Please follow all this advice IN SEQUENCE!!!
C:\Documents and Settings\mark montijo\
Desktop\hijackthis\HijackThis.exe
Follow these instructions
EXACTLY and put
HijackThis in e.g.
C:\Program Files\HJT and
NOT in Temp or on the Desktop!.
Read: How to remove Begin2Search/Coolwebsearch and Other Nasties
Follow
Read: How to remove Aurora/Nailfix
Follow
Read: How to remove Trojans and its ilk!
The crap underneath should all be taken care of during the above procedures.
............................................................................
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://rd.yahoo.com/customize/yessentials/defaults/*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://rd.yahoo.com/customize/yessentials/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://rd.yahoo.com/customize/yessentials/defaults/*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r4.attbi.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: (no name) - {060C43CD-DE0C-BBB7-2AF9-DCF8FEE198CF} - C:\WINDOWS\system32\atepkrb.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [fxcbxkt] C:\WINDOWS\system32\crxpgv.exe r
O4 - HKCU\..\Run: [WinSettings Pro] C:\Program Files\WinSettings Pro\Sysshop.Exe /load
O4 - HKCU\..\Run: [Iinl] "C:\Program Files\sami\emia.exe" -vt wnew
O4 - HKCU\..\Run: [Yqq] C:\WINDOWS\system32\l?gonui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abacast.com/download/files/abasetup152.cab
plus a boatload of entries with
(file missing)
........................................................................
When done, post a fresh HJT-log (from Safe Mode)