hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 7:17:45 PM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\sfita.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\MLNORT~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchforit.com/searchbar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/login?.src=www&.done=http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50212
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50212
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\system32\replaceSearch.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar3.dll
O2 - BHO: Cas - {B5F3970B-745E-46AC-B890-E08F69777D80} - C:\WINDOWS\system32\ca2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar3.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\system32\sfi2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\pxckdla.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\Update\WToolsA.exe update
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\system32\ezStub.exe
O4 - Startup: AdDestroyer.lnk = ?
O4 - Startup: Virtual Bouncer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .NPSSView: c:\program files\netscape\netscape\plugins\NPssView.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/Ud3rT0n5.cab
O16 - DPF: {028518E1-9FA8-44FC-92D7-5C54244B5F36} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {75D2080B-4857-4B96-9B7D-732634FBD01F} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50212/QDow_AS2.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9E6C7461-FE4A-41A9-9D35-7468796CF9E7} (AVXControl Class) - http://threatlevel.pcsecurityshield.com/control/avxnew.dll
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {AA218328-0EA8-4D70-8972-E987A9190FF4} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {AAF15A90-F3EC-4FEE-9A00-F65B25B83D05} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cths.fcps.edu
O17 - HKLM\Software\..\Telephony: DomainName = cths.fcps.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AE8C093-7710-4766-8E65-84810CB6E164}: NameServer = 151.188.1.150,151.188.5.116
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cths.fcps.edu
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Fix-It Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

help/

A great site to analyze the logs is here: http://hijackthis.de

I've done this for you and ehre are the 'nasty' results.

C:\PROGRA~1\Toolbar\PIB.exe Check with an antivirus scanner Nasty
Nasty running process. (PIB.exe)
PIB Toolbar Spyware
Visitor's assessment: 1 (Definitively malware) This is a nasty process! You should fix it and try to delete it manually!
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe Check with an antivirus scanner Nasty
Nasty running process. (WToolsA.exe)

Currently there is no visitor's assessment! This is a nasty process! You should fix it and try to delete it manually!
Probably safe.! According to our database this process runs normally in c:\programme\gemeinsame dateien\wintools\! Check if you know this process and arrange a viruscheck where required.
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe Check with an antivirus scanner Nasty
Nasty running process. (WSup.exe)

Currently there is no visitor's assessment! This is a nasty process! You should fix it and try to delete it manually!
Probably safe.! According to our database this process runs normally in c:\programme\gemeinsame dateien\wintools\! Check if you know this process and arrange a viruscheck where required.
C:\PROGRA~1\Toolbar\TBPS.exe Check with an antivirus scanner Nasty
Nasty running process. (TBPS.exe)
WebSearch toolbar, HuntBar parasite variant
Currently there is no visitor's assessment! This is a nasty process! You should fix it and try to delete it manually!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50212 Nasty
Nasty This entry should be fixed by HijackThis!
Currently there is no visitor's assessment! This entry should be fixed by HijackThis!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50212 Nasty
Nasty This entry should be fixed by HijackThis!
Currently there is no visitor's assessment! This entry should be fixed by HijackThis!

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll Nasty
Nasty Should be fixed if you do not know the application or if no application is mentioned.
Currently there is no visitor's assessment! This entry should be fixed.
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL Nasty
Nasty Entries found in this registry zone are potentially nasty. This application ([00000EF1-0786-4633-87C6-1AA7A44296DA] - Result: 00000EF1-0786-4633-87C6-1AA7A44296DA) has been checked. Hit rate: 99 %
Currently there is no visitor's assessment! Must be fixed!

O2 - BHO: Replace Search Ctl - {832BEBED-C3DA-4534-A2C2-B2FFF220C820} - C:\WINDOWS\system32\replaceSearch.dll Nasty
Nasty Entries found in this registry zone are potentially nasty. This application ([832BEBED-C3DA-4534-A2C2-B2FFF220C820] - Result: 832BEBED-C3DA-4534-A2C2-B2FFF220C820) has been checked. Hit rate: 99 %
Currently there is no visitor's assessment! Must be fixed!
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll Nasty
Nasty Entries found in this registry zone are potentially nasty. This application ([87766247-311C-43B4-8499-3D5FEC94A183] - Result: 87766247-311C-43B4-8499-3D5FEC94A183) has been checked. Hit rate: 99 %
Currently there is no visitor's assessment! Must be fixed!
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll Nasty
Nasty Entries found in this registry zone are potentially nasty. This application ([8952A998-1E7E-4716-B23D-3DBE03910972] - Result: 8952A998-1E7E-4716-B23D-3DBE03910972) has been checked. Hit rate: 99 %
Currently there is no visitor's assessment! Must be fixed!

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll Nasty
Nasty Entries found in this registry zone are potentially nasty. This application ([339BB23F-A864-48C0-A59F-29EA915965EC] - Result: 339BB23F-A864-48C0-A59F-29EA915965EC) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
Currently there is no visitor's assessment! Must be fixed!
O3 - Toolbar: searchforit - {C109664B-CEB1-420b-B353-D55A561536DD} - C:\WINDOWS\system32\sfi2.dll Nasty
Nasty Entries found in this registry zone are potentially nasty. This application ([C109664B-CEB1-420b-B353-D55A561536DD] - Result: C109664B-CEB1-420b-B353-D55A561536DD) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
Currently there is no visitor's assessment! Must be fixed!

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe" Nasty
Nasty TrojanDownloader.Win32. Agent.y
Hit rate: 99 % (result)
Currently there is no visitor's assessment! Must be fixed!

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe Nasty
Nasty WebSearch toolbar, HuntBar parasite variant
Hit rate: 99 % (result)
Visitor's assessment: 1 (Definitively malware) Must be fixed!
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\Update\WToolsA.exe update Nasty
Nasty WinTools adware
Hit rate: 99 % (result)
Currently there is no visitor's assessment! Must be fixed!

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.ne...ab/Ud3rT0n5.cab Nasty
Nasty This entry is possibly nasty.
Currently there is no visitor's assessment! Should be fixed.
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe Nasty
Nasty This entry is possibly nasty.
Currently there is no visitor's assessment! Should be fixed.
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx Nasty
Nasty This entry is possibly nasty.
Currently there is no visitor's assessment! Should be fixed.

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab Nasty
Nasty This entry is possibly nasty.
Visitor's assessment: 5 (Very safe) Should be fixed.
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50212/QDow_AS2.cab Nasty
Nasty This entry is possibly nasty.
Currently there is no visitor's assessment! Should be fixed.