This computer has been running slow. Also, IE will close itself after a few minutes of being open. Theres a ton of processes running and i dont know which ones to delete.

Logfile of HijackThis v1.99.1
Scan saved at 8:38:48 PM, on 10/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\security\Database\vssbas.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\jtjgbt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\addins\catabr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\inf\faxbin.exe
C:\Documents and Settings\Mary Vanderpool\Local Settings\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O1 - Hosts: 127.0.0.67 search.active-max.com
O1 - Hosts: 127.0.0.98 allaboutsearching.com
O1 - Hosts: 127.0.0.24 www.allaboutsearching.com
O1 - Hosts: 127.0.0.7 amazingautossearch.com
O1 - Hosts: 127.0.0.20 www.amazingautossearch.com
O1 - Hosts: 127.0.0.34 www.contexualsearch.com
O1 - Hosts: 127.0.0.43 www.crap2.com
O1 - Hosts: 127.0.0.0 www.dialup2.com
O1 - Hosts: 127.0.0.22 ecpm.com
O1 - Hosts: 127.0.0.241 find-quick.com
O1 - Hosts: 127.0.0.79 lop.com
O1 - Hosts: 127.0.0.2 ayb.lop.com
O1 - Hosts: 127.0.0.82 img.lop.com
O1 - Hosts: 127.0.0.94 srch.lop.com
O1 - Hosts: 127.0.0.3 www1.lop.com
O1 - Hosts: 127.0.0.33 www.lop.com
O1 - Hosts: 127.0.0.80 maxexp.com
O1 - Hosts: 127.0.0.221 www.mp3search.com
O1 - Hosts: 127.0.0.250 netsearchsoft.com
O1 - Hosts: 127.0.0.219 www.omegasearch.com
O1 - Hosts: 127.0.0.227 prosearching.com
O1 - Hosts: 127.0.0.217 www.rub.to
O1 - Hosts: 127.0.0.95 sbvr.com
O1 - Hosts: 127.0.0.67 www.sbvr.com
O1 - Hosts: 127.0.0.223 searchexe.com
O1 - Hosts: 127.0.0.213 www.searchexe.com
O1 - Hosts: 127.0.0.205 www.searchweb2.com
O1 - Hosts: 127.0.0.91 www.spawnet.com
O1 - Hosts: 127.0.0.46 tdmy.com
O1 - Hosts: 127.0.0.72 tefs.com
O1 - Hosts: 127.0.0.54 tfil.com
O1 - Hosts: 127.0.0.74 www.tfil.com
O1 - Hosts: 127.0.0.76 tdko.com
O1 - Hosts: 127.0.0.212 wrn.net
O1 - Hosts: 127.0.0.79 www.wrn.net
O1 - Hosts: 127.0.0.220 www.mp3search.com
O1 - Hosts: 127.0.0.9 best.omega-search.com
O1 - Hosts: 127.0.0.217 www.omega-search.com
O1 - Hosts: 127.0.0.44 trinityacquisitions.com
O1 - Hosts: 127.0.0.247 www.wethere.com
O1 - Hosts: 127.0.0.61 asearchforyou.org
O1 - Hosts: 127.0.0.63 www.asearchforyou.org
O1 - Hosts: 127.0.0.224 www.errorfreesearch.com
O1 - Hosts: 127.0.0.43 isearchhere.com
O1 - Hosts: 127.0.0.240 www.isearchhere.com
O1 - Hosts: 127.0.0.25 iwantosearch.com
O1 - Hosts: 127.0.0.54 searchhotsex.com
O1 - Hosts: 127.0.0.229 www.searchhotsex.com
O1 - Hosts: 127.0.0.70 mastersearcher.com
O1 - Hosts: 127.0.0.247 www.mastersearcher.com
O1 - Hosts: 127.0.0.215 www.look-today.com
O1 - Hosts: 127.0.0.220 www.aavc.com
O1 - Hosts: 127.0.0.220 www.acjp.com
O1 - Hosts: 127.0.0.98 ecmh.com
O1 - Hosts: 127.0.0.40 www.wabu.com
O1 - Hosts: 127.0.0.44 wabq.com
O1 - Hosts: 127.0.0.27 www.maximumexperience.com
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\Lycos\IEagent\CSIE.DLL (file missing)
O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: Sidesearch BHO - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll (file missing)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CATLEvents Object - {2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\bvten.dat
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cfmniw.dat
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cfmniw.dat
O2 - BHO: CATLEvents Object - {73529697-D46A-4F7D-8A93-01378FCAEDA4} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\3pmipat.dat
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cfmniw.dat
O2 - BHO: CATLEvents Object - {98BC949B-3D81-4750-836F-4BC57BD032EE} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\nursii.dat
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\sabssv.dat
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CATLEvents Object - {D487068E-9B04-4FE5-8A83-08344F800BF5} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cvsmcod.dat
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cfmniw.dat
O2 - BHO: CATLEvents Object - {FF4D5071-EE0E-4DCA-BC1C-D776B0F2276E} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\tenteni.dat
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ClrSchLoader] C:\PROGRA~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [ISKMGMTD] C:\WINDOWS\System32\ISKMGMTD.exe
O4 - HKLM\..\Run: [filpwewjaikg] C:\WINDOWS\System32\jtjgbt.exe
O4 - HKLM\..\Run: [*winmfc] C:\WINDOWS\Cursors\winmfc.exe
O4 - HKLM\..\Run: [cmdas] C:\WINDOWS\cmdas.exe
O4 - HKLM\..\Run: [*cmdas] C:\WINDOWS\cmdas.exe
O4 - HKLM\..\Run: [*msvcsvr] C:\WINDOWS\msvcsvr.exe
O4 - HKLM\..\Run: [*eulaftp] C:\WINDOWS\msagent\CHARS\eulaftp.exe
O4 - HKLM\..\Run: [cfax] C:\WINDOWS\system32\DRIVERS\DISDN\cfax.exe
O4 - HKLM\..\Run: [*srv] C:\WINDOWS\system32\DLLCACHE\srv.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [*comsvc] C:\WINDOWS\addins\comsvc.exe
O4 - HKLM\..\Run: [*comwms] C:\WINDOWS\inf\comwms.exe
O4 - HKLM\..\RunOnce: [*vssbas] C:\WINDOWS\security\Database\vssbas.exe rerun
O4 - HKLM\..\RunOnce: [_UnwiseF1] cmd.exe /c del C:\WINDOWS\System32\calsdr.dll
O4 - HKLM\..\RunOnce: [_UnwiseF1_] cmd.exe /c del C:\WINDOWS\System32\im64.dll
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\RunOnce: [*WinLogon] C:\WINDOWS\inf\faxbin.exe ren my_time:1129775253
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: ChatSpace Java Client 2.1.0.114 - http://www.uclatftwebboard.com:8563/Java/cs4ms0114.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O20 - Winlogon Notify: vssbas - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\sabssv.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpdj5100 - HP - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\hpdj5100.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Sorry about the long delay. We're working on beefing up our SWAT TEAM staff. Do you still need help with this issue?

