220.30 www.google.pt
O1 - Hosts: 207.44.220.30 www.google.com.ru
O1 - Hosts: 207.44.220.30 www.google.com.sg
O1 - Hosts: 207.44.220.30 www.google.co.th
O1 - Hosts: 207.44.220.30 www.google.com.tr
O1 - Hosts: 207.44.220.30 www.google.com.tw
O1 - Hosts: 207.44.220.30 go.google.com
O1 - Hosts: 207.44.220.30 google.at
O1 - Hosts: 207.44.220.30 google.be
O1 - Hosts: 207.44.220.30 google.de
O1 - Hosts: 207.44.220.30 google.dk
O1 - Hosts: 207.44.220.30 google.fi
O1 - Hosts: 207.44.220.30 google.fr
O1 - Hosts: 207.44.220.30 google.com.hk
O1 - Hosts: 207.44.220.30 google.ie
O1 - Hosts: 207.44.220.30 google.co.il
O1 - Hosts: 207.44.220.30 google.it
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {76CD0C61-FE78-40EB-899F-C03910EFFFC6} - C:\WINDOWS\System32\dpnlobgby.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AIMSite Class - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\Program Files\AIM Toolbar\aimhelper.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: SuperBar - {97F13131-5301-4590-9DFC-5877920105A8} - C:\Program Files\SUPERBAR\SUPERBAR1.dll (file missing)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D3FA-F27BA787AD2D} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [whfewyp] c:\windows\system32\ghkcoqz.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\Updater\wupdater.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [Rundll16] C:\WINDOWS\rundll16.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [lybfdf] c:\windows\system32\gkbohw.exe r
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [couponsandoffers] wjview /cp:p "C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers"
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://103.nowfind.biz/gall.php?url=
O13 - WWW Prefix: http://103.nowfind.biz/gall.php?url=
O13 - Home Prefix: http://103.nowfind.biz/gall.php?url=
O13 - Mosaic Prefix: http://103.nowfind.biz/gall.php?url=
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {885BB46A-3F1E-44C3-A01B-A7D9260CC98B} (InstallShield Update Service Setup Player) - http://updates.installshield.com/CAB/dwusplay.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} (WildTangent Active Launcher) - http://install.wildtangent.com/cda/islandrally/ActiveLauncher/ActiveLauncherSetup.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = verizon.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = verizon.net
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

The URL that i made red is the type of URL that opens when i type in www.stangnet.com for instance.........
PLEASE HELP!! :flag:
 
Scan again and check these and fix checked. Restart scan again and post it again.

O3 - Toolbar: SuperBar - {97F13131-5301-4590-9DFC-5877920105A8} - C:\Program Files\SUPERBAR\SUPERBAR1.dll (file missing)

O13 - DefaultPrefix: http://103.nowfind.biz/gall.php?url=
O13 - WWW Prefix: http://103.nowfind.biz/gall.php?url=
O13 - Home Prefix: http://103.nowfind.biz/gall.php?url=
O13 - Mosaic Prefix: http://103.nowfind.biz/gall.php?url=

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/gall.php?url=msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php


edit: LOw5.0 has a better to do list