Here's the Hijack This Log
Logfile of HijackThis v1.99.1
Scan saved at 9:34:00 PM, on 7/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtra...=protect1&term=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wilkes.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchtra...=protect1&term=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscr] c:\WINDOWS\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINDOWS\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKLM\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=health headaches+migraines&chnl=1&t=r&pb=1180">health headaches+migraines</a></font></cen] c:\WINDOWS\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=health headaches+migraines&chnl=1&t=r&pb=1180">health headaches+migraines</a></font></center>
O4 - HKLM\..\Run: [<title>beneditutti.com</title><meta name="keywords" content="beneditutti.com"><meta name="description" content="Search the web at beneditutti.com"><meta name="robots" content="INDEX, FOLLOW"><meta name="revisit-after" content="10"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859] c:\WINDOWS\System32\<title>beneditutti.com</title><meta name="keywords" content="beneditutti.com"><meta name="description" content="Search the web at beneditutti.com"><meta name="robots" content="INDEX, FOLLOW"><meta name="revisit-after" content="10"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O4 - HKLM\..\Run: [<a href="http://landing.domai...lter=off">Click here to go to beneditutti.com<] c:\WINDOWS\System32\<a href="http://landing.domai...lter=off">Click here to go to beneditutti.com</a>.
O4 - HKLM\..\Run: [<h] c:\WINDOWS\System32\<head>
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [</h] c:\WINDOWS\System32\</html>
O4 - HKLM\..\Run: [<frame src="http://landing.domai...&adultfilter=o] c:\WINDOWS\System32\<frame src="http://landing.domai...ultfilter=off">
O4 - HKLM\..\Run: [</frame] c:\WINDOWS\System32\</frameset>
O4 - HKLM\..\Run: [<nofra] c:\WINDOWS\System32\<noframes>
O4 - HKLM\..\Run: [<body bgcolor="#ffffff" text="#0000] c:\WINDOWS\System32\<body bgcolor="#ffffff" text="#000000">
O4 - HKLM\..\Run: [</b] c:\WINDOWS\System32\</body>
O4 - HKLM\..\Run: [</nofra] c:\WINDOWS\System32\</noframes>
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\\BASEMENT\EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P37 "\\BASEMENT\EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [<frame src="http://apps5.oingo.c...=beneditutti.c] c:\WINDOWS\System32\<frame src="http://apps5.oingo.c...neditutti.com">
O4 - HKLM\..\Run: [<a href="http://apps5.oingo.c...utti.com">Click here to go to beneditutti.com<] c:\WINDOWS\System32\<a href="http://apps5.oingo.c...utti.com">Click here to go to beneditutti.com</a>.
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4600 Series on BASEMENT] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P43 "Auto EPSON Stylus CX4600 Series on BASEMENT" /O27 "\\BASEMENT\basement printer" /M "Stylus CX4600"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscr] c:\WINDOWS\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font>] c:\WINDOWS\System32\ <center><font face='Verdana, Arial, Helvetica, sans-serif' size='2'><br><B>Search of the Day</B></font><br>
O4 - HKCU\..\Run: [ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=health headaches+migraines&chnl=1&t=r&pb=1180">health headaches+migraines</a></font></cen] c:\WINDOWS\System32\ <font face='Verdana, Arial, Helvetica, sans-serif' size='2'><A href="direc.asp?keywords=health headaches+migraines&chnl=1&t=r&pb=1180">health headaches+migraines</a></font></center>
O4 - HKCU\..\Run: [<title>beneditutti.com</title><meta name="keywords" content="beneditutti.com"><meta name="description" content="Search the web at beneditutti.com"><meta name="robots" content="INDEX, FOLLOW"><meta name="revisit-after" content="10"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859] c:\WINDOWS\System32\<title>beneditutti.com</title><meta name="keywords" content="beneditutti.com"><meta name="description" content="Search the web at beneditutti.com"><meta name="robots" content="INDEX, FOLLOW"><meta name="revisit-after" content="10"><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O4 - HKCU\..\Run: [<a href="http://landing.domai...lter=off">Click here to go to beneditutti.com<] c:\WINDOWS\System32\<a href="http://landing.domai...lter=off">Click here to go to beneditutti.com</a>.
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [<h] c:\WINDOWS\System32\<head>
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [</h] c:\WINDOWS\System32\</html>
O4 - HKCU\..\Run: [<frame src="http://landing.domai...&adultfilter=o] c:\WINDOWS\System32\<frame src="http://landing.domai...ultfilter=off">
O4 - HKCU\..\Run: [</frame] c:\WINDOWS\System32\</frameset>
O4 - HKCU\..\Run: [<nofra] c:\WINDOWS\System32\<noframes>
O4 - HKCU\..\Run: [<body bgcolor="#ffffff" text="#0000] c:\WINDOWS\System32\<body bgcolor="#ffffff" text="#000000">
O4 - HKCU\..\Run: [</b] c:\WINDOWS\System32\</body>
O4 - HKCU\..\Run: [</nofra] c:\WINDOWS\System32\</noframes>
O4 - HKCU\..\Run: [<frame src="http://apps5.oingo.c...=beneditutti.c] c:\WINDOWS\System32\<frame src="http://apps5.oingo.c...neditutti.com">
O4 - HKCU\..\Run: [<a href="http://apps5.oingo.c...utti.com">Click here to go to beneditutti.com<] c:\WINDOWS\System32\<a href="http://apps5.oingo.c...utti.com">Click here to go to beneditutti.com</a>.
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v...odel/index.html
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weat...Transporter.cab?
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar....r2/winhot32.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {FDDCE9FE-1FC6-413C-80B1-37B101FDA1D4} (ShellInstaller Control) - http://download.budd...allerRaptor.cab
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe