I think I messed up my laptop. I was trying to d/l something a few weeks ago and my laptop has been flipping out ever since. I get a ton of just random internet pop ups, even when I am not using the internet.

My brother told me to run "hijack this" and post the log on here. Hopefully someone can help me. What do I need to do? Here is the log: it is so long that I will need 2 posts!

Logfile of HijackThis v1.99.1
Scan saved at 10:03:08 PM, on 6/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\U2NvdHQg\command.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\vezhtpq.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcupdui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\SYSC00.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\slk8x2peu.exe
C:\windows\system32\qldsregp.exe
C:\WINDOWS\system32\lwinmrez.exe
C:\WINDOWS\win32079300-126263.exe
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\system32\B2B2B3B7BEB9BD.exe
C:\WINDOWS\system32\mpcsvc.exe
C:\defender25.exe
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\vezhtpqA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ssec.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\ErrorProtector Free\uert.exe
C:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\tfthot.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\winstall.exe
C:\DOCUME~1\Scott\LOCALS~1\Temp\F5.tmp2560.exe
C:\DOCUME~1\Scott\LOCALS~1\Temp\F5.tmp2560.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\Program Files\Windows\wWinUpdate.exe
C:\DOCUME~1\Scott\APPLIC~1\YSTEM3~1\services.exe
C:\PROGRA~1\COMMON~1\miiu\miium.exe
C:\Program Files\PECarlin\PECarlin.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\cfg32a.exe
C:\Program Files\Common Files\svchostsys\svchostrun.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Documents and Settings\Scott\Desktop\New Folder\HijackThis.exe
C:\DOCUME~1\Scott\LOCALS~1\Temp\webhclick.exe
C:\Program Files\Common Files\simtest\sysstall.exe
C:\Program Files\whInstall\whInstaller.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ounjd.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,yqunncv. exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O2 - BHO: Yvakt Class - {DAAC59E5-093D-4D24-A105-55BFE4ACDE14} - C:\WINDOWS\system32\w9seq.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [{DA-A7-73-3C-ZN}] C:\windows\system32\qldsregp.exe CORN001
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\lwinmrez.exe CORN001
O4 - HKLM\..\Run: [win32079300-126263] C:\WINDOWS\win32079300-126263.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [win320900-12626393] C:\WINDOWS\win320900-12626393.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [5D5D5E6269646865] B2B2B3B7BEB9BD.exe
O4 - HKLM\..\Run: [SiS Mpc Service] C:\WINDOWS\system32\mpcsvc.exe
O4 - HKLM\..\Run: [defender] C:\\defender25.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [vezhtpqA] C:\WINDOWS\vezhtpqA.exe
O4 - HKLM\..\Run: [w003c303.dll] RUNDLL32.EXE w003c303.dll,I2 0013f2cf0003c303
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [ErrorProtector Free] C:\Program Files\ErrorProtector Free\uert.exe -scan
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [MCAFInstaller_agentins.ui] C:\WINDOWS\TEMP\mcu3C.tmp\MCAPPINS.exe /v=3 /start=agentins.ui::default.htm
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Scott\LOCALS~1\Temp\101.tmp
O4 - HKCU\..\Run: [WinMedia] "C:\DOCUME~1\Scott\LOCALS~1\Temp\F5.tmp2560.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Eprc] "C:\DOCUME~1\Scott\APPLIC~1\YSTEM3~1\services.exe" -vt yazr
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [Bnnjyt] C:\Documents and Settings\Scott\My Documents\??stem\t?skmgr.exe
O4 - HKCU\..\Run: [miiu] C:\PROGRA~1\COMMON~1\miiu\miium.exe
O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe"
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\lwinmrez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab[/url]
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O20 - AppInit_DLLs: repairs303169563.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\en4ul1h91.dll
O20 - Winlogon Notify: Mixer - C:\WINDOWS\SYSTEM32\sndmixex.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\system32\ennoeamm.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2NvdHQg\command.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vezhtpq.exe

Umm...there are jsut a few things on there.

Grab Spybot S&D (http://www.safer-networking.org/)

Install it, update it, run it and then post a fresh log.

You will probably need to do much more than that. Hopefully this will cut down on some of the crap before we get into the persistant, heavy duty stuff.

Umm...there are jsut a few things on there.

Grab Spybot S&D (http://www.safer-networking.org/)

Install it, update it, run it and then post a fresh log.

