please look at my log

Logfile of HijackThis v1.97.7
Scan saved at 3:48:20 PM, on 6/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Pindlebot.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\CasinoOnline\CsRemnd.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\uptodate.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lavasoft\Ad-aware 6 pro\Ad-aware.exe
C:\Program Files\Lavasoft\Ad-aware 6 pro\Ad-watch.exe
C:\Documents and Settings\Michael\Desktop\Hijack This!\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bplfa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bplfa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bplfa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bplfa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bplfa.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bplfa.dll/sp.html (obfuscated)
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [Pindlebot] C:\WINDOWS\System32\Pindlebot.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6 pro\Ad-watch.exe
O4 - HKLM\..\Run: [Ad-aware] C:\Program Files\Lavasoft\Ad-aware 6 pro\Ad-aware.exe +c
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [xswzrdf] C:\WINDOWS\System32\xswzrdf.exe
O4 - HKLM\..\Run: [wcn] C:\WINDOWS\System32\wcn.exe
O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe "
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\system.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/patch/EARTPX.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38086.3233796296
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/patch/MaxisSimCity4PatcherX.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBB2DE32-61F1-4F7F-BEB8-A37F5BC24EE2} (MozillaPluginHostCtrl Class) - http://www.musicnotes.com/download/adaptor.cab
O16 - DPF: {E09F6B38-3A0D-11D3-B5E7-0008C7BF61F2} (DetectMN) - http://www.musicnotes.com/download/npmusicn.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

The real problem here is the "Search Assistant" thing, i have tried to get rid of it, bit it wont go away.
I have used AVG Pro, Spybot S&D, and Ad-Aware 6.0 Pro, and it is still here, i have also tried removeing it with hijack this, what is wrong with this thing, why wont it go away?
BTW, it hijacked my homepage, and i cant change back, please help me.

Thanks,
Jason

 

Remove these, with all browsers closed.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bplfa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bplfa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bplfa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\bplfa.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\bplfa.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\bplfa.dll/sp.html (obfuscated)
O4 - HKLM\..\Run: [Pindlebot] C:\WINDOWS\System32\Pindlebot.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [xswzrdf] C:\WINDOWS\System32\xswzrdf.exe
O4 - HKLM\..\Run: [wcn] C:\WINDOWS\System32\wcn.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\system.exe

Reboot.
Delete the folders C:\Program Files\Common files\updmgr and C:\WINDOWS\System32\P2P Networking.
Delete the files;
C:\WINDOWS\System32\bplfa.dll
C:\WINDOWS\System32\xswzrdf.exe
C:\WINDOWS\System32\wcn.exe
C:\WINDOWS\System32\system.exe
C:\WINDOWS\uptodate.exe
If you do not play Diablo II, then C:\WINDOWS\System32\Pindlebot.exe is a virus, delete it.

The HJT log does not show any restrictions on your Control Panel or Internet Options.

You should visit Housecall, the link is below.

 

I dont understand, if your going to post a log its nessesary to fallow it through to the end, otherwise your wasting our time and yours.

 

sorry, i deleted those files, and it seems that my browser is being hijacked by some file that isnt being detected by hijack this, for some reason the browser is stuck on this "my search" page and wont change, or even let me go, to anything (even this page). I finaly fixed my laptop, and am using that to post.

Sorry for the delay,
Jason

EDIT:
for Pindlebot.exe, how about Starcraft, since they both use battle.net, in case it is through that?

 

Post a new HJT log from the affected machine, and we can help you get it repaired.

 

But Jason - this time please stay with your thread until you get things fixed and then please let us know the outcome.

Most of us enjoy helping but do like to know how things worked out and here are some of the threads you started and then never closed the loop so folks could tell if the 'help' did in fact help you out. Note: no need to post to these but just be aware that you might wind up one day with no one willing to help unless you finish out threads you start.

http://www.windowsbbs.com/showthread.php?t=29820
http://www.windowsbbs.com/showthread.php?t=29911
http://www.windowsbbs.com/showthread.php?t=29878
http://www.windowsbbs.com/showthread.php?t=30007
http://www.windowsbbs.com/showthread.php?t=30005
http://www.windowsbbs.com/showthread.php?t=29968
http://www.windowsbbs.com/showthread.php?t=30197
http://www.windowsbbs.com/showthread.php?t=30647
http://www.windowsbbs.com/showthread.php?p=152094

 

If you did install Pindlebot.Exe, then you shouldn't need to worry about it. But it is a common name for a few viruses to use, just had to mention it.
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cassidy.b.html
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=14343
http://www.sophos.com/virusinfo/analyses/w32cassidya.html