I have been having a problem surfing the net for the past 2 weeks or so. When I try to go to a new web page it either takes a long time to open or gives me the "Page cannot be displayed" message. I have run Spybot, Spysweeper, Ewido, Norton, etc., and have found some spyware, but not whatever is causing this problem. Maybe someone can help me out with this. My OS is Windows XP and my internet service is Verizon DSL. Here is my HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 9:19:49 PM, on 04/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coursedownloads.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {69F81274-B44F-2890-D021-67557CDF741D} - C:\WINDOWS\system32\gia.dll (file missing)
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: cpcScanner - [url]http://www.crucial.com/controls/cpcScanner.cab[/url]
O16 - DPF: Yahoo! Bingo - [url]http://download.games.yahoo.com/games/clients/y/xt0_x.cab[/url]
O16 - DPF: Yahoo! Blackjack - [url]http://download.games.yahoo.com/games/clients/y/jt0_x.cab[/url]
O16 - DPF: Yahoo! Dots - [url]http://download.games.yahoo.com/games/clients/y/dtt1_x.cab[/url]
O16 - DPF: Yahoo! Graffiti - [url]http://download.games.yahoo.com/games/clients/y/grt5_x.cab[/url]
O16 - DPF: Yahoo! Pool 2 - [url]http://download.games.yahoo.com/games/clients/y/potb_x.cab[/url]
O16 - DPF: Yahoo! Spades - [url]http://download.games.yahoo.com/games/clients/y/st2_x.cab[/url]
O16 - DPF: Yahoo! Trivia - [url]http://download.games.yahoo.com/games/clients/y/tvt0_x.cab[/url]
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - [url]http://www.windowsecurity.com/trojanscan/TDECntrl.CAB[/url]
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [url]http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab[/url]
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - [url]http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab[/url]
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - [url]https://www.gamespyid.com/alaunch.cab[/url]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [url]http://www.nick.com/common/groove/gx/GrooveAX27.cab[/url]
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - [url]http://imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.3.cab[/url]
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - [url]http://chat.yahoo.com/cab/yacsui.cab[/url]
O16 - DPF: {7EB15626-CB8E-4174-8A72-C055B12B4310} - [url]http://smartdownloader.com/installer.dll[/url]
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} - [url]http://esb.alcena.com/ESBAdultInstaller.ocx[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab[/url]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - [url]http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab[/url]
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - [url]http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab[/url]
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - [url]http://fdl.msn.com/zone/datafiles/heartbeat.cab[/url]
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - [url]http://download.abacast.com/download/files/abasetup151.cab[/url]
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab[/url]
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - [url]http://www.snapfish.com/SnapfishUpload.cab[/url]
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Hello and Welcome to PCGuide....

Please open and HJT scan and put checks by:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {69F81274-B44F-2890-D021-67557CDF741D} - C:\WINDOWS\system32\gia.dll (file missing)
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://imgfarm.com/images/nocache/m...etup1.0.0.3.cab
O16 - DPF: {7EB15626-CB8E-4174-8A72-C055B12B4310} - http://smartdownloader.com/installer.dll
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} - http://esb.alcena.com/ESBAdultInstaller.ocx

Then close all open windows except HJT and click Fix checked....

Next reboot and post a fresh log... Note any continued problems...

