My fiance downloaded something onto our shared laptop, and I'm having a heck of a time getting rid of it. The homepage was redirected to what looked like somesort of MS search page, but it had all sorts of pharmaceutical names in the small text, and there was usually some pharmaceutical product (viagra seemed to be a favorite) in the actual search bar.

Let me just give a brief synopsis of the things I've tried so far, as well as things I've noticed. I've glanced at another thread in this forum, and done the starting point of the fix there - ie. downloaded HiJackThis, and created the log file, which is attached.

First of all, I've ran the following programs, which have all identified the problem but have been unable to get rid of it:
Norton Antivirus
Trendmicro's Housecall
Spybot S&D
AdAware SE Personal
Microsoft's Antispyware

I ran all the above programs in both a normal bootup and in safe-mode (with networking in the case of Housecall). While in safe-mode, all the programs detected more problems, and claimed to fix them. But the problem continues to exist.

Trendmicro was unable to "clean" the problems it found, but it did have some recommendations as to what to look for in the registry as far as startup programs and class IDs. I've attached those instructions as well, so you can know what I was doing. Works great for the file(s) that's present in the registry at the moment...but, it seems there's a ton of these little files in both C:\Windows and C:\Windows\system 32. Seems like everytime I get the registry cleaned of one, stop it from running as a service, and end it as a process, another pops up to take its place. Just from looking through the two directories above, I think I've counted as many as 85 executables in each that look suspect. They've got random names from 4-8 characters long, often end in "32", have sizes of 0KB, 12KB, 16KB, and 66/67KB, and have all been created sometime between 5/5/06 and yesterday. I can come up with a list of all these if that would help as well - is there anyway of just copying all the file names out of those two folders or would I just have to create a spreadsheet manually? Since 6AM today, I've used Trendmicro's instructions to remove the following files from the registry, services, and running processes: (Windows folder) addol.exe, atlwh.exe, apiaa.exe, ntsi32.exe, ipce.exe, ipgt.exe, ieqi32.exe, msmx32.exe, iejg.exe, apikw.exe, atlvf.exe, ntes32.exe, javavh32.exe, iphq.exe, atlms32.exe, javavy.exe, d3ms32.exe, sdken.exe, (system 32 folder) mfcnb.exe, crtu.exe, msic.exe, addcg.exe, atlha32.exe, ntgp.exe, javatd32.exe, sdkgz32.exe, mfcio32.exe, addel32.exe, ipxp.exe, msrv32.exe, crza32.exe, winmz.exe, d3qy.exe, mfckm32.exe, javagy32.exe, wintw32.exe, and syscc32.exe.

I also have the latter 3 spyware detect programs set to detect any registry changes, and prompt me for action. Since doing that, I haven't had many pop-ups or blatant page redirects - although I get the prompts on average of every 5-10 minutes, depending on what I'm doing. My homepage continues to be reset to about:blank at every restart. The only webpage redirects (besides the homepage one) I got today started out as a Windows Security Center warning (stating WARNING: Windows Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passords. Do you want to learn how to protect your computer?), but when I clicked on it, it redirected me to a download site for spyware software I hadn't heard of. The web address is: http://www.msnhelper.net/search.php?pin=94115. That ending number seems to come up a lot in the redirects.

What little I've done so far, I can now at least access the web without IE immediately crashing. And without constant redirects & popups. I guess all the caffeine and stubbornness was worth at least that. But the attempted hijacks continue to occur, and I'm about at wits' end trying to figure this out on my own. Any help would be greatly appreciated. At this point, I'm sorely tempted to wipe and reinstall...except for the fact that my beau also misplaced the recovery disks (again) and Toshiba has them on backorder.

Also, as I've been writing this, the following executeables have been trying to insert themselves into the startup programs in the registry: crza32.exe, javavh32.exe, and apisa.exe.

The log file from HiJackThis is attached, as this post exceeded the character limit. Also, here are some of my system specs: WinXP home addition version 2002, with SP2; Toshiba Satellite, with 1.30 GHz celeron processor; & 992 MB RAM. Please let me know if there are other system specs you need to know as well.

Welcome to the PC Guide forums!

You are correct in how CWS can ruin your week.
I will request you post the complete HJT log in multiple posts if necessary (copy/paste portions until it is all here), that way all the members can view the log and it makes it easier for those analyzing them.

Here's the HiJackThis log as a separate post, per your request PrntRhd. It should fit in one post, just not with my long-@$$ whine post.

Logfile of HijackThis v1.99.1
Scan saved at 1:04:07 PM, on 6/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\crqi32.exe
C:\WINDOWS\apisa.exe
C:\Program Files\HiJackThis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FF6D27C3-4ECC-DA8F-1C66-5147D1F3F33D} - C:\WINDOWS\system32\atlwd32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [javavh32.exe] C:\WINDOWS\javavh32.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crqi32.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Yep, that is CWS...

Please download CWShredder, AboutBuster and Ewido:

http://www.intermute.com/spysubtract/cwshredder_download.html

http://www.downloads.subratam.org/AboutBuster.zip

http://www.ewido.net/en/

Open and update Ewido, then close it...

You need to turn off TeaTimer and any other resident protection programs or they will block the fix...
1) Run Spybot-S&D
2) Go to the Mode menu and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

Reboot to Safe Mode and open and HJT scan... Put checks by these items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
O2 - BHO: Class - {FF6D27C3-4ECC-DA8F-1C66-5147D1F3F33D} - C:\WINDOWS\system32\atlwd32.dll
O4 - HKLM\..\Run: [javavh32.exe] C:\WINDOWS\javavh32.exe
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crqi32.exe

Close all open windows except HJT and click Fix checked...

