look@my 'hijack this' log

Can anyone tell me whats stealing my home page and redirecting IE from this log? I've got XP home edition - no anti-virus or firewall. I keep deleting RO's for 'search-space.com' and 'webcoolsearch' but they keep coming back. I would be most grateful for any help! I just found CW shredder + I'm gonna give it a try but let me know if you see anything else funny.
-CA

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maddox.xmission.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Updates] C:\WINDOWS\system32\msupdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe
O4 - HKCU\..\Run: [QuickTime Task] c:\windows\qttasks.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37956.942662037
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

 

Hi Colonel,
I googled around and it seems your problem is this:

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

here's where I found the reference. They seem to think that CWShredder found here on MG will get rid of the beast.
Good Luck
Bill
PS: read all the way down the postings. Man that guy had multiples of this thing running.

 

Thanks for the advice, Bill. I ran CWShredder - it removed some things but

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

is still in my hijackthis log. My browser seems OK. Do you think I should just fix this item with hijackthis?

 

No probs Col. Yeah, you should go ahead and fix it with HiJackThis. beyond that I'm not qualified to advise you. I'm just a googler reporting what he found if there's anything else you need to do, I'm sure the real geeks will jump in and help ya.
Good luck and Cheers,
bill

 

Install a copy of StartPage Guard which is freeware available at: http://www.webattack.com/get/startpageguard.shtml

 

Thanks, guys. I'm begining to see how I can apply my 'get a bigger hammer' mentality to this problem in a less literal manner.

-CA

 

Hmmmmm, I don't think npqtplugin.dll is a problem at all. According to what I've found it's a browser plugin for QuickTime. If you fixed it with HJT, you may want to restore it from backup. See here:

http://www.qtcentral.de/quicktime/history/qt_plugin.html


Sounds like you had a problem with CoolWebSearch, which CW Shredder fixed, but this line in your HJT log:

O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe

would be a problem if it's still there after running CW Shredder. You might wanna check that.

 

Why?

This doesn't have to do with your problem Col. but I was wondering why you aren't running antivirus or a firewall. Along with AdAware & Spybot, they're the most important things to be running when you're internet connected. I don't understand cause they're both free programs, user friendly, available here at MG, & necessary for email protection (both sending and receiving), and all around pewter health.

Just curious was all. Hope you get your homepage problem straightened out.. Love that title by the way.

 

As to why I wasn't running AV or firewall I can only contribute it to a combination of procrastination and ignorance. Thanks to your virtual dope-slap, muskybob, I finally download Symantec ( which I've had for months but just never got around to it). Your advice was helpful as well, alanc and everything seems OK with my browser for now. Thanks again, all!