I have picked up adsrve. Following is my hijack log. Thanks in advance for any help.
Leigh

Logfile of HijackThis v1.99.0
Scan saved at 4:42:03 PM, on 2/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
C:\WINDOWS\System32\CAPESNPN.exe
C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe
C:\Documents and Settings\Leigh Anne\Application Data\eetu.exe
C:\WINDOWS\System32\w?nlogon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\Dfmc1bU0.exe
C:\WINDOWS\System32\PikQWgDx.exe
C:\Documents and Settings\Leigh Anne\My Documents\Leigh Anne's stuff\Miscellaneous\hijackthis199.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.monosearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {023E95BE-0B55-228C-2682-2687EAF1E9CD} - C:\WINDOWS\System32\ywy.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3713A5BE-2666-17B8-0BB2-16AADAC1C4FD} - C:\WINDOWS\System32\ywy.dll
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
O4 - HKLM\..\Run: [GXCn6S9G] C:\documents and settings\leigh anne\local settings\temp\GXCn6S9G.exe
O4 - HKLM\..\Run: [WRWfEd] C:\windows\system32\WRWfEd.exe
O4 - HKLM\..\Run: [1b473b894a69] C:\WINDOWS\System32\CAPESNPN.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Cxe0o.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Leigh Anne\Application Data\eetu.exe
O4 - HKCU\..\Run: [Xpmuz] C:\WINDOWS\System32\w?nlogon.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\ezStub.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Defender Pro Firewall.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: VIN.net Clients - [url]http://app2.outtask.com/vinnet/clients/152.9/vin2-116.CAB[/url]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - [url]https://intranet.mscdirect.com/TN5250/matn5250.cab[/url]
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - [url]http://fdl.msn.com/zone/Z4/heartbeat.cab[/url]
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - [url]http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab[/url]
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - [url]http://www.dotphoto.com/XUpload.ocx[/url]
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Gear Security Service - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KAV Monitor Service - Kaspersky Labs. - C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Welcome to PCGuide!

Looking at your log, I'm certain you'll be glad you visited.

I'm not a resident HJT expert and so cannot not offer suggestions as to fixes. However, I see more than a dozen suspects in the log. Do not do anything until one of the experts responds.

One of them will be along soon to help and advise on how to prevent this in the future.

First things first:

Download Pepper Fix (http://www.subratam.org/?page=removal) and run it a couple of times.

Load HJT and fix the following:

Have HJT fix the following after closing ALL browser and program Windows Excpet HJT.
Place a check in the bopx next to the following and click on fix

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.monosearch.com/

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {023E95BE-0B55-228C-2682-2687EAF1E9CD} - C:\WINDOWS\System32\ywy.dll
O2 - BHO: (no name) - {3713A5BE-2666-17B8-0BB2-16AADAC1C4FD} - C:\WINDOWS\System32\ywy.dll

O4 - HKLM\..\Run: [GXCn6S9G] C:\documents and settings\leigh anne\local settings\temp\GXCn6S9G.exe
O4 - HKLM\..\Run: [WRWfEd] C:\windows\system32\WRWfEd.exe
O4 - HKLM\..\Run: [1b473b894a69] C:\WINDOWS\System32\CAPESNPN.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Cxe0o.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Leigh Anne\Application Data\eetu.exe
O4 - HKCU\..\Run: [Xpmuz] C:\WINDOWS\System32\w?nlogon.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\ezStub.exe

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)

Re-boot and delete the following files:
C:\WINDOWS\System32\maxspeed.exe
C:\ezStub.exe
C:\WINDOWS\System32\w?nlogon.exe
C:\Documents and Settings\Leigh Anne\Application Data\eetu.exe
C:\WINDOWS\System32\ywy.dll
C:\documents and settings\leigh anne\local settings\temp\GXCn6S9G.exe
C:\windows\system32\WRWfEd.exe
C:\WINDOWS\System32\CAPESNPN.exe
C:\WINDOWS\System32\Cxe0o.exe

You may have to set the system to show hidden/System (http://www.xtra.co.nz/help/0,,4155-1916458,00.html) files.

Go on-line and run a scan at housecall.
Update your virus definitions and scan locally.
Report if they find anything

Re-post your HJT log and let us know how the system is running.

Hello and Welcome...

As pop pop said, you have a number of problems here... We need to begin by fixing a Peper infection... Please use my link for HJT below to download the PeperFix... Boot into Safe Mode (tap F8 before WinXP starts to load and
choose Safe Mode) and run the fix twice... Then reboot to Normal mode...

Please open an HJT scan and put a check by these items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {023E95BE-0B55-228C-2682-2687EAF1E9CD} - C:\WINDOWS\System32\ywy.dll
O2 - BHO: (no name) - {3713A5BE-2666-17B8-0BB2-16AADAC1C4FD} - C:\WINDOWS\System32\ywy.dll
O4 - HKLM\..\Run: [GXCn6S9G] C:\documents and settings\leigh anne\local settings\temp\GXCn6S9G.exe
O4 - HKLM\..\Run: [WRWfEd] C:\windows\system32\WRWfEd.exe
O4 - HKLM\..\Run: [1b473b894a69] C:\WINDOWS\System32\CAPESNPN.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Cxe0o.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Leigh Anne\Application Data\eetu.exe
O4 - HKCU\..\Run: [Xpmuz] C:\WINDOWS\System32\w?nlogon.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\ezStub.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)

Then close all open windows except HJT and click Fix
Checked...

Reboot to Safe Mode again.... Find and remove these if they are still there:

C:\documents and settings\leigh anne\local settings\temp\GXCn6S9G.exe
C:\windows\system32\WRWfEd.exe
C:\WINDOWS\System32\CAPESNPN.exe
C:\WINDOWS\System32\Cxe0o.exe
C:\Documents and Settings\Leigh Anne\Application Data\eetu.exe
C:\WINDOWS\System32\w?nlogon.exe
C:\ezStub.exe
C:\WINDOWS\System32\Dfmc1bU0.exe
C:\WINDOWS\System32\PikQWgDx.exe

You may need to set WinXP to show all hidden and system
files to find them... If you can't find them, open HJT
(still in Safe Mode) and go to Misc Tools and use the
"delete on reboot" option to enter the whole location and
file... Do not delete this file and do not put the one with the "?" mark in the "Delete on reboot" since this is an important legit file... The bad one will have some other odd character in place of the "?"

C:\WINDOWS\System32\winlogon.exe

Please find this file and check Properties to see if it is from a reputable company... If you don't recognize it, please post the info that you find in your response:

C:\WINDOWS\System32\CAPESNPN.exe

Then reboot and post a new log... There is a newer version of HJT, please download and use that... Also, note how things are going and if you ran into any problems... Also, please note if you have run any other scans to address your problems...

Edit: classicsoftware, you are getting to be fast... I was working on this again and you posted first... That monosearch thing looks like it is probably legit...