i ran hijack this on this computor i am running and need to know what i have to delete.

here's the log:

ogfile of HijackThis v1.98.2
Scan saved at 3:08:09 PM, on 12/7/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\svchost.exe
D:\WINNT\system32\crypserv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\Hummingbird\Connectivity\7.00\In etd\inetd32.exe
D:\WINNT\system32\hidserv.exe
D:\PROGRA~1\Iomega\System32\AppServices.exe
D:\WINNT\System32\Hummingbird\Connectivity\7.00\Jc onfig\jconfigdNT.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\Common files\WinTools\WToolsS.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\Hummingbird\Connectivity\7.00\NF SClient\expserv.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Common Files\WinTools\WToolsA.exe
D:\Program Files\Common Files\WinTools\WSup.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Washer\washer.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\WINNT\system32\taskmgr.exe
C:\Program Files\bin\expcad3d.exe
C:\Program Files\Exceed.nt\exceed.exe
C:\PROGRA~1\Exceed.nt\localcon.exe
C:\dcam\product\PowerMILL5504\sys\exec\pmill.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50032
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchant.com/r=6&s=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
F2 - REG:system.ini: UserInit=D:\WINNT\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - D:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: SuperBar - {733F00F2-C321-4FFF-B23E-BDA2B661EFF0} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinTools] D:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [PGStub.exe] D:\dp-b23011805.exe
O4 - HKLM\..\Run: [CleanUp] D:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [Aim The] D:\PROGRA~1\16INTE~1\Tons exit.exe
O4 - HKLM\..\RunOnce: [WinTools] D:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Administrator"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - Startup: mwcsttrk.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: mwcsttrk.exe
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O10 - Unknown file in Winsock LSP: d:\winnt\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: d:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: d:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: d:\winnt\system32\cdlsp.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.parker.com/inphorminfo/Products/IFTW/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - http://download.actify.com/SpinFire/SFViewer.exe
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.ca/r/neutral/controls/MsnPUpld.cab?5,0,1730,0
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)

First lets try to remove some of this stuff w/o using hijack this:

1) Download Adaware (http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5)

Here are the instructions:

Here are full instructions for configuring/using AdAware.

2. If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
3. After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
4. Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
5. Once the definitions have been updated:
6. Reconfigure Ad-Aware for Full Scan as per the following instructions:
* Launch the program, and click on the Gear at the top of the start screen.
* Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
o "Automatically save logfile"
o Automatically quarantine objects prior to removal"
o Safe Mode (always request confirmation)
o Prompt to update outdated confirmation) - Change to 7 days.
* Click the "Scanning" button (On the left side).
* Under Drives & Folders, select "Scan within Archives"
* Click "Click here to select Drives + folders" and select your installed hard drives.
* Under Memory & Registry, select all options.
* Click the "Advanced" button (On the left hand side).
* Under "Shell Integration", select "Move deleted files to Recycle Bin".
* Under "Log-file detail", select all options.
* Click on the "Defaults" button on the left.
* Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
* Click the "Tweak" button (Again, on the left hand side).
* Expand "Scanning Engine" by clicking on the "+" (Plus) symbol) and select the following:
o "Unload recognized processes during scanning."
o "Obtain command line of scanned processes"
o "Scan registry for all users instead of current user only"
* Under "Cleaning Engine", select the following:
o "Let Windows remove files in use at next reboot."
o "Delete quarrantined objects after restoring"
* Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
* Click on "Proceed" to save these Preferences.
* Click on the "Scan Now" button on the left.
* Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
7. Close all programs except ad-aware.
8. Click on "Next" in the bottom right corner to start the scan.
9. Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
10. After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

Next go to Add/remove programs and uninstall Wintools:

Now re-post your log. This should have cleaned a good bit out and we'll remove the rest manually.

Also dowload and run CWShredder...

Reboot and post a fresh log with an update after you do these fixes...

Just a question Budfred:

Doesn;t Ad-Aware remove some variants of CWS? It's obviously easy to use CWSHERDDER.

Is there a time when it;s not better to use CWSHREDDER?

Unless there has been a major change in Ad-Aware SE, it doesn't deal with CWS.... It usually does deal with WinTools, so hopefully it will take care of that here...

