ok so this is what i got
Logfile of HijackThis v1.97.7
Scan saved at 10:14:41 PM, on 4/8/2004
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\HPConfig.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Hewlett-Packard\TopToolsWMI\WMIProviders\HPAlertWMI.exe
C:\Program Files\Hewlett-Packard\TopToolsWMI\WMIWDog.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\s3hotkey.exe
C:\WINNT\System32\S3trayhp.exe
C:\WINNT\System32\PRPCUI.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ONE-TO~1\CP32NBTN.EXE
C:\WINNT\ESSD.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINNT\System32\optmouse.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ONE-TO~1\CDRomMnt.EXE
C:\PROGRA~1\ONE-TO~1\KBOSDCtl.EXE
C:\WINNT\System32\IEDriver\IEDriver.exe
C:\PROGRA~1\ONE-TO~1\CP32NKCC.EXE
C:\PROGRA~1\NETRAT~1\Premeter\prmt.exe
C:\Program Files\Hewlett-Packard\TopToolsWMI\HPTrayIcon.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\Winnet.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\essspk.exe
C:\WINNT\System32\internat.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\comwiz.exe
C:\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\System32\sb.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://out.true-counter.com/a/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://out.true-counter.com/c/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://out.true-counter.com/a/?101 about:blank (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://out.true-counter.com/c/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.searchgateway.net/search/%s
R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
http://out.true-counter.com/b/?101 (obfuscated)
O1 - Hosts: 645238813 auto.search.msn.com
O1 - Hosts: 216.239.39.99
www.google.com
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\ADDRES~1\cnbabe.dll
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_22.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAYHP] S3trayhp.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP32NOT] C:\PROGRA~1\ONE-TO~1\CP32NBTN.EXE
O4 - HKLM\..\Run: [ESS Daemon] C:\WINNT\ESSD.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [OPTMOUSEMOUSE] C:\WINNT\System32\optmouse.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [IEDriver] C:\WINNT\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Premeter] C:\PROGRA~1\NETRAT~1\Premeter\prmt.exe
O4 - HKLM\..\Run: [Internat Conf] C:\WINNT\System32\bootconf.exe
O4 - HKLM\..\Run: [HP Tray Icon WMI] C:\Program Files\Hewlett-Packard\TopToolsWMI\HPTrayIcon.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\Winnet.exe
O4 - HKLM\..\Run: [Zenet] rundll32.exe C:\PROGRA~1\COMMON~2\Toolbar\CNBabe.dll,DllStartup
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\RunOnce: [test]
O4 - HKCU\..\RunOnce: [test]
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O9 - Extra button: MP3 (HKLM)
O9 - Extra 'Tools' menuitem: &WinMp3Locator (HKLM)
O9 - Extra button: Files (HKLM)
O9 - Extra 'Tools' menuitem: &FileLocator (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra 'Tools' menuitem: TurboDownload (HKLM)
O9 - Extra button: Real.com (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O10 - Hijacked Internet access by CommonName
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} (IEDial Class) -
http://usa-download.nocreditcard.com/download/Object/ieaccess2.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} -
http://akamai.downloadv3.com/binaries/IA/ia.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} -
http://www.toilet.com/free_mp3.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38078.4873032407
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8867B680-6283-49F6-91E2-0DCB6AA966B0}: NameServer = 212.39.98.162 212.39.98.161
O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp
O19 - User stylesheet: C:\WINNT\default.css (HKLM)