Find and delete:

C:\WINDOWS\javavh32.exe
C:\WINDOWS\system32\crqi32.exe

Run CWShredder, then run AboutBuster at least twice and then run CWShredder again... Open and run a full Ewido scan... Let them all fix what they find...

Reboot and post a fresh HJT log... This infection has recently morphed into something even nastier than before, so we may have to go at this several different ways...

Please download CWShredder, AboutBuster and Ewido:

http://www.intermute.com/spysubtrac...r_download.html

http://www.downloads.subratam.org/AboutBuster.zip

http://www.ewido.net/en/

Open and update Ewido, then close it...

Done. I only updated Ewido. Forgot that once in safe mode, I wouldn't have net access.

You need to turn off TeaTimer and any other resident protection programs or they will block the fix...
1) Run Spybot-S&D
2) Go to the Mode menu and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

Done. Turned of resident protection programs in Spybot S&D and Microsoft's AntiSpyware; also disabled Norton Anti-virus (any clues how I turn off Symantec's annoying popup Security Alert telling me I've disabled the anti-virus?).

Reboot to Safe Mode and open and HJT scan... Put checks by these items:

*R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
*R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
O2 - BHO: Class - {FF6D27C3-4ECC-DA8F-1C66-5147D1F3F33D} - C:\WINDOWS\system32\atlwd32.dll
O4 - HKLM\..\Run: [javavh32.exe] C:\WINDOWS\javavh32.exe
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crqi32.exe

Close all open windows except HJT and click Fix checked...

Done. The two marked with an * were missing when I ran HJT in safe mode.

Find and delete:

C:\WINDOWS\javavh32.exe
C:\WINDOWS\system32\crqi32.exe

Neither were present in safe mode after running HJT.

Run CWShredder, then run AboutBuster at least twice and then run CWShredder again... Open and run a full Ewido scan... Let them all fix what they find...

On the first run, CWShredder found and removed CWS.HomeSearch. I then ran AboutBuster 3 times (log files attached, I'll copy them into a following post as well). Then ran Ewido, which found over 200 files. Log file attached. Ran Ewido's memory scan as well, but that came up with nothing.

Reboot and post a fresh HJT log...

Done - see next post.

Here is the HJT log from a normal reboot after doing all that stuff in safe mode:

Logfile of HijackThis v1.99.1
Scan saved at 8:13:29 PM, on 6/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Ewido\Security Suite\ewidoctrl.exe
C:\Program Files\Ewido\Security Suite\ewidoguard.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\Security Suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\Ewido\Security Suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Here are the AboutBuster logs (x3). Ewido to follow.