Several of the new CWS variants are still not addressed well by CWShredder, so they would be the main CWS that it is better to avoid it... The variants in this log are older and should be fixed by it...

Must be my imagination,

just cleaned off a PC with 850 virally infected files and 1400 critical objects found with adaware. I was sure one of them was Cool Web Search. With 1400 critical objects, I could have been mistaken......

this is what my log looks like after running adaware, what do i delete?

Logfile of HijackThis v1.98.2
Scan saved at 1:22:00 PM, on 12/8/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\crypserv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\Hummingbird\Connectivity\7.00\In etd\inetd32.exe
D:\WINNT\system32\hidserv.exe
D:\PROGRA~1\Iomega\System32\AppServices.exe
D:\WINNT\System32\Hummingbird\Connectivity\7.00\Jc onfig\jconfigdNT.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\Hummingbird\Connectivity\7.00\NF SClient\expserv.exe
D:\WINNT\Explorer.EXE
C:\Program Files\Washer\washer.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\taskmgr.exe
C:\dcam\product\PowerMILL5504\sys\exec\pmill.exe
D:\WINNT\system32\MSTask.exe
C:\Program Files\bin\expcad3d.exe
C:\Program Files\Exceed.nt\exceed.exe
C:\PROGRA~1\Exceed.nt\localcon.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchant.com/r=6&s=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
F2 - REG:system.ini: UserInit=D:\WINNT\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - D:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: SuperBar - {733F00F2-C321-4FFF-B23E-BDA2B661EFF0} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinTools] D:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [CleanUp] D:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [Aim The] D:\PROGRA~1\16INTE~1\Tons exit.exe
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\RunOnce: [Common Client CoreSPA] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\COMMON~1.EXE D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\COMMON~1.SPA /RollBackChanges
O4 - HKLM\..\RunOnce: [NAVNTSPA] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NAVNTspa.exe D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NAVNTP~1.SPA /RollBackChanges
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Administrator"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - Startup: mwcsttrk.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: mwcsttrk.exe
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O10 - Unknown file in Winsock LSP: d:\winnt\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: d:\winnt\system32\cdlsp.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.parker.com/inphorminfo/Products/IFTW/iftwclix.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {A31CCCB0-46A8-11D3-A726-005004B35102} - http://download.actify.com/SpinFire/SFViewer.exe
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.ca/r/neutral/controls/MsnPUpld.cab?5,0,1730,0
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

You have HJT in your root directory which means that it will place backups there... You might want to create a folder for it and move it before you run the fixes...

Did you also run CWShredder??

First go to the site for HJT in my signature and download LSPfix and open it... Click on "I know what I am doing" and move all instances you find of cdlsp.dll to the remove window... DO NOT move any other items... Let LSPfix remove the cdlsp.dll items...

Open HJT and put a check by these items:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchant.com/r=6&s=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - D:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: SuperBar - {733F00F2-C321-4FFF-B23E-BDA2B661EFF0} - (no file)
O4 - HKLM\..\Run: [WinTools] D:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Aim The] D:\PROGRA~1\16INTE~1\Tons exit.exe
O4 - HKLM\..\RunOnce: [Common Client CoreSPA] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\COMMON~1.EXE D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\COMMON~1.SPA /RollBackChanges
O4 - HKLM\..\RunOnce: [NAVNTSPA] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NAVNTspa.exe D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NAVNTP~1.SPA /RollBackChanges
O4 - Startup: mwcsttrk.exe
O4 - Global Startup: mwcsttrk.exe

Close all windows except HJT and click Fix Checked...

Reboot to Safe Mode and remove these:

D:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe (Folder)
D:\PROGRA~1\16INTE~1\Tons exit.exe (Folder that begin with the indicated characters)

Run a search for and delete: mwcsttrk.exe

Then clean out your Temp files, but particularly:

D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp

Then boot to Normal mode and post a fresh log... Note any problems that you are still having...

what is mwcsttrk.exe and what does it do?

what is mwcsttrk.exe and what does it do?
No clue... It appears to be a randomly named malware file that is infecting your system... If you want to check it out to find out more, you can find it and check Properties... You could also submit it for analysis, like at Kapersky's.... Leave it alone if you would like, but I am betting it is part of what is infecting your system...