Thanks for the quick response Budfred. I did what you suggested, but still seem to be having the same problem. It seems to come and go. Sometimes I can go to a page quickly while other times it will lag before the page opens or Page cannot be displayed. I play Tiger Woods PGA Tour 2005 (pc version) online and get bumped out of games because of it sometimes. Anyway, here is a fresh HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:24:59 PM, on 04/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coursedownloads.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: cpcScanner - [url]http://www.crucial.com/controls/cpcScanner.cab[/url]
O16 - DPF: Yahoo! Bingo - [url]http://download.games.yahoo.com/games/clients/y/xt0_x.cab[/url]
O16 - DPF: Yahoo! Blackjack - [url]http://download.games.yahoo.com/games/clients/y/jt0_x.cab[/url]
O16 - DPF: Yahoo! Dots - [url]http://download.games.yahoo.com/games/clients/y/dtt1_x.cab[/url]
O16 - DPF: Yahoo! Graffiti - [url]http://download.games.yahoo.com/games/clients/y/grt5_x.cab[/url]
O16 - DPF: Yahoo! Pool 2 - [url]http://download.games.yahoo.com/games/clients/y/potb_x.cab[/url]
O16 - DPF: Yahoo! Spades - [url]http://download.games.yahoo.com/games/clients/y/st2_x.cab[/url]
O16 - DPF: Yahoo! Trivia - [url]http://download.games.yahoo.com/games/clients/y/tvt0_x.cab[/url]
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - [url]http://www.windowsecurity.com/trojanscan/TDECntrl.CAB[/url]
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [url]http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab[/url]
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - [url]http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab[/url]
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - [url]https://www.gamespyid.com/alaunch.cab[/url]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [url]http://www.nick.com/common/groove/gx/GrooveAX27.cab[/url]
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - [url]http://chat.yahoo.com/cab/yacsui.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab[/url]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - [url]http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab[/url]
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - [url]http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab[/url]
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - [url]http://fdl.msn.com/zone/datafiles/heartbeat.cab[/url]
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - [url]http://download.abacast.com/download/files/abasetup151.cab[/url]
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab[/url]
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - [url]http://www.snapfish.com/SnapfishUpload.cab[/url]
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Your log looks clean...

Try running an MWavScan... It will produce a log in the lower right hand corner, but only the part at the bottom will have the bad files... You will need to use Ctrl-C to copy it and then paste that section here for review....

http://www.mwti.net/antivirus/free_utilities.asp

Here is the results from the MWAV scan:

File System Found infected by "vendor Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Narrator Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\NLNP13.dll infected by "not-a-virus:AdWare.IGetNet" Virus. Action Taken: No Action Taken.
File C:\aida32ee_393.zip tagged as not-a-virus:RiskWare.Tool.AIDA.3862. No Action Taken.
File C:\Documents and Settings\EDDIE WASHINGTON\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\EDDIE WASHINGTON\My Documents\aida32.bin tagged as not-a-virus:RiskWare.Tool.AIDA.3862. No Action Taken.
File C:\Documents and Settings\EDDIE WASHINGTON\My Documents\aida32.exe tagged as not-a-virus:RiskWare.Tool.AIDA.3862. No Action Taken.
File C:\Program Files\iMesh\Client\TTIL_imesh.exe infected by "not-a-virus:AdWare.EZula.d" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\gsda.dll tagged as not-a-virus:RiskWare.Downloader.SpyGame. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll infected by "not-a-virus:AdWare.Toolbar.Yahoo" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\NLNP13.dll infected by "not-a-virus:AdWare.IGetNet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\windialup\2443[1]\windialup.exe infected by "not-a-virus:Porn-Dialer.Win32.RTSMini" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtbgm\wtbgmtt.exe infected by "not-a-virus:AdWare.WildTangent.a" Virus. Action Taken: No Action Taken.


I also wanted to note that when I'm on the internet early in the Morning or very late at night, it runs just fine. Could this be that Verizon DSL in my area is less busy at that time? Just seems weird since I have nevered had a problem until about 2 weeks ago.

You have some garbage there that may be the source of the problem and it is not showing up in HJT, so we will need to manually kill it... Please download KillBox from the same link as HJT in my signature and install it... Open it and copy/paste this entire block into the dialogue window for Delete on reboot... You will need to confirm each one when you go with the fix....

C:\WINDOWS\system32\NLNP13.dll
C:\Program Files\iMesh\Client\TTIL_imesh.exe
C:\WINDOWS\system32\windialup\2443[1]\windialup.exe

WildTangent is a foistware program which means it is optional, but it may allow other garbage into your system, so I recommend fixing it...

C:\Documents and Settings\EDDIE WASHINGTON\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat
C:\WINDOWS\wt\wtbgm\wtbgmtt.exe

After the reboot, run MWavScan again and see if they are gone... Post back here with progress and a fresh HJT log...

