As it is now, I am having problems with internet explorer, particularly something keeps changing the default homepage, and imbedding links in webpages (ie: links that say "Lots of Shemale Galleries" etc). Needless to say this is quite an annoyance. Any help you can give with this is appreciated. Hijackthis log is below.
Logfile of HijackThis v1.99.1
Scan saved at 12:40:30 PM, on 04/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\HPZipm12.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\msxct.exe
C:\WINNT\system32\97d77fai.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Documents and Settings\michael bird.APCA\Desktop\HijackThis.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=543
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=543
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=543
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=543
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=543
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Parks Canada
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {2559D0B1-AF60-4BD5-965D-0E51383A6367} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {88274B18-D989-D57B-D81A-8E1D876219C2} - (no file)
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\pumba3.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\pumba3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DjMQ] C:\WINNT\vembcymc.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [hirytix] C:\WINNT\hirytix.exe
O4 - HKLM\..\Run: [¢‰¸ï0/4Ã}¥À<‡5_C:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\vembcymc.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [YCAIXAu] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [ozslkvqn] C:\WINNT\ozslkvqn.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [97d77fai] C:\WINNT\system32\97d77fai.exe
O4 - HKLM\..\Run: [RfuteAbS1] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [be6B] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [W40QZE] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [hGdwr4Dc] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [h$@ùõš/‚²95ßPÏvbþyC:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [u8e7JTcU] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [cCJPhe] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [BLMM9Y70] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [UMyl] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [tFDcG2a] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [E8WEIgCT] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [Wauoo] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [fN3c] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [pPFxsGi] C:\WINNT\fbghhyqp.exe
O4 - HKLM\..\Run: [S10vAe] C:\WINNT\fbghhyqp.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.sonnerie.net
O15 - Trusted Zone: *.winsearchassistant.com
O15 - Trusted Zone: *.winsearchupdate.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = apca.gc.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = apca.gc.ca
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = apca.gc.ca,pch.gc.ca
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = apca.gc.ca
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = apca.gc.ca,pch.gc.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = apca.gc.ca,pch.gc.ca
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - c:\winnt\system32\DWRCS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe