Hijacked IE Homepage!

Hi imampt
Firstly the version of HJT your using is really outdated.
Go Here and download the latest version,
After you have downloaded it remove the older version,
Next
Go Here and get the latest Windows updates, This is very important to do this, You will be reinfected the minute we get you cleaned up,

Next go Here and follow the steps for cleaning, using Ad-aware,Spybot,CWS,bitdefender and TrendMicro.
After you have done the above post back a fresh log please.

Also it seems you disabled quite a bit from your start ups, If you could enable them would be helpful in seeing if anything else is hidding on your system

Still stumped...
Hey Don,

Thanx for the help! I followed the instructions and unfortunately the homepage is still hijacked. I downloaded the newer versions of the spyware programs and no dice...
If you can suggest how to add the start-ups back and get rid of the hijackers, so I can access my internet in peace! Thanx Don

Logfile of HijackThis v1.98.2
Scan saved at 3:59:34 PM, on 8/21/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=8&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=8&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O5 "LPT1:" /M "Stylus C82"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\breg.exe"
O4 - HKLM\..\Run: [BTV] C:\Program Files\BTV\btv.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Corel Network monitor worker - {63F6E45E-43A3-4ABD-8E6E-C51C3A2391E2} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {63F6E45E-43A3-4ABD-8E6E-C51C3A2391E2} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=8&q=
O13 - WWW Prefix: http://www.heretofind.com/show.php?id=8&q=
O13 - Home Prefix: http://www.heretofind.com/show.php?id=8&q=
O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=8&q=
O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=8&q=
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093010441404
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B86499D5-17E1-4E5A-B4FA-08109AE680E3}: NameServer = 205.188.146.146

Hello again imampt . Grab a cup of coffee and lets work through this and see if we can get it,
I need you to get your Windows patches in order
Go Here get the service pack for XP and IE6, It is very important you do this, This hackers expose the holes in windows systems and you end up with the mess you have now,
Next
If you don't already make sure you have Ad-aware and it is updated
You can get it Here

Next
Please restart HJT put a check next to the following, close all open windows and click fix.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=8&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=8&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html#
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\breg.exe"
O4 - HKLM\..\Run: [BTV] C:\Program Files\BTV\btv.exe
O9 - Extra button: Corel Network monitor worker - {63F6E45E-43A3-4ABD-8E6E-C51C3A2391E2} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {63F6E45E-43A3-4ABD-8E6E-C51C3A2391E2} - (no file)
O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=8&q=
O13 - WWW Prefix: http://www.heretofind.com/show.php?id=8&q=
O13 - Home Prefix: http://www.heretofind.com/show.php?id=8&q=
O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=8&q=
O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=8&q=


Next
Go to RegEdit, click on Start, Run, type in RegEdit into the box, Click OK,
As you search for the entries below, Double check them to be sure your removing the correct ones, After found right click and delete
Using RegEdit, carefully remove the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{869EE607-5376-486d-8DAC-EDC8E239AD5F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9DBB80E2-B681-4765-8A5F-AD3994C9B4F3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{869EE607-5376-486d-8DAC-EDC8E239AD5F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9DBB80E2-B681-4765-8A5F-AD3994C9B4F3}
HKEY_CURRENT_USER\Software\Classes\CLSID\{9DBB80E2-B681-4765-8A5F-AD3994C9B4F3}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{869EE607-5376-486d-8DAC-EDC8E239AD5F}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{9DBB80E2-B681-4765-8A5F-AD3994C9B4F3}


Reboot to safe mode ( by tapping the F8 key on start up ) make sure you can Hidden Files/Folders search for and delete the following in BOLD
c:\windows\start.chm
c:\windows\system32\c_10230.dll
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\Java\breg.exe
C:\Program Files\BTV\btv.exe

Restart your computer,
Using the Internet Properties dialog box, delete your cookies and empty your Temporary Internet Files (check off "Delete all offline content"). Reset the home page to your desired home page.

Next Scan With Ad-aware
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

check: "Unload recognized processes during scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"

- Check option "Activate In-Depth Scan"

- Press "Select drives\folders to scan"

- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives...

It will find a number of "bad" files and registry keys.

Right-click in that pane and choose "select all"

Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK."
Reboot your computer,

Restart HJT, Scan, Save log and post back a fresh HJT log please