Read the announcements before posting
me also has this same problem my hijackthis log is,
Logfile of HijackThis v1.98.2
Scan saved at 4:18:22 PM, on 9/7/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINNT\system32\javatg32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
D:\Program Files\HHVcdV5Sys\VC5SecS.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\Explorer.EXE
D:\WINNT\System32\inetsrv\inetinfo.exe
D:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
D:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
D:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
D:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
D:\Program Files\HHVcdV5Sys\VC5Play.exe
D:\WINNT\System32\golum\services.exe
D:\WINNT\system32\sysxi.exe
D:\WINNT\System32\mdhcp.exe
D:\Documents and Settings\Administrator\Application Data\urmo.exe
D:\WINNT\System32\deoxu.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Administrator\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about
:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINNT\system32\bbuaf.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINNT\system32\bbuaf.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINNT\system32\bbuaf.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINNT\system32\bbuaf.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINNT\system32\bbuaf.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about
:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINNT\system32\bbuaf.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINNT\system32\bbuaf.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.yahoo.com/search?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about
:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about
:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about
:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 64.94.95.13:3128
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {54C8EE42-94C7-194E-B7E8-D4CDF6735081} - D:\WINNT\atllm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "D:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "D:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [VC5Player] D:\Program Files\HHVcdV5Sys\VC5Play.exe
O4 - HKLM\..\Run: [winupd] D:\WINNT\System32\winupd.exe
O4 - HKLM\..\Run: [Golum] D:\WINNT\System32\golum\services.exe
O4 - HKLM\..\Run: [sysxi.exe] D:\WINNT\system32\sysxi.exe
O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [SpywareGuard] D:\WINNT\system32\deinst_qfe001.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [mdhcp] D:\WINNT\System32\mdhcp.exe
O4 - HKCU\..\Run: [Tpic] D:\Documents and Settings\Administrator\Application Data\urmo.exe
O4 - HKCU\..\Run: [Nimjvdvi] D:\WINNT\System32\deoxu.exe
O4 - HKCU\..\RunOnce: [DeleteSlotchBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "D:\Program Files\ISTBar\Istbar.dll"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmguild.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.slotch.com
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 -
http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
http://www.kumudam.com/tdserver.cab
O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) -
http://www.thepaymentcentre.com/build/vxiewer.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) -
http://akamai.downloadv3.com/binarie...TH_1022_EN.cab
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) -
http://www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!
http://69.31.79.102/coop.chm::/wintbl32.exe
O16 - DPF: {121AC498-3F3A-4C39-9BEA-CFC4EA809FDF} (XlocatorInstall.Install) -
http://www.xlocator.com/download/xlocatorlight.CAB
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!
http://66.230.167.218/search/files.chm::/file.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_fi...a29296baabe1d6
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} -
http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} -
http://akamai.downloadv3.com/binarie...rvice_5_EN.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) -
http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -
http://www.whenusearch.com/WUInstWCDT.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -
http://xbscc1.mtree.com/mt/dialers/fc/UniDist.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.com/download.comp...io5_3_16_0.cab
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) -
http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{71BC63E7-0C3D-4509-8D11-455851AE8874}: NameServer = 202.9.145.6,202.144.10.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{71BC63E7-0C3D-4509-8D11-455851AE8874}: NameServer = 202.9.145.6,202.144.10.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{71BC63E7-0C3D-4509-8D11-455851AE8874}: NameServer = 202.9.145.6,202.144.10.50
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - D:\WINNT\msopt.dll (file missing)