You will probably need to do much more than that. Hopefully this will cut down on some of the crap before we get into the persistant, heavy duty stuff.

I did install spybot when this first started. I don't remember if it did much. When I get home tonight, I'll get any updates and run it again and get a fresh log up.

Here are a couple of other cleanup tools to run:

Please download, install, and update the NEW free version of Ewido trojan scanner (http://www.ewido.net/en/download/):

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

From the main ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful")

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

Check "Perform action with all infections".

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.


And...

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Hey bro...do everything Budfred says and you should be cleaned up in no time...and listen to his speech and for god sakes put some protection on!

Been having some issues. Trying to run Ewido. It gets to the cleaning and seems to freeze up on the same file everytime. The file is C:\Program Files\SurfSideKick 3\Ssk.exe. I go to try to delete the folder for SurfSideKick 3 and my comp won't let me delete it.

Try to run Ewido in Safe mode and see if that improves it.

Ssk.exe is one of the problems...it is a spyware program.

If Safe Mode doesn't work, then binrg up the Task Manager, clik on the Process tab and kill the process...you then should be able to rename or delete the file.

Ssk.exe is one of the problems...it is a spyware program.

If Safe Mode doesn't work, then binrg up the Task Manager, clik on the Process tab and kill the process...you then should be able to rename or delete the file.


Safe mode isn't working. I don't see a process for ssk.exe. When I try to delete ssk.exe it says that, "it is in use by another person or program." however there are no other programs running.

Try this and then try Safe Mode again....

Download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the file on your Desktop, and choose Extract All.
Click Next.
In the box to choose where to extract the files to:
Click Browse.
Click on the + sign next to My Computer
Click on Local Disk (C: ) or whatever your primary drive is.
Click Make New Folder
Type in BFU
Click Next, and uncheck the Show Extracted Files box and then click Finish.
Download sidekickFix.bat (http://downloads.subratam.org/Lon/sidekickFix.bat) (rightclick on that link and choose save as)
Place sidekickFix.bat in your C:\BFU - folder. (Important!)
Close all browsers and explorer folders.
Double-click on sidekickFix.bat
Click Yes and follow the prompts, when prompted to restart the PC please do so.