AboutBuster 5.0 reference file 28
Scan started on [6/6/2005] at [7:04:09 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\BJCFDins.log:ktixw
Removed Stream! C:\WINDOWS\chipset.log:pbukz
Removed Stream! C:\WINDOWS\clock.avi:jfgkpy
Removed Stream! C:\WINDOWS\COM+.log:bgzqri
Removed Stream! C:\WINDOWS\desktop.ini:mgsvll
Removed Stream! C:\WINDOWS\DtcInstall.log:ehcinv
Removed Stream! C:\WINDOWS\Gone Fishing.bmp:ipddft
Removed Stream! C:\WINDOWS\hpdj3740.hi1:aqvize
Removed Stream! C:\WINDOWS\hpfmdl_s04_main.dat:jogii
Removed Stream! C:\WINDOWS\imsins.BAK:ldxikd
Removed Stream! C:\WINDOWS\imsins.BAK:pjfhup
Removed Stream! C:\WINDOWS\irran.txt:ijyuoa
Removed Stream! C:\WINDOWS\jtlhq.log:akqzqc
Removed Stream! C:\WINDOWS\jzjaw.log:uirte
Removed Stream! C:\WINDOWS\KB867282.log:wfabgq
Removed Stream! C:\WINDOWS\KB873333.log:tlbfkm
Removed Stream! C:\WINDOWS\KB873339.log:awynle
Removed Stream! C:\WINDOWS\KB885250.log:gftgaa
Removed Stream! C:\WINDOWS\KB885835.log:xvpafo
Removed Stream! C:\WINDOWS\KB885855.log:sxitng
Removed Stream! C:\WINDOWS\KB885855.log:vjvvkd
Removed Stream! C:\WINDOWS\KB887742.log:lybghr
Removed Stream! C:\WINDOWS\KB890175.log:apkqwl
Removed Stream! C:\WINDOWS\KB891781.log:veddhy
Removed Stream! C:\WINDOWS\KB893066.log:lqddyw
Removed Stream! C:\WINDOWS\KB893803v2.log:drojsy
Removed Stream! C:\WINDOWS\LPT$VPN.665:ggondk
Removed Stream! C:\WINDOWS\LPT$VPN.665:vscgpd
Removed Stream! C:\WINDOWS\machine.ver:wrgoui
Removed Stream! C:\WINDOWS\mozver.dat:xtfzmy
Removed Stream! C:\WINDOWS\msdfmap.ini:gqlzqc
Removed Stream! C:\WINDOWS\msoffice.ini:quyega
Removed Stream! C:\WINDOWS\ndtie.log:yuvtzz
Removed Stream! C:\WINDOWS\ntdtcsetup.log:ivnhcb
Removed Stream! C:\WINDOWS\n_glfxaw.txt:ccvaez
Removed Stream! C:\WINDOWS\n_tndvxz.txt:fdyksm
Removed Stream! C:\WINDOWS\n_yglmcl.txt:xerquw
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:pqffj
Removed Stream! C:\WINDOWS\qwimp.ini:xpvxs
Removed Stream! C:\WINDOWS\REGLOCS.OLD:tifyny
Removed Stream! C:\WINDOWS\rjosm.txt:abgomh
Removed Stream! C:\WINDOWS\setupact.log:kdkhiu
Removed Stream! C:\WINDOWS\setuplog.txt:dvcmke
Removed Stream! C:\WINDOWS\SetupWLD.log:rzmmux
Removed Stream! C:\WINDOWS\ToshDefs.reg:zluens
Removed Stream! C:\WINDOWS\tsc.ini:paddym
Removed Stream! C:\WINDOWS\TSession.reg:epgply
Removed Stream! C:\WINDOWS\tsoc.log:sdpohj
Removed Stream! C:\WINDOWS\tsulj.txt:knxxcf
Removed Stream! C:\WINDOWS\updspapi.log:kezcbm
Removed Stream! C:\WINDOWS\vb.ini:bxdwy
Removed Stream! C:\WINDOWS\vhiql.txt:deshvw
Removed Stream! C:\WINDOWS\vminst.log:prraik
Removed Stream! C:\WINDOWS\VPTNFILE.665:nfkmxh
Removed Stream! C:\WINDOWS\wiaservc.log:irbncv
Removed Stream! C:\WINDOWS\wjstg.dat:ntrjde
Removed Stream! C:\WINDOWS\wmsetup.log:xpzbhh
Removed Stream! C:\WINDOWS\WMSysPr9.prx:cddmb
Removed Stream! C:\WINDOWS\xpsp1hfm.log:pijhbj
Removed Stream! C:\WINDOWS\_default.pif:agozmb
Removed Stream! C:\WINDOWS\_default.pif:ajvrye
Removed Stream! C:\WINDOWS\_default.pif:akgyv
------------------------------------------------
Removed File! : C:\Windows\jghbj.dat
Removed File! : C:\Windows\maesz.dat
Removed File! : C:\Windows\mjyli.dat
Removed File! : C:\Windows\nbcjk.dat
Removed File! : C:\Windows\uitco.dat
Removed File! : C:\Windows\ypxgc.dat
Removed File! : C:\Windows\zluen.dat
Removed File! : C:\Windows\zxghz.dat
Removed File! : C:\Windows\System32\bbsgo.dat
Removed File! : C:\Windows\System32\douhu.dat
Removed File! : C:\Windows\System32\hkkyi.dat
Removed File! : C:\Windows\System32\hzefz.dat
Removed File! : C:\Windows\System32\jvlil.dat
Removed File! : C:\Windows\System32\otnqh.dat
Removed File! : C:\Windows\System32\wvzxl.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:04:41 PM


AboutBuster 5.0 reference file 28
Scan started on [6/6/2005] at [7:06:15 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\vb.ini:coqcep
Removed Stream! C:\WINDOWS\WMSysPr9.prx:uhebv
Removed Stream! C:\WINDOWS\_default.pif:atnlgv
Removed Stream! C:\WINDOWS\_default.pif:awqkw
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:06:35 PM


AboutBuster 5.0 reference file 28
Scan started on [6/6/2005] at [7:40:29 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\_default.pif:ayajff
Removed Stream! C:\WINDOWS\_default.pif:blnvhz
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:40:47 PM

And the Ewido log part 1...have to split this between a couple posts:


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:35:39 PM, 6/6/2005
+ Report-Checksum: 29B68963

+ Date of database: 6/7/2005
+ Version of scan engine: v3.0

+ Duration: 26 min
+ Scanned Files: 56509
+ Speed: 35.13 Files/Second
+ Infected files: 203
+ Removed files: 203
+ Files put in quarantine: 203
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@searc h.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Anna\Cookies\anna@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Lawrence\Cookies\lawrence@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Lawrence\Cookies\lawrence@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\S-1-5-21-2621615846-3867496258-1688504862-1006\Dc10.exe -> Trojan.Agent.em -> Cleaned with backup
C:\RECYCLER\S-1-5-21-2621615846-3867496258-1688504862-1006\Dc9.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\addpy.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\addti32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\addxq32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\apibe32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\apift32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\apiic.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\apiix32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\apikn.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\apikw.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\apiky32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\apiqf.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\apirc32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\appch.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\appck32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\appdd32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\appjh.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\appnl.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\apppv32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\atlkq32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\atlnz32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\atltr.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\atluo32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\atlxg32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\craz32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\crem.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\crfn.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\crkd32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\crqz.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\crwq32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\crxr.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\cryx.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\crzg32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\d3az32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\d3bf.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\d3hq32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\d3ly32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\d3qx32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\ieam32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\ieej32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\ieeu32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\ieft32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\iesd.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\iexl32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\iezw32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\ipad.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\iphv.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\ipio32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\ipiw32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\ipla32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\ipnp32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\ippa32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\iptm.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\javaco32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\javaex32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\javahr.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\javaip.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\javand32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\javaob32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\javawq.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\mfcbl32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\mfccu.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\mfckv32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\msgc.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\msgw32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\msha.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\msqx32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\mssa.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\mssh32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\mssq.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\msxg.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\msxm32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\mszy.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\netco.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\netef32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\netim32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\netmh.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\netqq32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\ntbr32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\ntig32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\ntof32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\ntre32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\ntte32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\ntxk32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\n_eswopk.log -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\n_fzzdci.txt -> TrojanDownloader.Agent.oq -> Cleaned with backup
C:\WINDOWS\n_glfxaw.txt -> TrojanDownloader.Agent.oq -> Cleaned with backup
C:\WINDOWS\n_hfrxbk.log -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\n_ijcmdu.log -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\n_mzkaou.txt -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\n_ospbrx.txt -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\n_oszbot.log -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\n_poootj.txt -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\n_tndvxz.txt -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\n_vsrlav.txt -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\n_xbvebr.log -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\n_yglmcl.txt -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\sdkdw.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\sdkgs.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\sdkpz.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\sdkqn.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\sdksz.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\sdktf32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\sdkzb.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\sysfs32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\sysjq.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\sysra.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\sysrz.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\syssu32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\addac32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\addgf.exe -> Trojan.Agent.em -> Cleaned with backup

Ewido log part 2...and here I thought I was exaggerating about the number of files I suspected...

C:\WINDOWS\system32\addhh32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\addkg.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\apicf.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\apinr.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\apiys32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\apped32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\appig.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\appks.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\appwg32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\atlmw.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\atlru.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\atltj.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\atlvz.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\crfx32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\crks.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\crlu.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\croc32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\crtp32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\cruv.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\d3il32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\d3sh32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\d3yk.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\d3zl.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\ieak32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\iedb.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\iedd32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\iegy.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\iejg.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\ieji32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\ieuv32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\iewq.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\iezk32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\ipds32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ipia.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\iptz.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ipwr32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\javaaa.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\javadc32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\javahm.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\javakz.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\javasl32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\mfcdh32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\mfcdq32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\mfchi32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\mfcue32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\mfcvv.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\mfcyz32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\mfcyz32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\mseu32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\msjk.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\msod32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\msoo32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\msvo32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\msxw.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\netag32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\netgv.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\netww32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ntfj.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ntlv32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\ntxb32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\ntxs.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\ntyt32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\ntzd32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sdkii.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sdklv32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sdknf.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\sdkqp.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\sdktw.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\sdkvu.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\sdkvy.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\sdkxw32.exe -> TrojanDownloader.Agent.ap -> Cleaned with backup
C:\WINDOWS\system32\sysdj32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\sysek32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\sysmj32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\sysoe32.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\sysrw.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\sysyo32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\winhd.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\system32\winpp.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\winqc32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\system32\winso32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\systs32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\winas32.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\winkx.dll -> TrojanDownloader.Agent.bc -> Cleaned with backup
C:\WINDOWS\winug.exe -> Trojan.Agent.em -> Cleaned with backup
C:\WINDOWS\winuu.exe -> Trojan.Agent.bi -> Cleaned with backup


::Report

Please run HJT and fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\scqmt.dll/sp.html#94115
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

You don't need to worry about turning off Norton, I was actually referring to the spyware resident protection and wasn't clear, sorry....

After you do the HJT fixes, run CWShredder and Ewido again to see if they still pick anything up... Then post back with a fresh HJT log and report on how it went...

Should I do this in a normal boot, or safe mode?

Since you can't see those items in Safe Mode, do them in Normal mode and if it still doesn't work, we will try other options...

Here's the latest HJT log, after completing the previous HJT, CWshredder, and Ewido scans.

Logfile of HijackThis v1.99.1
Scan saved at 10:25:02 PM, on 6/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Ewido\Security Suite\ewidoctrl.exe
C:\Program Files\Ewido\Security Suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\Security Suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\Ewido\Security Suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

__________________________________________________ _______________
Btw, is CWS known to cause any problems with Norton? Since yesterday, the "auto-protect" feature of Norton has been been flaking out between enabled/disabled. Occasionally, it re-enables for a reboot, but mainly it's been disabled. I manually disabled it above, but now it won't re-enable when I manually set it to enable under options. The enable button seems to be broken...it clicks but nothing happens. Live update doesn't help anything either. And now the norton popup saying the computer is unprotected is driving me nuts, in addition to the CWS problem

Your log appears to be clean... How is your system working??

A number of different malware programs will try to disable Norton and other protection programs... You may need to uninstall and reinstall Norton to get it working properly again...

Just to be sure we got it all....
Try running an MWavScan... It will produce a log in the lower window that has the bad list and you will need to use Ctrl-C to copy it and then paste it here for review....

http://www.mwti.net/antivirus/free_utilities.asp

It will suggest that you buy the product to fix what it finds, but that is not necessary... Just post the bad part of the scan and we will deal with it...

I'll run MWavScan next.

I think Norton's just on crack on my computer. Earlier, when I was doing the Trendmicro fixes, I had to disable it - and it gave me the same problem. I think that's when it first started acting up. I forgot how I fixed it that time. When I checked Symantec's website for that specific error, I found that the ccApp (common client user sesssion) program wasn't loading on startup (checking msconfig). Figured maybe I'd screwed something up in the startup programs with all the different stuff I'd done yesterday. But after running a full system virus scan, the program is now back in the startup programs - which is what happened the first time too, I just forgot. Guess I should take better notes of everything I do - though when things appear to fix themselves, sometimes it's hard to figure out what happened the first time.

I take that back, Norton's still on crack after a restart...but now ccApp is showing up in the startup prgorams. Yay, time for more troubleshooting...I'd reinstall, but all the disks belonging to this computer have mysteriously come up MIA. They're supposedly at my place (250 miles away), so that doesn't do me a lot of good (especially the supposedly part). Ah well, back to Symatec's help site.

Here's the MWavScan log, part 1 of 3:

Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\system32\msxml3a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\system32\drivers\ipvnmon.sys". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00014C0D-B007-4448-B89B-4EC3E857961D}" refers to invalid object "C:\Program Files\America Online 9.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0426289E-C3E9-C13A-ED9A-FA21D3758986}" refers to invalid object "C:\WINDOWS\ieeu32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{06BE7323-EF34-11d1-ACD8-00C04FA31009}" refers to invalid object "%ProgramFiles%\Outlook Express\msoe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{09A18A8C-F249-4681-BD97-426B12F32E77}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{09AB7993-AEB2-4FD6-A524-91BBA17D7E43}" refers to invalid object "c:\program files\common files\motive\McciAppsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0A522730-A626-11D0-8D60-00C04FD6202B}" refers to invalid object "%ProgramFiles%\Outlook Express\oeimport.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0A522732-A626-11D0-8D60-00C04FD6202B}" refers to invalid object "%ProgramFiles%\Outlook Express\oeimport.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0A522733-A626-11D0-8D60-00C04FD6202B}" refers to invalid object "%ProgramFiles%\Outlook Express\oeimport.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{101A8FB9-F1B9-11d1-9A56-00C04FA309D4}" refers to invalid object "%ProgramFiles%\Outlook Express\msoe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{10F34E64-BBB2-11D6-8A17-00E029570A3E}" refers to invalid object "C:\Program Files\America Online 9.0\sa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1167C47F-01F9-4C08-8564-1D6C9BAAFB60}" refers to invalid object "C:\Program Files\America Online 9.0\media\pathfinder.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1198A2C0-0940-11d1-838F-00C04FBD7C09}" refers to invalid object "%ProgramFiles%\Outlook Express\oeimport.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{12EF5346-C2DE-47ED-A00A-97FC0197065C}" refers to invalid object "c:\program files\common files\motive\McciAppsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1399D09B-7A35-441A-B0AE-760C3CE97459}" refers to invalid object "c:\program files\common files\motive\BJInstaller.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{13DD78D3-2194-419a-85AB-6EAF19E4B754}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{189504B8-50D1-4AA8-B4D6-95C8F58A6414}" refers to invalid object "C:\Program Files\America Online 9.0\sb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1AAD5791-2D0A-42C8-9DA7-4281003951AC}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B9F6177-1736-4899-8425-9DC5D82211B9}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EBA8D52-542A-4097-91E0-69589E258ABA}" refers to invalid object "c:\program files\common files\motive\McciAppsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1fc26549-af52-4742-9e93-1c5e22990d1e}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{205D2DFB-BBAD-4DC4-A0BB-CDA12A1639CE}" refers to invalid object "C:\Program Files\America Online 9.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78d5-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78df-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e0-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e1-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{229b78e2-38f5-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}" refers to invalid object "%ProgramFiles%\Outlook Express\msoe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{233A9694-667E-11d1-9DFB-006097D50408}" refers to invalid object "%ProgramFiles%\Outlook Express\msoe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{264641C3-D215-4773-8437-EC658D6EDB10}" refers to invalid object "c:\program files\common files\motive\McciAppsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2C1A5446-45E1-412F-BF68-EBFBB8405A1B}" refers to invalid object "c:\program files\common files\motive\McciLogX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2D170740-6680-4E7A-90A1-A948D8BD704B}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2D6BA59B-3780-456b-A3B4-B7754E57CA4B}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2D972A25-2BCB-4B87-BE01-EEDC9355A3C0}" refers to invalid object "c:\program files\common files\motive\McciAppsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2E3B2207-4727-4F45-84F2-471A6AF918F7}" refers to invalid object "c:\program files\common files\motive\McciAppsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FD1A546-F30B-11BE-0DB4-D49B2763FEDD}" refers to invalid object "C:\WINDOWS\system32\atlwd32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{307A6C42-0000-0010-8000-00AA00389B71}" refers to invalid object "c:\program files\warcraft iii\blizzard.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{30D0EC5D-3C0D-4848-BD68-D568AC3F41E6}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{31A1E925-9F8C-4a5a-BB59-D0C5209421AF}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}" refers to invalid object "C:\Program Files\Outlook Express\wabfind.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{339AE6CA-DFE4-4C4B-B628-C05AC7E2462E}" refers to invalid object "c:\program files\common files\motive\McciAppsX.dll". Action Taken: No Action Taken.

Part 2 of 3:

