Here is my new log, i could not find R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.qxbokhspd...iiQL8NpODc.html though:
Logfile of HijackThis v1.99.1
Scan saved at 15:43:36, on 20/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\popuper.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\intmonp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\hookdump.exe
C:\WINDOWS\system32\intmon.exe
C:\PROGRA~1\Toolbar\PIB.exe
c:\PROGRA~1\Toolbar\radio.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Tim\Desktop\BoBs\Hijack Homepage\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.oneclicks...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.oneclicks...es.com/bar.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.oneclicks...earch.php?qq=%1R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://uk.red.client...arch.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.oneclicks...earch.php?qq=%1R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.oneclicks...earch.php?qq=%1R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://hp.naupoint.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://hp.naupoint.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.oneclicks...earch.php?qq=%1R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.oneclicksearches.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.qxbokhspd...iiQL8NpODc.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
http://hp.naupoint.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{341FB59F-3507-443b-8147-423B4E3B2B15} - (no file)
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpA24A.tmp
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Global License First Help] C:\Documents and Settings\All Users\Application Data\Four2GlobalLicense\defysite.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe
O4 - HKCU\..\Run: [Bash Ace] C:\DOCUME~1\Tim\APPLIC~1\OBJLOG~1\hole start internet.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra button: Homepage - {E3917CF3-03C3-4FAC-BB9B-1FDF2D28918D} -
http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {E5B52AE4-A0C0-46DD-9438-385DC5DEA47F} -
http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F6A6D992-BBB6-49CE-94C6-CC6E8A162713} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F6A6D992-BBB6-49CE-94C6-CC6E8A162713} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9733.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.boxsearch.net
O15 - Trusted Zone: *.webseeking.com
O15 - Trusted Zone:
http://ny.contentmatch.net (HKLM)
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) -
http://www.thepaymen...ild/vbiewer.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab30149.cabO16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windup...bridge-c283.cabO16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windup...e/bridge-c9.cabO16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) -
http://us.dl1.yimg.c..._1/yregucfg.cabO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.co...etup1.0.0.8.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) -
http://www.spywarest...es2/Install.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
http://www.errorguar...ion/Install.cabO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.co...wnload/cult.cabO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
http://www.fileplane...DC_1_0_0_44.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1408.g.akama...iTunesSetup.exeO16 - DPF: {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} -
http://naupoint.com/...er/iEBINST2.cabO16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
http://static.topcon...vex/loader2.ocxO16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
http://www.xxxtoolba...006_regular.cabO16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} -
http://acceso.masmin.../aplicacion.cabO16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) -
http://dm.screensave.../sinstaller.cabO16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
http://www.netvenda....bc12/games5.cabO16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) -
http://advnt01.com/d...ionale_ver4.CABO16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) -
http://advnt03.com/d...onale_ver10.CABO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pdownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zon...ro.cab30149.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) -
http://messenger.zon...ot.cab30149.cabO16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) -
http://plugin.euro-i...ia.com/mpv0.cabO16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) -
http://eu.download.g...zylomloader.cabO16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} -
http://photos.yahoo....plorer1_9us.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
https://register3.va...OCX/FlashAX.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://antu.popcap.c...aploader_v6.cabO16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) -
http://www.btconnect...bcontrol013.cabO16 - DPF: {ED2E4BB5-60EA-4624-9DE2-998E441C699B} (OpenSiteInstall.opensite_install) -
http://www.zuvio.com...SiteInstall.CABO16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} -
http://66.117.37.13/dba1865.exeO16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} -
http://direct.data-line.us/gbn298.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{6BF87673-426E-420F-8C23-7424BFCA6C70}: NameServer = 194.72.9.44 194.74.65.86
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\fs3fs.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE