Thanks once again. I have done as you suggested, and have posted the fresh hijackthis log. As you will see...those pesky 02, 04 items keep coming back. I also submitted files to virustotal as requested. I keep getting "web crawler" and "way to find" pop ups, among other ones. It happens for a while, then stops and I can stay online and not get popups...wierd, huh? Anyway, here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 5:18:54 PM, on 4/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\hramebe.exe
C:\WINDOWS\system32\hribycb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.apple.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: SDWin32 Class - {28308351-8788-4C11-BE17-0D4E7A1977C9} - C:\WINDOWS\system32\sxful.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [guarnset] C:\WINDOWS\system32\guarnset.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: Helper - https://www.ubspwmobile.com/CWM/helper.cab
O16 - DPF: Java Mainframe Display (MFD) - https://www.wm-mobile.ubs.com/W2H/w2h/applet/wdmfd.cab
O16 - DPF: PCGMC Client - https://www.wm-mobile.ubs.com/PCGMC/PCGMCClient.CAB
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {10DB6D21-8915-11D2-8E3A-006008D1E01C} (Reuters Plus - Web 1.6.1.12) - https://www.ubspwmobile.com/md/jnavigator.cab
O16 - DPF: {138A4B11-6BBA-4EF3-B333-0515F67729DB} (Reuters PlusWeb Agent Java Classes - 1.6.0.33) - https://www.wm-mobile.ubs.com/md/pluswebagentjava.cab
O16 - DPF: {18D29F69-AD28-450E-8EC4-AD3F8632D4FE} (qqagent Class) - https://www.wm-mobile.ubs.com/md/pluswebagent.cab
O16 - DPF: {24F7A9CC-4EEB-49A7-8592-95E66A7C24A8} (Java ScrollingHeadlines Widget - 1.0.1.8) - https://www.wm-mobile.ubs.com/md/cla...ava/shdown.cab
O16 - DPF: {2FCFDAB1-F134-11D2-97C6-00104B659322} (Java Monitor - 1.0.3.11) - https://www.wm-mobile.ubs.com/md/cla...nclassdown.cab
O16 - DPF: {3005838E-2A00-11D2-B701-006008D1E01C} (webctl Class) - https://www.ubspwmobile.com/md/Navigator.cab
O16 - DPF: {3D5F4B42-A6AD-4F31-BC6B-C4BA6AAEF08B} (Reuters PlusWeb Excel Macro 1,5,0,9) - https://www.ubspwmobile.com/md/plugi...obil/excel.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093137400467
O16 - DPF: {766190C9-CF9B-11D5-92EA-00805FC7E991} (Java MarketAtGlance - 1.0.0.9) - https://www.wm-mobile.ubs.com/md/cla...yncompdown.cab
O16 - DPF: {77E94DB3-EF12-40BE-9AC5-96E2A140900E} (Java jExit - 1.0.0.4) - https://www.ubspwmobile.com/md/jexitdown.cab
O16 - DPF: {7B70A888-E8AC-4757-B454-766DA6B0B761} (Reuters PlusWeb Excel PreCheck 1,5,0,1) - https://www.ubspwmobile.com/md/plugi...l/precheck.cab
O16 - DPF: {89F7D494-DA30-4207-9318-49D6E60BD805} (Reuters Webchart Class) - https://www.wm-mobile.ubs.com/md/webchart.cab
O16 - DPF: {93972343-C012-11D4-A8E1-0060976A74AE} (Java Quote Widget - 1.1.6.11) - https://www.wm-mobile.ubs.com/md/cla...jquotedown.cab
O16 - DPF: {B5C6E4C0-F9DB-11D2-B126-00104B0EB7AE} (Java Dialogs - 1.6.1.6) - https://www.wm-mobile.ubs.com/md/cla...ialogsdown.cab
O16 - DPF: {C0966447-1276-46EF-A5BB-1D5BCB6E8935} (PWSweep Class) - https://www.ubspwmobile.com/CWM/pluswebsweeper.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D439B6E0-1838-11D2-A461-00A0C968EE5F} (Java QQagent - 1.0.6.05) - https://www.wm-mobile.ubs.com/md/cla...qagentdown.cab
O16 - DPF: {E041DA00-21AF-11D2-A465-00A0C968EE5F} (Java MLSOFT package) - https://www.ubspwmobile.com/md/class...mlsoftdown.cab
O16 - DPF: {F436C877-B085-4871-BADD-D23A6E630581} (Reuters PlusWeb Versions - 1,6,0,22) - https://www.wm-mobile.ubs.com/md/pluswebverdown.cab
O16 - DPF: {F822CC94-9D2F-4914-9CBB-8FBB9EDB1BF0} (PWAgent Class) - https://www.wm-mobile.ubs.com/md/pwagentclient.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O16 - DPF: {FF2B96CA-23B8-4B6F-8B90-873770F0D537} (PlusWebLocator Class) - https://www.ubspwmobile.com/md/plusweblocator.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: hdiceai - Unknown owner - C:\WINDOWS\system32\hdiceai.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe