Hi xman,
Yes, your log show that a few things need to be repaired. To begin with, you have the parasitic toolbar, SubSearch (SbSearch). To remove this and other malware, could you download Spybot Search and Destroy:
http://security.kolla.de/index.php?lang=en&page=download
Before using the program, click "Online" and install all updates.
Now, close all web browser windows and disconnect from the Internet.
Then run Spybot (click "Check for Problems").
When the results appear, tick everything highlighted in red.
DELETE all entries in red using Spybot.
After this, REBOOT your PC.
Spybot may appear to 'hang' at certain points. Please allow it several minutes to continue the scan, as it may be carrying out some extensive file checking at these points.
Sometimes, Spybot will show a dialogue box, asking that you run the utility again - after rebooting your PC. If you see this box, click "Yes". Then, after running Spybot a second time, reboot your PC again and check once more to ensure that there are no red items remaining.
CAUTION: Don't use the 'Immunize' feature until you're more familiar with Spybot S&D.
Note for all users: Spybot installation and basic setup tutorial available here (if required):
http://tomcoyote.org/SPYBOT/
Note for advanced users: Spybot advanced user information available here:
http://tomcoyote.org/~mosaic1/spybot/
Once you've finished with Spybot, reboot your PC. Then, close your Internet connection and browser. Run HijackThis again. Check each of the items listed below and get HT to 'Fix checked'.
(Note that some of these items may already have been repaired and removed from the list by Spybot.)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.dothesearch.com/user/sidetemp.htm
O2 - BHO: (no name) - {1D870C86-AA3C-4451-81E4-71D480A1A652} - C:\WINDOWS\System32\SbSrch_V22.dll
O2 - BHO: (no name) - {31995C64-CB4D-483E-82C2-CCFFE2F66CAB} - (no file)
O4 - HKCU\..\Run: [SysReg] C:\WINDOWS\System32\SysReg
O10 - Broken Internet access because of LSP provider 'csloa.dll' missing [This one indicates that you've had New.Net or Webhancer in the past.]
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camserv.base.1plus1.net/AxisCamControl.ocx
Remove AOL from your Trusted Zone in Internet Explorer.
O15 - Trusted Zone: http://free.aol.com
Now, reboot your PC again.
Next, go to C:\WINDOWS\system32 and look for the file, SbSrch_V22.dll. Delete this DLL, in Safe Mode (Safe Boot) if necessary.
Check your C:\WINDOWS\System32 folder again, to ensure that the file, SysReg.exe has not re-installed itself. If you find it, delete it again - in Safe Mode.
(I see that SysReg.exe autoruns from the registry. If it keeps re-installing itself, we'll probably need to delete the registry entries. But we'll check out a new log first.)
Now, reboot your PC once more. Run HijackThis again and post a new HijackThis log AND StartupList log to the forum. If anything still needs to be fixed, someone here will let you know.
BTW, I note that you are using the Google Toolbar, so I haven't included this in the items to be repaired or removed. (If necessary, this can always be done at a later stage.) Google is an excellent search engine, but you may want to have a look at this article indicating some security/privacy concerns with their Toolbar:
http://www.pcmag.com/article2/0,4149,904096,00.asp
Regards, Gordon
<P ID="edit"><FONT class="small"><EM>Edited by Gordon7000 on 05/25/03 02:40.</EM></FONT></P><P ID="edit"><FONT class="small">Edited by Gordon7000 on 05/25/03 02:45.</FONT></P>