What is this?

Please follow all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal >

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

After running the above steps if this problem still exists read the following to understand guidelines about posting HijackThis logs as attachments and what else to do before scanning with HijackThis and then post a .txt file attachment of your log. Be sure you have the correct version (1.98.2).

NOTE: You should read the tutorial in this Sticky thread < Hijack This Tutorial And How To Post Your Log File > Do not post a HijackThis log until we ask you to and when we do it must be text document attachment to your message.

Update! Due to Hijack This logs destroying search engine and web site searches, we now ask you do not post your Hijack This log file unless requested by us. It is for advanced users, so if you do not understand how to use it, you do not need it....yet. Instead, please tell us in your post what symptoms you are experiencing so we can try and resolve it that way. When, and if, we ask you to post your log file, please attach it as a file. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder or

 

Post a current HJT log as an attachment and I'll have a look.

And when you say you are being hijacked, where does it hijack you too?
And tell me what you expect your home page to be?

 

First, do not run HJT from a temp folder: C:\DOCUME~1\Sanita\LOCALS~1\Temp\HijackThis.exe
Did you read the tutorial sticky thread? And is this your complete log? It ends at the O9 section?

You should have run the online scans from the READ ME FIRST TUTORIAL. They may have help fix one of you Trojan problems. cmdcon.exe is TROJ_CRYPTER.A

Configure Windows Explorer to see hidden files and folders: http://forums.majorgeeks.com/showthread.php?t=37650

Print or save the below locally because when I have you exit all IE sessions in the next step, I do not want you to run it again until I ask you to. Make sure you know how to boot to safe mode (don't do it yet)
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Run HijackThis and put checks on the following but DO NOT CLICK FIX until you exit all Internet Explorer sessions (including the one you are reading this from):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://on-search.com/
F3 - REG:win.ini: run=C:\WINNT\inetm\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [Cmdcon] c:\winnt\system32\cmdcon.exe
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inetm\services.exe
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inetm\services.exe

After fixing those line, REBOOT immediately to safe mode


Bring up Task Manager and end the following process (if found):
cmdcon.exe

Open Windows Explorer and locate and delete the below:
C:\WINNT\inetm\services.exe
c:\winnt\system32\cmdcon.exe

Now reboot normal and run IE and come back here and tell me how things are running. Take a look at your HJT log and make sure nothing came back. Post it if you want.

 

You need to do the online scans. They quite often find things that Symantec and McAfee do not. That is why we suggest them.

Not according to your previous HJT log. Did you move it afterwards?