If so, make sure you read the instructions here (http://www.short-media.com/forum/showthread.php?t=14915), and post an updated HJT log, and someone will take care of you very soon.

Thanks for your patience!

:)

Sorry about the long delay. We're working on beefing up our SWAT TEAM staff. Do you still need help with this issue?

If so, make sure you read the instructions here (http://www.short-media.com/forum/showthread.php?t=14915), and post an updated HJT log, and someone will take care of you very soon.

Thanks for your patience!

:)


No problem, I do still need help though. The log is the same:

Logfile of HijackThis v1.99.1
Scan saved at 8:38:48 PM, on 10/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\security\Database\vssbas.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\jtjgbt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\addins\catabr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\inf\faxbin.exe
C:\Documents and Settings\Mary Vanderpool\Local Settings\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O1 - Hosts: 127.0.0.67 search.active-max.com
O1 - Hosts: 127.0.0.98 allaboutsearching.com
O1 - Hosts: 127.0.0.24 www.allaboutsearching.com
O1 - Hosts: 127.0.0.7 amazingautossearch.com
O1 - Hosts: 127.0.0.20 www.amazingautossearch.com
O1 - Hosts: 127.0.0.34 www.contexualsearch.com
O1 - Hosts: 127.0.0.43 www.crap2.com
O1 - Hosts: 127.0.0.0 www.dialup2.com
O1 - Hosts: 127.0.0.22 ecpm.com
O1 - Hosts: 127.0.0.241 find-quick.com
O1 - Hosts: 127.0.0.79 lop.com
O1 - Hosts: 127.0.0.2 ayb.lop.com
O1 - Hosts: 127.0.0.82 img.lop.com
O1 - Hosts: 127.0.0.94 srch.lop.com
O1 - Hosts: 127.0.0.3 www1.lop.com
O1 - Hosts: 127.0.0.33 www.lop.com
O1 - Hosts: 127.0.0.80 maxexp.com
O1 - Hosts: 127.0.0.221 www.mp3search.com
O1 - Hosts: 127.0.0.250 netsearchsoft.com
O1 - Hosts: 127.0.0.219 www.omegasearch.com
O1 - Hosts: 127.0.0.227 prosearching.com
O1 - Hosts: 127.0.0.217 www.rub.to
O1 - Hosts: 127.0.0.95 sbvr.com
O1 - Hosts: 127.0.0.67 www.sbvr.com
O1 - Hosts: 127.0.0.223 searchexe.com
O1 - Hosts: 127.0.0.213 www.searchexe.com
O1 - Hosts: 127.0.0.205 www.searchweb2.com
O1 - Hosts: 127.0.0.91 www.spawnet.com
O1 - Hosts: 127.0.0.46 tdmy.com
O1 - Hosts: 127.0.0.72 tefs.com
O1 - Hosts: 127.0.0.54 tfil.com
O1 - Hosts: 127.0.0.74 www.tfil.com
O1 - Hosts: 127.0.0.76 tdko.com
O1 - Hosts: 127.0.0.212 wrn.net
O1 - Hosts: 127.0.0.79 www.wrn.net
O1 - Hosts: 127.0.0.220 www.mp3search.com
O1 - Hosts: 127.0.0.9 best.omega-search.com
O1 - Hosts: 127.0.0.217 www.omega-search.com
O1 - Hosts: 127.0.0.44 trinityacquisitions.com
O1 - Hosts: 127.0.0.247 www.wethere.com
O1 - Hosts: 127.0.0.61 asearchforyou.org
O1 - Hosts: 127.0.0.63 www.asearchforyou.org
O1 - Hosts: 127.0.0.224 www.errorfreesearch.com
O1 - Hosts: 127.0.0.43 isearchhere.com
O1 - Hosts: 127.0.0.240 www.isearchhere.com
O1 - Hosts: 127.0.0.25 iwantosearch.com
O1 - Hosts: 127.0.0.54 searchhotsex.com
O1 - Hosts: 127.0.0.229 www.searchhotsex.com
O1 - Hosts: 127.0.0.70 mastersearcher.com
O1 - Hosts: 127.0.0.247 www.mastersearcher.com
O1 - Hosts: 127.0.0.215 www.look-today.com
O1 - Hosts: 127.0.0.220 www.aavc.com
O1 - Hosts: 127.0.0.220 www.acjp.com
O1 - Hosts: 127.0.0.98 ecmh.com
O1 - Hosts: 127.0.0.40 www.wabu.com
O1 - Hosts: 127.0.0.44 wabq.com
O1 - Hosts: 127.0.0.27 www.maximumexperience.com
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\Lycos\IEagent\CSIE.DLL (file missing)
O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: Sidesearch BHO - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll (file missing)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CATLEvents Object - {2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\bvten.dat
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cfmniw.dat
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cfmniw.dat
O2 - BHO: CATLEvents Object - {73529697-D46A-4F7D-8A93-01378FCAEDA4} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\3pmipat.dat
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cfmniw.dat
O2 - BHO: CATLEvents Object - {98BC949B-3D81-4750-836F-4BC57BD032EE} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\nursii.dat
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\sabssv.dat
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CATLEvents Object - {D487068E-9B04-4FE5-8A83-08344F800BF5} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cvsmcod.dat
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cfmniw.dat
O2 - BHO: CATLEvents Object - {FF4D5071-EE0E-4DCA-BC1C-D776B0F2276E} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\tenteni.dat
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ClrSchLoader] C:\PROGRA~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [ISKMGMTD] C:\WINDOWS\System32\ISKMGMTD.exe
O4 - HKLM\..\Run: [filpwewjaikg] C:\WINDOWS\System32\jtjgbt.exe
O4 - HKLM\..\Run: [*winmfc] C:\WINDOWS\Cursors\winmfc.exe
O4 - HKLM\..\Run: [cmdas] C:\WINDOWS\cmdas.exe
O4 - HKLM\..\Run: [*cmdas] C:\WINDOWS\cmdas.exe
O4 - HKLM\..\Run: [*msvcsvr] C:\WINDOWS\msvcsvr.exe
O4 - HKLM\..\Run: [*eulaftp] C:\WINDOWS\msagent\CHARS\eulaftp.exe
O4 - HKLM\..\Run: [cfax] C:\WINDOWS\system32\DRIVERS\DISDN\cfax.exe
O4 - HKLM\..\Run: [*srv] C:\WINDOWS\system32\DLLCACHE\srv.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e"
O4 - HKLM\..\Run: [*comsvc] C:\WINDOWS\addins\comsvc.exe
O4 - HKLM\..\Run: [*comwms] C:\WINDOWS\inf\comwms.exe
O4 - HKLM\..\RunOnce: [*vssbas] C:\WINDOWS\security\Database\vssbas.exe rerun
O4 - HKLM\..\RunOnce: [_UnwiseF1] cmd.exe /c del C:\WINDOWS\System32\calsdr.dll
O4 - HKLM\..\RunOnce: [_UnwiseF1_] cmd.exe /c del C:\WINDOWS\System32\im64.dll
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\RunOnce: [*WinLogon] C:\WINDOWS\inf\faxbin.exe ren my_time:1129775253
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsa vings_script0.htm
O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O16 - DPF: ChatSpace Java Client 2.1.0.114 - http://www.uclatftwebboard.com:8563/Java/cs4ms0114.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.co...t/c381/chat.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/gam...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/potc_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.co...v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/s...72/mcinsctl.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared...,15/mcgdmgr.cab
O20 - Winlogon Notify: vssbas - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\sabssv.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpdj5100 - HP - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\hpdj5100.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Okay, start by removing the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O1 - Hosts: 127.0.0.67 search.active-max.com
O1 - Hosts: 127.0.0.98 allaboutsearching.com
O1 - Hosts: 127.0.0.24 www.allaboutsearching.com
O1 - Hosts: 127.0.0.7 amazingautossearch.com
O1 - Hosts: 127.0.0.20 www.amazingautossearch.com
O1 - Hosts: 127.0.0.34 www.contexualsearch.com
O1 - Hosts: 127.0.0.43 www.crap2.com
O1 - Hosts: 127.0.0.0 www.dialup2.com
O1 - Hosts: 127.0.0.22 ecpm.com
O1 - Hosts: 127.0.0.241 find-quick.com
O1 - Hosts: 127.0.0.79 lop.com
O1 - Hosts: 127.0.0.2 ayb.lop.com
O1 - Hosts: 127.0.0.82 img.lop.com
O1 - Hosts: 127.0.0.94 srch.lop.com
O1 - Hosts: 127.0.0.3 www1.lop.com
O1 - Hosts: 127.0.0.33 www.lop.com
O1 - Hosts: 127.0.0.80 maxexp.com
O1 - Hosts: 127.0.0.221 www.mp3search.com
O1 - Hosts: 127.0.0.250 netsearchsoft.com
O1 - Hosts: 127.0.0.219 www.omegasearch.com
O1 - Hosts: 127.0.0.227 prosearching.com
O1 - Hosts: 127.0.0.217 www.rub.to
O1 - Hosts: 127.0.0.95 sbvr.com
O1 - Hosts: 127.0.0.67 www.sbvr.com
O1 - Hosts: 127.0.0.223 searchexe.com
O1 - Hosts: 127.0.0.213 www.searchexe.com
O1 - Hosts: 127.0.0.205 www.searchweb2.com
O1 - Hosts: 127.0.0.91 www.spawnet.com
O1 - Hosts: 127.0.0.46 tdmy.com
O1 - Hosts: 127.0.0.72 tefs.com
O1 - Hosts: 127.0.0.54 tfil.com
O1 - Hosts: 127.0.0.74 www.tfil.com
O1 - Hosts: 127.0.0.76 tdko.com
O1 - Hosts: 127.0.0.212 wrn.net
O1 - Hosts: 127.0.0.79 www.wrn.net
O1 - Hosts: 127.0.0.220 www.mp3search.com
O1 - Hosts: 127.0.0.9 best.omega-search.com
O1 - Hosts: 127.0.0.217 www.omega-search.com
O1 - Hosts: 127.0.0.44 trinityacquisitions.com
O1 - Hosts: 127.0.0.247 www.wethere.com
O1 - Hosts: 127.0.0.61 asearchforyou.org
O1 - Hosts: 127.0.0.63 www.asearchforyou.org
O1 - Hosts: 127.0.0.224 www.errorfreesearch.com
O1 - Hosts: 127.0.0.43 isearchhere.com
O1 - Hosts: 127.0.0.240 www.isearchhere.com
O1 - Hosts: 127.0.0.25 iwantosearch.com
O1 - Hosts: 127.0.0.54 searchhotsex.com
O1 - Hosts: 127.0.0.229 www.searchhotsex.com
O1 - Hosts: 127.0.0.70 mastersearcher.com
O1 - Hosts: 127.0.0.247 www.mastersearcher.com
O1 - Hosts: 127.0.0.215 www.look-today.com
O1 - Hosts: 127.0.0.220 www.aavc.com
O1 - Hosts: 127.0.0.220 www.acjp.com
O1 - Hosts: 127.0.0.98 ecmh.com
O1 - Hosts: 127.0.0.40 www.wabu.com
O1 - Hosts: 127.0.0.44 wabq.com
O1 - Hosts: 127.0.0.27 www.maximumexperience.com
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\Lycos\IEagent\CSIE.DLL (file missing)
O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: Sidesearch BHO - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll (file missing)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