ounjd.exe;C:\WINDOWS\system32;Trojan.Qoologic;Will be cured after reboot.;
vezhtpq.exe;C:\WINDOWS;Trojan.Popuper;Will be cured after reboot.;
paytime.exe;C:\WINDOWS\system32;Trojan.StartPage.1 224;Will be cured after reboot.;
xlwfdv.exe;C:\WINDOWS\system32;Trojan.Qoologic;Wil l be cured after reboot.;
mpcsvc.exe;C:\WINDOWS\system32;Trojan.Spambot;Will be cured after reboot.;
ssn6tuu.exe\data001;C:\WINDOWS\system32\ssn6tuu.ex e;Adware.Yavak;;
ssn6tuu.exe\data002;C:\WINDOWS\system32\ssn6tuu.ex e;Adware.Yavak;;
ssn6tuu.exe;C:\WINDOWS\system32;Archive contains infected objects;Will be moved after reboot.;
vezhtpqA.exe;C:\WINDOWS;Trojan.Popuper;Will be cured after reboot.;
cfg32.exe\data001;C:\WINDOWS\cfg32.exe;Adware.Book edSpace;;
cfg32.exe\data003;C:\WINDOWS\cfg32.exe;Adware.Book edSpace;;
data004\data001;C:\WINDOWS\cfg32.exe\data004;Adwar e.BookedSpace;;
data004\data003;C:\WINDOWS\cfg32.exe\data004;Adwar e.BookedSpace;;
data004\data001;C:\WINDOWS\cfg32.exe\data004\data0 04;Adware.BookedSpace;;
data004\data003;C:\WINDOWS\cfg32.exe\data004\data0 04;Adware.BookedSpace;;
data004\data004;C:\WINDOWS\cfg32.exe\data004\data0 04;Adware.BookedSpace;;
data004;C:\WINDOWS\cfg32.exe\data004;Archive contains infected objects;;
data004\data005;C:\WINDOWS\cfg32.exe\data004;Adwar e.BookedSpace;;
data004;C:\WINDOWS\cfg32.exe;Archive contains infected objects;;
cfg32.exe\data005;C:\WINDOWS\cfg32.exe;Adware.Book edSpace;;
cfg32.exe;C:\WINDOWS;Archive contains infected objects;Will be moved after reboot.;
cfg32a.exe;C:\WINDOWS;Adware.BookedSpace;Incurable .Will be moved after reboot.;
qldsregp.exe;C:\WINDOWS\system32;Adware.ZenoSearch ;Incurable.Will be moved after reboot.;
lwinmrez.exe;C:\WINDOWS\system32;Adware.ZenoSearch ;Incurable.Will be moved after reboot.;
Ssk.exe;C:\Program Files\SurfSideKick 3;Adware.Surfside;Incurable.Will be moved after reboot.;
qldsregp.exe;c:\windows\system32;Adware.ZenoSearch ;Incurable.Will be moved after reboot.;
VCClient.exe;C:\Program Files\Common Files\VCClient;Trojan.DownLoader.6172;Incurable.Wi ll be moved after reboot.;
services.exe;C:\DOCUME~1\Scott\APPLIC~1\YSTEM3~1;A dware.ClickSpring;Incurable.Will be moved after reboot.;
dwdsregt.exe;C:\WINDOWS\system32;Adware.ZenoSearch ;Incurable.Moved.;
qsigj.exe;C:\Documents and Settings\All Users\Start Menu\Programs\Startup;Trojan.Qoologic;Will be cured after reboot.;
FT20ENU.DLL;C:\WINDOWS\system32;Adware.Look2me;Inc urable.Moved.;
nptapi.dll;C:\WINDOWS\system32;Adware.Look2me;Incu rable.Moved.;
guard.tmp;C:\WINDOWS\system32;Adware.Look2me;Incur able.Will be moved after reboot.;
nsevtmsg.dll;C:\WINDOWS\system32;Adware.Look2me;In curable.Moved.;
wtdsp.dll;C:\WINDOWS\system32;Adware.Look2me;Incur able.Moved.;
x3cqp0.dll;C:\WINDOWS\system32;Adware.Yavak;Incura ble.Will be moved after reboot.;
sndmixex.dll;C:\WINDOWS\system32;Trojan.DownLoader .5551;Will be cured after reboot.;
command.exe;C:\WINDOWS\U2NvdHQg;Trojan.Proxy.493;W ill be cured after reboot.;
mc-110-12-0000228.exe;C:\;Trojan.DownLoader.10320;Incurable. Moved.;
Mendoza1.exe;C:\;Adware.MediaTicket;Incurable.Move d.;
SS1001.exe;C:\;Adware.Surfside;Incurable.Moved.;
stub_113_4_0_4_0.exe;C:\;Adware.TargetServer;Incur able.Moved.;
Veracruz.exe;C:\;Trojan.MulDrop.3181;Incurable.Mov ed.;
visfx500.exe\data001;C:\visfx500.exe;Trojan.Popupe r;;
visfx500.exe\data002;C:\visfx500.exe;Trojan.Popupe r;;
visfx500.exe\data004;C:\visfx500.exe;Trojan.Dyfuca ;;
visfx500.exe;C:\;Archive contains infected objects;Moved.;
warebundle.exe;C:\;Adware.Look2me;Incurable.Moved. ;
wd7gi8n.exe;C:\;Trojan.DownLoader.3945;Deleted.;
webnexmk.exe;C:\;Trojan.MulDrop.2785;Deleted.;
ZICORN001.exe;C:\;Adware.ZenoSearch;Incurable.Move d.;
ZIGID003.exe;C:\;Adware.ZenoSearch;Incurable.Moved .;
cfg32.exe\data001;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32.exe;Adwa re.BookedSpace;;
cfg32.exe\data003;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32.exe;Adwa re.BookedSpace;;
data004\data001;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32.exe\data 004;Adware.BookedSpace;;
data004\data003;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32.exe\data 004;Adware.BookedSpace;;
data004\data001;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32.exe\data 004\data004;Adware.BookedSpace;;
data004\data003;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32.exe\data 004\data004;Adware.BookedSpace;;
data004\data004;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32.exe\data 004\data004;Adware.BookedSpace;;
data004;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32.exe\data 004;Archive contains infected objects;;
data004\data005;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32.exe\data 004;Adware.BookedSpace;;
data004;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32.exe;Arch ive contains infected objects;;

cfg32.exe\data005;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32.exe;Adwa re.BookedSpace;;
cfg32.exe;C:\Documents and Settings\Scott\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
mc-110-12-0000228.exe;C:\Documents and Settings\Scott\DoctorWeb\Quarantine;Trojan.DownLoa der.10320;Incurable.Moved.;
ssn6tuu.exe\data001;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\ssn6tuu.exe;Ad ware.Yavak;;
ssn6tuu.exe\data002;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\ssn6tuu.exe;Ad ware.Yavak;;
ssn6tuu.exe;C:\Documents and Settings\Scott\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
VCClient.exe;C:\Documents and Settings\Scott\DoctorWeb\Quarantine;Trojan.DownLoa der.6172;Incurable.Moved.;
Veracruz.exe;C:\Documents and Settings\Scott\DoctorWeb\Quarantine;Trojan.MulDrop .3181;Incurable.Moved.;
visfx500.exe\data001;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\visfx500.exe;T rojan.Popuper;;
visfx500.exe\data002;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\visfx500.exe;T rojan.Popuper;;
visfx500.exe\data004;C:\Documents and Settings\Scott\DoctorWeb\Quarantine\visfx500.exe;T rojan.Dyfuca;;
visfx500.exe;C:\Documents and Settings\Scott\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
!update.exe;C:\Documents and Settings\Scott\Local Settings\Temp;Adware.ClickSpring;Incurable.Moved.;
BundleInstaller.exe;C:\Documents and Settings\Scott\Local Settings\Temp;Probably DLOADER.Trojan;Incurable.Moved.;
CampusIMFeb.exe;C:\Documents and Settings\Scott\Local Settings\Temp;Trojan.Ulone;Deleted.;
cmdinst.exe;C:\Documents and Settings\Scott\Local Settings\Temp;Trojan.Proxy.493;Incurable.Moved.;
mc-110-12-0000122.exe;C:\Documents and Settings\Scott\Local Settings\Temp;Trojan.DownLoader.6895;Incurable.Mov ed.;
!update-3920[1].0000;C:\Documents and Settings\Scott\Local Settings\Temp\Temporary Internet Files\Content.IE5\KBAVI9C9;Adware.ClickSpring;Incu rable.Moved.;
mc-110-12-0000228[1].exe;C:\Documents and Settings\Scott\Local Settings\Temp\Temporary Internet Files\Content.IE5\KBAVI9C9;Trojan.DownLoader.10320 ;Incurable.Moved.;
Mendoza1[1].exe;C:\Documents and Settings\Scott\Local Settings\Temp\Temporary Internet Files\Content.IE5\SXIZ81I3;Adware.MediaTicket;Incu rable.Moved.;
maxidr[1].avi;C:\Documents and Settings\Scott\Local Settings\Temp\Temporary Internet Files\Content.IE5\WHMH21W3;Trojan.DownLoader.9894; Incurable.Moved.;
installer[2].exe;C:\Documents and Settings\Scott\Local Settings\Temp\Temporary Internet Files\Content.IE5\YLC3UF6D;Trojan.Proxy.493;Incura ble.Moved.;
BMG3[1].htm;C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\0R41OHAH;Trojan.Ulone;Deleted.;
mc-110-12-0000122[1].exe;C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\2R0RM729;Trojan.DownLoader.6895; Incurable.Moved.;
installer[1].exe;C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\6TQPQDQN;Trojan.Proxy.493;Incura ble.Moved.;
Veracruz[1].exe;C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\6TQPQDQN;Trojan.MulDrop.3181;Inc urable.Moved.;
CampusIMFeb[1].exe;C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\S9QPST0P;Trojan.Ulone;Deleted.;
VCClient.exe;C:\Program Files\Common Files\VCClient;Trojan.DownLoader.6172;Incurable.Wi ll be moved after reboot.;
kyzeqe.html\Javascript.0;C:\Program Files\Internet Explorer\kyzeqe.html;Trojan.Click.1237;;
kyzeqe.html;C:\Program Files\Internet Explorer;Archive contains infected objects;Moved.;
howynyka.html\Javascript.0;C:\Program Files\Online Services\howynyka.html;Trojan.Click.1237;;
howynyka.html;C:\Program Files\Online Services;Archive contains infected objects;Moved.;
Ssk.exe;C:\Program Files\SurfSideKick 3;Adware.Surfside;Incurable.Will be moved after reboot.;
SskCore.dll;C:\Program Files\SurfSideKick 3;Adware.Surfside;Incurable.Will be moved after reboot.;
wSsk.exe;C:\Program Files\SurfSideKick 3;Trojan.DownLoader.9894;Deleted.;
webhdll.dll;C:\Program Files\webHancer\Programs;Adware.WebHancer;Incurabl e.Moved.;