Thanks. I will do that. One other question about my HJT log. What is this?:

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


I have Verizon DSL and not America Online.

It is from AOL, read this:

http://www.liutilities.com/products/wintaskspro/processlibrary/wanmpsvc/

You can fix it if you would like...

Do you have any weird spyware installed? They may be attacking through your IE.

gary_hendricks,

If you read through the thread, you will see that we have been trying to deal with the malware in this system...

Here is what I got after the new MWavScan:

File System Found infected by "vendor Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Narrator Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\aida32ee_393.zip tagged as not-a-virus:RiskWare.Tool.AIDA.3862. No Action Taken.
File C:\Documents and Settings\EDDIE WASHINGTON\My Documents\aida32.bin tagged as not-a-virus:RiskWare.Tool.AIDA.3862. No Action Taken.
File C:\Documents and Settings\EDDIE WASHINGTON\My Documents\aida32.exe tagged as not-a-virus:RiskWare.Tool.AIDA.3862. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\gsda.dll tagged as not-a-virus:RiskWare.Downloader.SpyGame. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll infected by "not-a-virus:AdWare.Toolbar.Yahoo" Virus. Action Taken: No Action Taken.

Here is a fresh HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:35:16 AM, on 04/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\kmw_run.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coursedownloads.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: cpcScanner - [url]http://www.crucial.com/controls/cpcScanner.cab[/url]
O16 - DPF: Yahoo! Bingo - [url]http://download.games.yahoo.com/games/clients/y/xt0_x.cab[/url]
O16 - DPF: Yahoo! Blackjack - [url]http://download.games.yahoo.com/games/clients/y/jt0_x.cab[/url]
O16 - DPF: Yahoo! Chess - [url]http://download.games.yahoo.com/games/clients/y/ct2_x.cab[/url]
O16 - DPF: Yahoo! Dots - [url]http://download.games.yahoo.com/games/clients/y/dtt1_x.cab[/url]
O16 - DPF: Yahoo! Graffiti - [url]http://download.games.yahoo.com/games/clients/y/grt5_x.cab[/url]
O16 - DPF: Yahoo! Pool 2 - [url]http://download.games.yahoo.com/games/clients/y/potb_x.cab[/url]
O16 - DPF: Yahoo! Spades - [url]http://download.games.yahoo.com/games/clients/y/st2_x.cab[/url]
O16 - DPF: Yahoo! Trivia - [url]http://download.games.yahoo.com/games/clients/y/tvt0_x.cab[/url]
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - [url]http://www.windowsecurity.com/trojanscan/TDECntrl.CAB[/url]
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - [url]http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab[/url]
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - [url]http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab[/url]
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - [url]https://www.gamespyid.com/alaunch.cab[/url]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [url]http://www.nick.com/common/groove/gx/GrooveAX27.cab[/url]
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - [url]http://chat.yahoo.com/cab/yacsui.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab[/url]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[/url]
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - [url]http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab[/url]
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - [url]http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab[/url]
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - [url]http://fdl.msn.com/zone/datafiles/heartbeat.cab[/url]
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - [url]http://download.abacast.com/download/files/abasetup151.cab[/url]
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab[/url]
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - [url]http://www.snapfish.com/SnapfishUpload.cab[/url]
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

In addition to what Budfred told me to do, I was able to free up 12 gigs of space by transferring a bunch of pictures and downloaded music over to Cd-Roms. As of right now my internet problems seem to be solved. Thanks Budfred for all of your help. It is greatly appreciated. If you notice anything in the fresh logs that I posted that I should take care of, Please let me know.

:)

This is odd... I have never seen one of these return... I suggest fixing it again:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

Otherwise your logs look good... Here is my prevention speech to help keep it that way...

This is a good time to set up protection against further
attacks. Read the article linked below about "How did I
get infected". You need an antivirus that is updated, a
good firewall (a router firewall is not enough) and a
spyware blocker like SpywareBlaster and also IE-Spyads.
All of these have good free versions available... be very
cautious about any security software that advertises in
popups or other intrusive ways, they are not only usually
useless, but also often have malware in them....

http://www.computercops.biz/postlite7736-.html