Here is my hijack this log file -

Logfile of HijackThis v1.99.1
Scan saved at 7:13:56 AM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\essspk.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Bennett\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.boston.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program
Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} -
C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe -b
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe"
/pause
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program
Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program
Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch
Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program
Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program
Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program
Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program
Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} -
C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell -
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} -
C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options -
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection
Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object)
- http://www.imagestation.com/common/c...cab?v=1,0,0,38
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/is...52/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} -
C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program
Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program
Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program
Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
C:\Program Files\Viewpoint\Common\ViewpointService.exe



"Mike51" wrote:

> I'm presently using Firefox with no problems. What if i were to remove IE7
> and then try a re-install in a couple of days ?
>
> "PA Bear" wrote:
>
> > Unless the behavior's caused by restrictions put in place by some
> > security/anti-spyware application you have installed...
> >
> > Run a /thorough/ check for hijackware, including posting your hijackthis log
> > to an appropriate forum.
> >
> > Checking for/Help with Hijackware
> > http://aumha.org/a/parasite.htm
> > http://aumha.org/a/quickfix.htm
> > http://aumha.net/viewtopic.php?t=5878
> > http://wiki.castlecops.com/Malware_R...:_Introduction
> > http://mvps.org/winhelp2002/unwanted.htm
> > http://inetexplorer.mvps.org/data/prevention.htm
> > http://inetexplorer.mvps.org/tshoot.html
> > http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > http://defendingyourmachine2.blogspot.com/
> > http://www.elephantboycomputers.com/...moving_Malware
> >
> > When all else fails, HijackThis v1.99.1
> > (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
> > It will help you to both identify and remove any hijackware/spyware with
> > assistance from an expert. **Post your log to
> > http://forums.spybot.info/forumdisplay.php?f=22,
> > http://castlecops.com/forum67.html,
> > http://forums.subratam.org/index.php?showforum=7,
> > http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
> > analysis, not here.**
> >
> > If the procedures look too complex - and there is no shame in admitting this
> > isn't your cup of tea - take the machine to a local, reputable and
> > independent (i.e., not BigBoxStoreUSA) computer repair shop.
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-Windows (IE, OE, Security, Shell/User)
> > AumHa VSOP & Admin; DTS-L.org
> >
> >
> > Mike51 wrote:
> > > Thanks for trying Alan. I've done everything you've suggested including
> > > googling for more "fixes" but can't even locate "internet options" via
> > > start/control panel ?
> > >
> > > When searching from both HKEYs, I get as far as Microsoft (after
> > > policies),
> > > but no Internet Explorer...also searched for NoBrowserOptions,
> > > Restrictions
> > > to no avail.
> > >
> > > I'm hoping that if I keep searching (my OCD acting up!) I'll find a way to
> > > resolve this. Meanwhile, I'm using Firefox, but I'm not a fan...yet!
> > >
> > > "Alan Edwards" wrote:
> > >
> > >> Use Regedit.exe and search for NoBrowserOptions and remove it.
> > >> It is most likely to be here (but not necessarily)
> > >> HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet
> > >> Explorer\Restrictions
> > >> If you are unfamiliar with Regedit, then ensure you know how to
> > >> restore your Registry in case of error and it is a good idea to export
> > >> any key before deleting.
> > >>
> > >> Check the startup (Start-Run-MSCONFIG-Startup tab) for any unknown
> > >> items if it is reset on reboot.
> > >>
> > >> If you use SpyBot's Immunize feature, then you can unlock in Tools-IE
> > >> Tweaks-"Lock IE Control Panel"
> > >>
> > >> Mike51 wrote:
> > >>> I'm on my son's laptop now, but on my desktop I wasn't able to type in
> > >>> forms or email but I COULD type in URL field. I thought it might be a
> > >>> setting in Internet Options, but when I tried to view, I get message,
> > >>> "This operation has been cancelled due to restrictions in effect on this
> > >>> computer. Contact system administrator.
> > >>>
> > >>> This is a home PC running XP Home and I.E. 7.0
> > >>>
> > >>> I've never had this happen and I would appreciate any help in resolving
> > >>> this ASAP....thank you in advance.
> >
> >