whiehlpr.dll;C:\Program Files\webHancer\Programs;Adware.WebHancer;Incurabl e.Moved.;
horedota.dll;C:\Program Files\Windows NT;Adware.Dh;Incurable.Moved.;
Sudoku.exe;C:\Program Files\Yazzle Sudoku;Adware.ClickSpring;Incurable.Moved.;
A0000870.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP17;Adware.Spysheriff;Incurable.Mov ed.;
A0000877.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP17;Trojan.Click.1211;Deleted.;
A0000886.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP17;Trojan.Qoologic;Deleted.;
A0000896.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP17;Trojan.Qoologic;Deleted.;
A0000975.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP17;Trojan.DownLoader.7490;Deleted. ;
A0000978.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP17;Trojan.DownLoader.7457;Deleted. ;
A0000982.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP17;Trojan.DownLoader.9440;Deleted. ;
A0000983.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP17;Trojan.Qoologic;Deleted.;
A0000984.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP17;Trojan.Popuper;Deleted.;
A0000985.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP17;Trojan.Popuper;Deleted.;
A0000988.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP17;Trojan.DownLoader.9440;Deleted. ;
A0000989.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP17;Trojan.Popuper;Deleted.;
A0000991.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP17;Trojan.DownLoader.9440;Deleted. ;
A0000997.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.Nexus;Incurable.Moved.;
A0000998.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.Look2me;Incurable.Moved. ;
A0001003.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.Qoologic;Deleted.;
A0001008.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.9894;Deleted. ;
A0001015.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.Qoologic;Deleted.;
A0001020.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.9894;Deleted. ;
A0001023.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.ClickSpring;Incurable.Mo ved.;
A0001026.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.Qoologic;Deleted.;
A0001034.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.10155;Incurab le.Moved.;
A0001039.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.Nexus;Incurable.Moved.;
A0001050.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.9894;Deleted. ;
A0001056.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.ClickSpring;Incurable.Mo ved.;
A0001071.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.Qoologic;Deleted.;
A0001073.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.WebHancer;Incurable.Move d.;
A0001074.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.WebHancer;Incurable.Move d.;
A0001075.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.WebHancer;Incurable.Move d.;
A0001076.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.WebHancer;Incurable.Move d.;
A0001100.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.Surfside;Incurable.Moved .;
A0001101.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.Surfside;Incurable.Moved .;
A0001104.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.WebHancer;Incurable.Move d.;
A0001105.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.WebHancer;Incurable.Move d.;
A0001110.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.Nexus;Incurable.Moved.;
A0001112.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.Look2me;Incurable.Moved. ;
A0001120.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.Qoologic;Deleted.;
A0001121.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.AddUrl;Incurable.Moved.;
A0001126.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.9894;Deleted. ;
A0001127.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.Qoologic;Deleted.;
A0001131.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.Enbrow;Incurable.Moved.;
A0001133.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.TargetServer;Incurable.M oved.;

A0001134.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.FContext;Incurable.Moved .;
A0001135.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.ZenoSearch;Incurable.Mov ed.;
A0001136.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.TargetServer;Incurable.M oved.;
A0001137.exe\data001;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18\A0001137.exe;Trojan.Popuper;;
A0001137.exe\data002;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18\A0001137.exe;Trojan.Popuper;;
A0001137.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Archive contains infected objects;Moved.;
A0001138.exe\data001;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18\A0001138.exe;Trojan.Popuper;;
A0001138.exe\data002;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18\A0001138.exe;Trojan.Popuper;;
A0001138.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Archive contains infected objects;Moved.;
A0001139.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.8290;Deleted. ;
A0001140.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.MulDrop.2785;Deleted.;
A0001141.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.DollarRevenue;Incurable. Moved.;
A0001142.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.DollarRevenue;Incurable. Moved.;
A0001143.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.DollarRevenue;Incurable. Moved.;
A0001144.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.DollarRevenue;Incurable. Moved.;
A0001145.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.10308;Deleted .;
A0001146.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.10436;Deleted .;
A0001147.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.5013;Deleted. ;
A0001148.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.10206;Deleted .;
A0001149.EXE;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.NewDotNet;Incurable.Move d.;
A0001150.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.MulDrop.2785;Deleted.;
A0001151.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.PWS.Snap;Deleted.;
A0001152.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.PWS.Snap;Deleted.;
A0001153.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.PWS.Snap;Deleted.;
A0001154.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.5289;Deleted. ;
A0001155.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.TargetServer;Incurable.M oved.;
A0001156.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.TargetServer;Incurable.M oved.;
A0001158.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.10155;Incurab le.Moved.;
A0001159.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.Surfside;Incurable.Moved .;
A0001160.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.1389;Deleted. ;
A0001161.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.Casclient;Incurable.Move d.;
A0001162.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.6298;Deleted. ;
A0001164.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.Dyfuca;Deleted.;
A0001166.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.1389;Deleted. ;
A0001167.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.MediaTicket;Incurable.Mo ved.;
A0001168.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.10155;Incurab le.Moved.;
A0001169.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Adware.WildMedia;Incurable.Move d.;
A0001170.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP18;Trojan.DownLoader.9894;Deleted. ;
A0001176.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Trojan.Proxy.493;Deleted.;
A0001177.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Trojan.PWS.Snap;Deleted.;
A0001178.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Adware.Yavak;Incurable.Moved.;
A0001179.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Adware.ZenoSearch;Incurable.Mov ed.;
A0001180.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Adware.Enbrow;Incurable.Moved.;
A0001182.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Adware.DollarRevenue;Incurable. Moved.;
A0001183.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Adware.Relevant;Incurable.Moved .;
A0001184.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Trojan.Fakealert;Deleted.;
A0001185.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Trojan.PWS.Snap;Deleted.;
A0001186.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Trojan.DnsChange;Deleted.;
A0001204.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Adware.Look2me;Incurable.Moved. ;
A0001205.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Adware.Look2me;Incurable.Moved. ;
A0001734.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Adware.Look2me;Incurable.Moved. ;
A0001738.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Trojan.Qoologic;Deleted.;
A0001750.dll;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Adware.ClickSpring;Incurable.Mo ved.;
A0001755.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Trojan.DownLoader.10320;Incurab le.Moved.;
A0001756.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Trojan.MulDrop.3181;Incurable.M oved.;
A0001757.exe\data001;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20\A0001757.exe;Trojan.Popuper;;
A0001757.exe\data002;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20\A0001757.exe;Trojan.Popuper;;
A0001757.exe\data004;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20\A0001757.exe;Trojan.Dyfuca;;
A0001757.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Archive contains infected objects;Moved.;
A0001758.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Trojan.DownLoader.3945;Deleted. ;
A0001759.exe;C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP20;Trojan.MulDrop.2785;Deleted.;
bxxs5.dll;C:\WINDOWS;Adware.BookedSpace;Incurable. Moved.;
cfg32.exe\data001;C:\WINDOWS\cfg32.exe;Adware.Book edSpace;;
cfg32.exe\data003;C:\WINDOWS\cfg32.exe;Adware.Book edSpace;;
data004\data001;C:\WINDOWS\cfg32.exe\data004;Adwar e.BookedSpace;;
data004\data003;C:\WINDOWS\cfg32.exe\data004;Adwar e.BookedSpace;;
data004\data001;C:\WINDOWS\cfg32.exe\data004\data0 04;Adware.BookedSpace;;
data004\data003;C:\WINDOWS\cfg32.exe\data004\data0 04;Adware.BookedSpace;;
data004\data004;C:\WINDOWS\cfg32.exe\data004\data0 04;Adware.BookedSpace;;
data004;C:\WINDOWS\cfg32.exe\data004;Archive contains infected objects;;
data004\data005;C:\WINDOWS\cfg32.exe\data004;Adwar e.BookedSpace;;
data004;C:\WINDOWS\cfg32.exe;Archive contains infected objects;;
cfg32.exe\data005;C:\WINDOWS\cfg32.exe;Adware.Book edSpace;;
cfg32.exe;C:\WINDOWS;Archive contains infected objects;Will be moved after reboot.;
cfg32a.exe;C:\WINDOWS;Adware.BookedSpace;Incurable .Will be moved after reboot.;
cfg32o.dll;C:\WINDOWS;Adware.BookedSpace;Incurable .Will be moved after reboot.;
cfg32r.dll;C:\WINDOWS;Adware.BookedSpace;Incurable .Will be moved after reboot.;
cfg32s.dll;C:\WINDOWS;Adware.BookedSpace;Incurable .Will be moved after reboot.;
CheckS02.exe;C:\WINDOWS;Trojan.DownLoader.8450;Del eted.;
DH.dll;C:\WINDOWS;Adware.Dh;Incurable.Moved.;
Installer.exe;C:\WINDOWS;Adware.Look2me;Incurable. Moved.;
keyboard5.exe;C:\WINDOWS;Trojan.DownLoader.7458;De leted.;
kl1.exe;C:\WINDOWS;Trojan.MulDrop.3384;Deleted.;
mousepad5.exe;C:\WINDOWS;Trojan.Click.964;Deleted. ;
ms1.exe;C:\WINDOWS;Trojan.DownLoader.7495;Deleted. ;
MTE3NDI6ODoxNg.exe;C:\WINDOWS;Trojan.DownLoader.50 13;Deleted.;
NDNuninstall6_38.exe;C:\WINDOWS;Adware.NewDotNet;I ncurable.Moved.;

nem220.dll;C:\WINDOWS;Trojan.Dyfuca;Deleted.;
newname5.exe;C:\WINDOWS;Trojan.Click.965;Deleted.;
offun.exe;C:\WINDOWS;Trojan.Popuper;Deleted.;
pf79.exe;C:\WINDOWS;Trojan.Dyfuca;Deleted.;
tool2.exe;C:\WINDOWS;Trojan.Fakealert;Deleted.;
tool3.exe;C:\WINDOWS;Trojan.Proxy.684;Deleted.;
toolbar.exe;C:\WINDOWS;Adware.DollarRevenue;Incura ble.Moved.;
unin101.exe;C:\WINDOWS;Trojan.Click.1166;Deleted.;
unwn.exe;C:\WINDOWS;Trojan.Qoologic;Deleted.;
vezhtpq.exe;C:\WINDOWS;Trojan.Popuper;Will be cured after reboot.;
vezhtpqA.exe;C:\WINDOWS;Trojan.Popuper;Will be cured after reboot.;
vilceguh.exe;C:\WINDOWS;Adware.BookedSpace;Incurab le.Moved.;
wsem303.dll;C:\WINDOWS;Trojan.Dyfuca;Deleted.;
Ypgofcue.dll;C:\WINDOWS;Adware.Bkspace;Incurable.M oved.;
barseek.dll;C:\WINDOWS\system32;Trojan.Proxy.684;W ill be cured after reboot.;
cv3wanv28.exe;C:\WINDOWS\system32;Adware.Yavak;Inc urable.Moved.;
dhocx.dll;C:\WINDOWS\system32;Adware.Look2me;Incur able.Moved.;
djlio.dat;C:\WINDOWS\system32;Trojan.Qoologic;Dele ted.;
dmonwv.dll;C:\WINDOWS\system32;Trojan.DownLoader.8 933;Will be cured after reboot.;
dmyvkice.dll;C:\WINDOWS\system32;Adware.ClickSprin g;Incurable.Moved.;
dtprop.dll;C:\WINDOWS\system32;Adware.Look2me;Incu rable.Moved.;
dwdsregt.exe;C:\WINDOWS\system32;Adware.ZenoSearch ;;
ebdakqil.exe;C:\WINDOWS\system32;Trojan.MulDrop.32 48;Deleted.;
FT20ENU.DLL;C:\WINDOWS\system32;Adware.Look2me;;
gbe90qs.exe;C:\WINDOWS\system32;Adware.Yavak;Incur able.Moved.;
guard.tmp;C:\WINDOWS\system32;Adware.Look2me;Incur able.Will be moved after reboot.;
javaw.dll;C:\WINDOWS\system32;Adware.ClickSpring;I ncurable.Moved.;
kdemomll.exe;C:\WINDOWS\system32;Trojan.MulDrop.32 48;Deleted.;
lwinmrag.exe;C:\WINDOWS\system32;Adware.ZenoSearch ;Incurable.Moved.;
lwinmrez.exe;C:\WINDOWS\system32;Adware.ZenoSearch ;Incurable.Will be moved after reboot.;
mpcsvc.exe;C:\WINDOWS\system32;Trojan.Spambot;Will be cured after reboot.;
mvp0l97m1.dll;C:\WINDOWS\system32;Adware.Look2me;I ncurable.Moved.;
nptapi.dll;C:\WINDOWS\system32;Adware.Look2me;;
nsevtmsg.dll;C:\WINDOWS\system32;Adware.Look2me;;
paytime.exe;C:\WINDOWS\system32;Trojan.StartPage.1 224;Will be cured after reboot.;
pjbhgmea.dll;C:\WINDOWS\system32;Adware.WildMedia; Incurable.Moved.;
qldsregp.exe;C:\WINDOWS\system32;Adware.ZenoSearch ;Incurable.Will be moved after reboot.;
rk.bin;C:\WINDOWS\system32;Adware.Relevant;Incurab le.Moved.;
Runner.dll;C:\WINDOWS\system32;Adware.FCAdvice;Inc urable.Moved.;
sndmixex.dll;C:\WINDOWS\system32;Trojan.DownLoader .5551;Will be cured after reboot.;
ssn6tuu.exe\data001;C:\WINDOWS\system32\ssn6tuu.ex e;Adware.Yavak;;
ssn6tuu.exe\data002;C:\WINDOWS\system32\ssn6tuu.ex e;Adware.Yavak;;
ssn6tuu.exe;C:\WINDOWS\system32;Archive contains infected objects;Will be moved after reboot.;
w003c303.dll;C:\WINDOWS\system32;Adware.Lc;Incurab le.Will be moved after reboot.;
w004fb54.dll;C:\WINDOWS\system32;Adware.Lc;Incurab le.Moved.;
w9seq.dll;C:\WINDOWS\system32;Adware.Yavak;Incurab le.Will be moved after reboot.;
wtdsp.dll;C:\WINDOWS\system32;Adware.Look2me;;
x3cqp0.dll;C:\WINDOWS\system32;Adware.Yavak;Incura ble.Will be moved after reboot.;
ZICORN003.exe;C:\WINDOWS\system32;Adware.ZenoSearc h;Incurable.Moved.;
{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll;C:\WINDOWS\system32;Adware.Pasco w;Incurable.Moved.;
bw2.com;C:\WINDOWS\Temp;Adware.AddUrl;Incurable.Mo ved.;

