Been Hijacked

My homepage was hijacked to some site that had about 8 popups advertising a spyware program. In addition, I got a random Windows Guardian message saying some .dll file couldn't be found (didn't write the full name down, sorry), and a second toolbar appeared at the bottom of my screen, with a search engine and a link to some internet coupons or somesuch. I did a spyware search, and a whole bunch of registry values and Ezula files were found. I tried to delete them, but Adware told me 6 files couldn't be deleted, and asked if I would like to scan on startup. I said yes and rebooted, but when adware ran, it said my computer was clean. Then I actually started up, and now I have a blank white bar where the second toolbar used to be, my 'Start' button on my toolbar is blanked out as well. Thanks in advance for any help.

Here is my hijack log:

Logfile of HijackThis v1.97.7
Scan saved at 9:42:41 AM, on 4/29/04
Platform: Windows 98 Gold (Win9x 4.10.199
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ENCOMPASS\MONITOR.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\AUDIO VIDEO SUITE\VTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\REAL\REALONE PLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\WINDOWS\SYSTEM\E_S0BIC1.EXE
C:\WINDOWS\SYSTEM\E_S0BIC1.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TEMP\6TJBD2T2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\IEDRIVER\IEDRIVER.EXE
C:\WINDOWS\SYSTEM\DP-K13W13.EXE
C:\PROGRAM FILES\WHENUSEARCH\SEARCH.EXE
C:\WINDOWS\SYSTEM32\PCS\PCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
C:\PROGRAM FILES\COMMON FILES\UPDMGR\UPDMGR.EXE
C:\WINDOWS\APPLICATION DATA\RERR.EXE
C:\WINDOWS\SYSTEM\WTSCC.EXE
C:\PROGRAM FILES\FIRSTAID 98\FAWGRD32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\FIRSTAID 98\FA_GD32.EXE
C:\PROGRAM FILES\FIRSTAID 98\RTFIXM32.EXE
C:\_WINBKUP\DESKTOP\MEEP1\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\sb.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.2wire.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 81.208.125.36:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r1.attbi.com




;<local>
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
R3 - URLSearchHook: IncrediFindBHO Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~2.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [VoyetraTray] C:\PROGRAM FILES\AUDIO VIDEO SUITE\VTRAY.EXE /s
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealOne Player\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [EPSON Stylus C62 Series-MackEd] C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P30 "EPSON Stylus C62 Series-MackEd" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [6tjbd2t2] C:\WINDOWS\TEMP\6TJBD2T2.EXE
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\SYSTEM\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-K13W13.EXE
O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\PROGRAM FILES\COMMON FILES\DPI\DPI.EXE
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [EncMonitor] C:\Program Files\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKCU\..\Run: [Alau] C:\WINDOWS\Application Data\rerr.exe
O4 - HKCU\..\Run: [WAPI] C:\WINDOWS\SYSTEM\wtscc.exe
O4 - Startup: Windows Guardian.lnk = C:\Program Files\FirstAid 98\Fawgrd32.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: RealDownload.lnk = C:\Program Files\REAL\RealDownload\REALDOWNLOAD0.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

 

Update:

I did a virus scan, and I guess things are even worse. In addition to the above symptoms, I now get no icons at all on my main toolbar, and the virus scanner found 13 viruses. Most of them were Troj.Revop.A, but I also found:

Bkdr.Sandbox.A
Troj.Small.go
Troj.Sillen.A >> This couldn't be deleted because it was in a file currently in the Temp dir
VBS.PSYME.B
JS.IESTART.PS

Please help, I am afraid my computer is just about dead at this point.

 

What do you mean by "things got worse" ?

If you would please follow the instructions posted here:
https://www.wilderssecurity.com/showthread.php?t=15983
and post the new HijackTHis log along with the answer to my question, we will have a look.

Regards,

Pieter