Entry "HKCR\CLSID\{34ECB075-144C-48A7-9AD2-8760231379CE}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{350D02A9-62C4-4b9a-9114-AF9ABE5053BA}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{35FE37C0-96D9-4a37-976A-4EBFB653DDEA}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3695C371-A170-4AB6-A011-B19F256D9EFC}" refers to invalid object "c:\program files\common files\motive\McciAppsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{39264597-3CDC-44a3-B1F5-154B55F1C3EA}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{399069a6-e1de-414b-94bd-493b029c6da1}" refers to invalid object "c:\program files\common files\motive\BJInstaller.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C69CA25-1D74-11D5-A625-005004D25BE4}" refers to invalid object "C:\Program Files\Quicken\olbservice.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3D36A6CC-E87B-4ae7-BE09-3BDF338445C1}" refers to invalid object "c:\program files\common files\motive\RGWInterfaces_DSR.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3D48B387-E74A-4651-A2ED-7FC490964319}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{400D810E-C264-11D1-AE98-AB9AB62C4E41}" refers to invalid object "C:\Program Files\Quicken\bpbox.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{454F90E4-E147-4F52-A335-AA04625344B2}" refers to invalid object "c:\program files\common files\motive\BJInstaller.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4634A8A8-E78E-4fed-9751-52307590D7F1}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4A633ED4-41C3-466e-8E3C-82C33950B53C}" refers to invalid object "c:\program files\common files\motive\RGWInterfaces_DSR.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4B12229A-1343-4A35-A958-E99B1B02F63B}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4E97BE17-3300-4A4F-B380-5988DD771F1F}" refers to invalid object "C:\Program Files\America Online 9.0\media\ares.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4EC99A0B-E57C-4fbe-B9C4-8428424FBF88}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4ee4100e-eda5-43a9-9dd9-cbddd64ee6e3}" refers to invalid object "c:\program files\common files\motive\BJInstaller.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5145942E-41DF-4658-B7C4-089F48E84A75}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{517431a3-30da-4ee1-b2b4-cf32b89eb911}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{51B21D54-F57F-4ca1-93FF-D986E9F0A388}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{528BF874-2681-4ce3-8C62-AA0D3BC0A719}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{535393C8-DCDA-4155-BEA2-D621C76FE903}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{545F0C50-D82C-423E-90F5-B64B8FDA2289}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5788DAE8-4B72-4BE6-89A0-1E6123E4CBC2}" refers to invalid object "C:\Program Files\America Online 9.0\media\cerberus.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5EAC3C01-174B-4BB8-B367-7097CE61C541}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{60A07B6D-B66C-4339-BD52-EC9520FDCE6A}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{626BAFE1-E5D6-11D1-B1DD-006097D503D9}" refers to invalid object "%ProgramFiles%\Outlook Express\msoe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{63603526-954A-42eb-8BEB-8E4BF2F636CB}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{637E07C0-56A8-41e5-85E8-52DAE23F3091}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{639A19DD-1D97-4A6E-A0D1-01E04FED563F}" refers to invalid object "C:\Program Files\America Online 9.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{63BAECA2-9E3C-45DE-B2B1-BBC5FA99958E}" refers to invalid object "c:\program files\common files\motive\MCCWrapper_DSR.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{65D446BD-6D06-4b4e-8BD2-1AAA4C75CB56}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6F0D9E95-38DE-42C9-99FD-0A6D05CA5AAB}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6F74FDC5-E366-11d1-9A4E-00C04FA309D4}" refers to invalid object "%ProgramFiles%\Outlook Express\msoe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6F74FDC6-E366-11d1-9A4E-00C04FA309D4}" refers to invalid object "%ProgramFiles%\Outlook Express\msoe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7063B95A-70DB-4BAC-AF83-2E07A14B5D90}" refers to invalid object "c:\program files\common files\motive\RGWInterfaces_DSR.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{71FFA580-18B2-4b76-8D43-EB3DBBC2DC87}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{728A9D45-5E9B-4634-A8C3-5223620618F6}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{741506D7-C215-48A1-8211-4CEFF2E8FE2C}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{74AAB4CF-DB5A-4AF4-9C81-BF029847072E}" refers to invalid object "c:\program files\common files\motive\BJInstaller.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{756A2CB8-EC02-4DC8-8588-296C611A5365}" refers to invalid object "C:\Program Files\Common Files\aolshare\Coach\Player\coachdm2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{76947A08-DFBC-48f3-977F-5612E575B6B1}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{780F8ADC-3150-4953-853A-975F80BCAF0A}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{796F99A6-F0C2-409B-AF25-914FB1611122}" refers to invalid object "c:\program files\common files\motive\McciAppsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C3C69FD-EDF9-058D-6460-6955C0B6C5F3}" refers to invalid object "C:\WINDOWS\system32\atlwd32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C9688C3-7279-474D-ABA5-A632373D2CDB}" refers to invalid object "C:\Program Files\America Online 9.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7DCAB9D6-19E5-4190-A3FE-0F252EC2FCEA}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7FB4BAAE-0B7D-11D6-9D6B-0010A4F2D6BF}" refers to invalid object "C:\Program Files\Quicken\qwinver.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{807AC6CA-2C63-4fbd-93CB-34C0B57B0ABD}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{81755D8F-D9C1-42C7-887E-B7B3FBDBACEA}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{81A371CE-8FC0-42D1-8561-022409DC9982}" refers to invalid object "c:\program files\common files\motive\BJInstaller.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{845ee5f2-4a22-4ad6-a838-6ff4b759608c}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{84C14BAF-AF20-4900-915B-70E67B60E2DD}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{84CBABC2-D3BE-4EEF-8394-121FAC215CEF}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicInfo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.

Part 3 of 4 (oops):

Entry "HKCR\CLSID\{88F821AE-DA85-477b-8723-2D536E4B5F34}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8AB5F344-B600-11D6-8A15-00E029570A3E}" refers to invalid object "C:\Program Files\America Online 9.0\sa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8DD10EF8-52F2-48cd-8D18-FE650182BC3F}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8E36CB36-A412-42d1-ACA5-AF073D99D0B4}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8F0C5675-AEEF-11d0-84F0-00C04FD43F8F}" refers to invalid object "%ProgramFiles%\Outlook Express\msoe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8FB5DBA9-C15B-4a6f-AC5C-2DFE0D19F18E}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8FD68625-2346-418a-8899-67CB36B1917F}" refers to invalid object "c:\program files\common files\motive\McciSMX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{905BB331-7451-4624-B0DC-397186DE4AA5}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{943742F6-3A40-43FF-97F4-A1750D97B200}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicInfo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{95675031-6954-4917-9BE2-CDBEBC8E9F79}" refers to invalid object "c:\program files\common files\motive\BJInstaller.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{95B6859F-8241-45D7-8540-4AAC57072D18}" refers to invalid object "c:\program files\common files\motive\BJInstaller.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{973D3EF5-8A26-4A79-BD7E-BB71130FFC6E}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9776ED1C-CEFE-4bd6-B865-A62532421608}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{98BFD494-F6AD-4794-9038-832C0654CC43}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPUPF.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99720901-B635-43bd-83E6-D084A990F15A}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9DC1221E-0B36-445a-A2D1-FCA92E502834}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A010DBE2-CC3D-9634-88DD-0AC37058D49B}" refers to invalid object "C:\WINDOWS\system32\netfq32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A08AF898-C2A3-11d1-BE23-00C04FA31009}" refers to invalid object "%ProgramFiles%\Outlook Express\msoe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A0AFC220-63F3-44d5-BDAF-BD267263BC96}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A0C474B8-A343-4e03-A3F7-CB48E60AEA76}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1006DE3-2173-11d2-9A7C-00C04FA309D4}" refers to invalid object "%ProgramFiles%\Outlook Express\oemiglib.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A105BD70-BF56-4D10-BC91-41C88321F47C}" refers to invalid object "C:\Program Files\America Online 9.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A6FF3C3C-F33A-4269-9300-2682DB3B3441}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A98CDA82-48AA-4818-9831-779212F322C9}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{abc00000-0000-0000-0000-000000000000}" refers to invalid object "%ProgramFiles%\Outlook Express\msoe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD41621C-A2DD-487D-A24B-8BE40116A5A3}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicInfo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AE72D6DA-E8ED-4305-AC02-CDCE69B40BD6}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AED456C4-4866-4420-863F-35767EBED514}" refers to invalid object "C:\Program Files\America Online 9.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B4087707-EFB7-46C0-830E-714899CCE724}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B4F80028-5714-4B7B-B9B1-5748B204799A}" refers to invalid object "C:\Program Files\America Online 9.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B50830C0-EF53-4212-ADCB-004FD3BE6352}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B7AAC060-2638-11d1-83A9-00C04FBD7C09}" refers to invalid object "%ProgramFiles%\Outlook Express\oeimport.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B977CB11-1FF5-11d2-9A7A-00C04FA309D4}" refers to invalid object "%ProgramFiles%\Outlook Express\oeimport.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB3B91F7-1070-4BFD-AA42-6C523B9162B9}" refers to invalid object "c:\program files\common files\motive\McciHTTPX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c4-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c5-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c6-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c7-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{bc8a96c8-3909-11d5-9001-00c04f4c3b9f}" refers to invalid object "C:\Program Files\America Online 9.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BCE9E2E7-1FDD-11d2-9A79-00C04FA309D4}" refers to invalid object "%ProgramFiles%\Outlook Express\oeimport.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE09F473-7FEB-11d2-9962-00C04FA309D4}" refers to invalid object "%ProgramFiles%\Outlook Express\msoe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BF0FF49A-8C0D-4ECE-B5C4-0BE00BED72DA}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{c0164c20-33c8-4f60-bfd1-557e08a93f58}" refers to invalid object "C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1B8CE59-7FE5-4316-8803-712EC96EA636}" refers to invalid object "C:\PROGRA~1\Napster\NMSUBS~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C55DCDBF-2690-4E6D-BDE2-9BE47B1B1BBE}" refers to invalid object "c:\program files\common files\motive\McciAppsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C79C91A1-DB06-11D2-9E0C-00105A26F05D}" refers to invalid object "C:\PROGRA~1\Quicken\QWAPP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C8B29238-05AD-421E-8B44-1C11C43FAE1C}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CAE80521-F685-11d1-AF32-00C04FA31B90}" refers to invalid object "%ProgramFiles%\Outlook Express\msoe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC20493B-D31E-428e-A4D0-E3852EE334B2}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CD34B69E-6117-4eaf-B5B4-F9FD659BF00D}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306}" refers to invalid object "c:\program files\common files\motive\BJAXSecurityManager.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D256B2D9-9C58-445A-8C38-C3AAA84EF137}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D465B936-C361-4417-9AC5-35167066F84B}" refers to invalid object "C:\Program Files\America Online 9.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D9F99C6B-A3A6-11D4-AF64-444553546170}" refers to invalid object "C:\Program Files\America Online 9.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DDC1A0AA-5C37-4C21-9C6A-15816B708029}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DEF05203-B9AE-491a-B5D6-8E41D9D02FC7}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E0CB08CE-AB3D-4779-9C77-62A439BFE6C3}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicEdit.dll". Action Taken: No Action Taken.

part 4 of 4:

Entry "HKCR\CLSID\{E0FEE963-BB53-4215-81AD-B28C77384644}" refers to invalid object "c:\program files\common files\motive\McciAppsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E10E75D9-8AF5-1F58-DEC1-F93E69DC0D48}" refers to invalid object "C:\WINDOWS\system32\atlwd32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E29CA232-286B-423c-A67B-B9E5A32ECF00}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3852604-B619-11d6-94EC-00047521F020}" refers to invalid object "C:\Program Files\America Online 9.0\media\nmpxchat\nmpxchat.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E38D40E5-DF1B-4293-B7DE-FEBBC1366317}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3F3046E-7E42-47B3-A498-7B09004897E3}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E70C92A9-4BFD-11d1-8A95-00C04FB951F3}" refers to invalid object "%ProgramFiles%\Outlook Express\msoe.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E7352BAC-43C4-44B0-92A7-CF57D71983DA}" refers to invalid object "c:\program files\common files\motive\McciAppsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E8A52BE3-690C-4EB2-A0F2-83112532AA4B}" refers to invalid object "C:\PROGRA~1\Quicken\QSHOWH~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{e8bb94cb-7c06-445d-8dbc-6e4ccac1f905}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E981D791-F499-4837-A483-5AB22F1C548F}" refers to invalid object "C:\Program Files\America Online 9.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E99C7442-4F99-4EA5-91CE-884B46C7ABB8}" refers to invalid object "c:\program files\common files\motive\McciAppsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EA277CDC-A2CE-4fb1-A757-284F7C7650D6}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EB511AE4-87FE-4EFB-91A3-428B2F2601F7}" refers to invalid object "C:\Program Files\America Online 9.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ec48db94-98df-4c2f-932f-bbc28af0a316}" refers to invalid object "C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EC5727B9-6B25-42E8-A58B-3BBD8B46FE8C}" refers to invalid object "c:\program files\common files\motive\McciAppsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ED8D28AF-E964-4d7b-A137-6E611546F948}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE4A6F66-F9A7-45b3-AC6D-A4A9905AE1E1}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EFD3EA56-234D-4240-90EA-CC9FA3AF5A01}" refers to invalid object "c:\PROGRA~1\COMMON~1\motive\ACTIVE~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F091791F-D50D-4ace-9D82-05C42DBB9897}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F2A58068-7A7B-4d0a-B5AB-C86492FEB1B2}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4B4E3B3-7019-418f-A983-2902DB0998E2}" refers to invalid object "c:\program files\common files\motive\McciSysX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F8FA8430-B094-462D-9376-32E521B0DA6F}" refers to invalid object "c:\program files\common files\motive\McciUtilsX.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FE13BDB7-4403-0563-A91B-7E8970E72CF7}" refers to invalid object "C:\WINDOWS\system32\iprn32.dll". Action Taken: No Action Taken.
Entry "HKCR\CoachDM.WebCoachDownload" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\CoachDM.WebCoachDownload.1" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.


----------------------------------------------------------------
On the Norton thing, I let it run a scan last night when I went to bed, and this morning when I started the comp from hibernation, it showed the auto-protect as enabled. When I restarted, it went back to the same problem. I've gone through all of Symantec's troubleshooting suggestion for the problem except reinstall since I don't have the disks handy and nothing seems to work. Somehow I need to replicate whatever the computer did between scan, hibernate, and wake up.

I take that back, Norton's still on crack after a restart...Does this mean it is broken?? Usually the term "crack" around here means software that has been illegally broken into and posted for software pirates... or misused in other ways...

I am afraid I don't know what to do with Norton.... I would probably uninstall it and use something like AVG or Avast until I had time to pick up the Norton disks...

Your MWavScan looks fine... Those are apparently leftover fragments in the Registry that it is picking up on, but that are harmless... You can probably clean most of them out with a Registry cleaner... Other than the Norton problem, how is your system running?? Does it seem to be clean??

Other than the Norton problem, everything else is running very well. Haven't seen a pop up all day, haven't had any internet troubles, nor any registry changes. Just gotta find the Norton disks, or hope Toshiba can ship my replacement disks soon.

Like I said, if you can't get Norton working, it may be worthwhile to download the free version of AVG or Avast and run it until you can fix Norton... You can actually just turn Norton off until then if you would like...

Here is my prevention speech to help stay clean:

This is a good time to set up protection against further
attacks. Read the article linked below about "How did I
get infected". You need an antivirus that is updated, a
good firewall (a router firewall is not enough) and a
spyware blocker like SpywareBlaster and also IE-Spyads.
All of these have good free versions available... be very
cautious about any security software that advertises in
popups or other intrusive ways, they are not only usually
useless, but also often have malware in them....

http://www.computercops.biz/postlite7736-.html

Btw Budfred, I meant to say thanks a ton for your help - I don't think I would have had much of a chance at fixing it without it.

I'm planning on putting up as much preventative stuff as I can. Unfortunately, since it's "his" computer until I go to grad school, he gets picky about anything he's unfamiliar with that's running on it. Wouldn't even let me install firefox as his browser since he didn't want to "have to learn a new browser". But maybe if I can get some non-intrusive protective stuff running it would work.

I have got avast running for now, and I found his recovery disks, so I can get Norton back up. Also have avast running on my comp for now. Though I may try AGI instead, since it's slowing the heck out of my computer. I need to upgrade my OS though, that may help.

You got the cure but can anyone tell me what the cause was? what varient?

Welcome to http://www.pcguide.com/ubb/pcgubb.gif

If you want to learn about variants and how to deal with them, I suggest that you join one of the schools for this purpose... SpyWareInfo has Boot Camp, Tom Coyote has the Classroom and several other forums have other schools.... All the ones I know of are free and will teach you whatever you want to know about fixing and identifying malware...