O2 - BHO: CATLEvents Object - {2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\bvten.dat
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cfmniw.dat

O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cfmniw.dat
O2 - BHO: CATLEvents Object - {73529697-D46A-4F7D-8A93-01378FCAEDA4} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\3pmipat.dat
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cfmniw.dat
O2 - BHO: CATLEvents Object - {98BC949B-3D81-4750-836F-4BC57BD032EE} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\nursii.dat
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\sabssv.dat

O2 - BHO: CATLEvents Object - {D487068E-9B04-4FE5-8A83-08344F800BF5} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cvsmcod.dat
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\cfmniw.dat
O2 - BHO: CATLEvents Object - {FF4D5071-EE0E-4DCA-BC1C-D776B0F2276E} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\tenteni.dat

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [ClrSchLoader] C:\PROGRA~1\Lycos\IEagent\Loader.exe
O4 - HKLM\..\Run: C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [ISKMGMTD] C:\WINDOWS\System32\ISKMGMTD.exe
O4 - HKLM\..\Run: [filpwewjaikg] C:\WINDOWS\System32\jtjgbt.exe
O4 - HKLM\..\Run: [*winmfc] C:\WINDOWS\Cursors\winmfc.exe
O4 - HKLM\..\Run: [cmdas] C:\WINDOWS\cmdas.exe
O4 - HKLM\..\Run: [*cmdas] C:\WINDOWS\cmdas.exe
O4 - HKLM\..\Run: [*msvcsvr] C:\WINDOWS\msvcsvr.exe
O4 - HKLM\..\Run: [*eulaftp] C:\WINDOWS\msagent\CHARS\eulaftp.exe
O4 - HKLM\..\Run: [cfax] C:\WINDOWS\system32\DRIVERS\DISDN\cfax.exe
O4 - HKLM\..\Run: [*srv] C:\WINDOWS\system32\DLLCACHE\srv.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e"
O4 - HKLM\..\Run: [*comsvc] C:\WINDOWS\addins\comsvc.exe
O4 - HKLM\..\Run: [*comwms] C:\WINDOWS\inf\comwms.exe
O4 - HKLM\..\RunOnce: [*vssbas] C:\WINDOWS\security\Database\vssbas.exe rerun
O4 - HKLM\..\RunOnce: [_UnwiseF1] cmd.exe /c del C:\WINDOWS\System32\calsdr.dll
O4 - HKLM\..\RunOnce: [_UnwiseF1_] cmd.exe /c del C:\WINDOWS\System32\im64.dll

O4 - HKCU\..\RunOnce: [*WinLogon] C:\WINDOWS\inf\faxbin.exe ren my_time:1129775253

O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsa vings_script0.htm
O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll (file missing)

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)

O20 - Winlogon Notify: vssbas - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\sabssv.dat

Then, I want you to run the Ewido security suite:

download Ewido Security Suite (http://www.ewido.net/en/download/)
Install ewido security suite
When installing, under "Additional Options" uncheck..
[b]Install background guard
Install scan via context menu

Launch ewido, there should be an icon on your desktop, double-click it.
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display "Update successful")
Now, scan with it.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido Manual Updates (http://www.ewido.net/en/download/updates/)

After you do that, reboot and post a new log :)

I installed sp 2 after the last scan, i don't know if that would have any affect on the log, but heres the latest:

Logfile of HijackThis v1.99.1
Scan saved at 3:58:12 PM, on 10/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.exe
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\Temporary Directory 9 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
O1 - Hosts: 0.195 crap2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\golpxe.dat (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O16 - DPF: ChatSpace Java Client 2.1.0.114 - http://www.uclatftwebboard.com:8563/Java/cs4ms0114.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O20 - Winlogon Notify: explog - C:\DOCUME~1\MARYVA~1\LOCALS~1\Temp\golpxe.dat (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe