HELP 1on1 highjack dialer problem complements of Edvan Solutions

I have picked up the 1on1 dailer/xxxserver whilst being connected to the net which charges my tel. with premium rate calls and as yet I have not been able to get rid of it. I have investigated this on the net and performed the following tasks:
1. Cleaned my registry, searching for 1on1, uk3.exe, uk5.exe, uk7.exe sysdaemg.exe, sysinf.exe, Svchost.exe, Isass.exe, csrss.exe (not the good ms program in system32)
2. Checked and deleted same files in c:
3. Downloaded and run Spybot Search & Destroy
4. Downloaded and run Adaware
5. Download and run Hijackthis (below is the Log file from this)

Logfile of HijackThis v1.97.7
Scan saved at 10:08:35 PM, on 5/5/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\s3hksrv.exe
C:\WINNT\system32\Hotkey.exe
C:\WINNT\system32\spoolss.exe
C:\PROGRA~1\NETWOR~1\DRSOLO~1\AMGRSRVC.EXE
C:\WINNT\system32\CPQAlert.exe
C:\WINNT\System32\hibserv.exe
C:\Program Files\Network Associates\Dr Solomon's VirusScan NT\MCSHIELD.EXE
C:\PROGRA~1\NETWOR~1\DRSOLO~1\VSTSKMGR.EXE
C:\WINNT\system32\RpcSs.exe
C:\WINNT\system32\tapisrv.exe
C:\WINNT\system32\rasman.exe
C:\WINNT\System32\esserver.exe
C:\WINNT\System32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\SENS.EXE
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\cpqwin\ntspd\pwricon.exe
C:\Program Files\COMPAQ\Programmable Keys NT\CPQKL.EXE
C:\Program Files\COMPAQ\Programmable Keys NT\cpqkt.exe
C:\WINNT\System32\CHKADMIN.EXE
C:\Program Files\Network Associates\Dr Solomon's VirusScan NT\SHSTAT.EXE
C:\WINNT\System32\qttask.exe
C:\WINNT\System32\spool\drivers\w32x86\hpztsb05.exe
C:\WINNT\loadqm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\TEMP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btopenworld.com/welcome/0,8492,,00.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 57.198.80.61 lonxsn01
O1 - Hosts: 57.198.80.62 lonxsn02
O1 - Hosts: 57.198.80.63 lonxsn03
O1 - Hosts: 57.198.80.172 lonxsn06
O1 - Hosts: 66.40.16.227 www.yahoo.org
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PwrIcon] C:\WINNT\cpqwin\ntspd\pwricon.exe
O4 - HKLM\..\Run: [Compaq_PK_Daemon] C:\Program Files\COMPAQ\Programmable Keys NT\CPQKL.EXE
O4 - HKLM\..\Run: [Compaq PK Tray Notification] C:\Program Files\COMPAQ\Programmable Keys NT\cpqkt.exe
O4 - HKLM\..\Run: [ChkAdmin] CHKADMIN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\Dr Solomon's VirusScan NT\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [WebInstall2] C:\TEMP\ins8.tmp /R /A
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINNT\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\hpztsb05.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: ICWStart.bat
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: GoHip! - http://www.gohip.com/
O13 - WWW. Prefix: http://
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4025.cab


Please can anyone confirm what files from this log I should also delete in order to resolve my problem (and just clean up my pc).

Thks Sprog

 

Hi sprog,

Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
These easily get lost in a Temp folder.

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)

O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [WebInstall2] C:\TEMP\ins8.tmp /R /A

O8 - Extra context menu item: GoHip! - http://www.gohip.com/
O13 - WWW. Prefix: http://

Then reboot and use DiskCleanup to empty out all your Temp files.

Also have a look here:
http://www.wilders.org/firewalls.htm
and here:
https://www.wilderssecurity.com/showthread.php?t=27971

Regards,

Pieter