-------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:18:46 AM, 6/16/2006
+ Report-Checksum: 43D0041

+ Scan result:

HKLM\SOFTWARE\Bookedspace -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Bookedspace\adware -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : Cleaned with backup
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CLSID -> Adware.PowerStrip : Cleaned with backup
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CurVer -> Adware.PowerStrip : Cleaned with backup
HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : Cleaned with backup
[2044] C:\WINDOWS\system32\msutilse.dll -> Adware.Look2Me : Cleaned with backup
[2856] C:\Program Files\Metamail Inc\Metamail.exe -> Adware.Agent : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0000870.exe -> Adware.Spysheriff : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0000997.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0000998.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001023.dll -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001034.exe -> Downloader.Small : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001039.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001056.dll -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001073.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001074.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001075.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001076.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001100.dll -> Adware.Surfside : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001101.exe -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001104.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001105.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001110.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001112.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001121.exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001131.exe -> Trojan.VB.tg : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001133.exe -> Downloader.TSUpdate.n : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001134.exe -> Adware.CASClient : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001135.exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001136.exe -> Downloader.TSUpdate.p : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001137.exe -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001138.exe -> Dropper.Mudrop.bq : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001141.exe -> Downloader.Adload.bv : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001142.exe -> Downloader.Adload.bo : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001143.exe -> Downloader.Adload.af : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001144.exe -> Downloader.Adload.bo : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001149.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001155.dll -> Adware.TargetServer : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001156.exe -> Downloader.TSUpdate.f : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001158.exe -> Downloader.Small : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001159.exe -> Dropper.Small.qn : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001161.dll -> Adware.CASClient : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001167.exe -> Dropper.VB.mz : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001168.exe -> Downloader.Small : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001169.exe -> Adware.CASClient : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001178.exe -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001179.exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001180.exe -> Adware.Enbrow : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001182.exe -> Downloader.Adload.bx : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001183.exe -> Adware.RK : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001204.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001205.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001734.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001750.dll -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\A0001757.exe -> Dropper.Agent.aie : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\bw2.com -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\bxxs5.dll -> Adware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32a.exe -> Adware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32a_0.exe -> Adware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32o.dll -> Adware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32r.dll -> Adware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cfg32s.dll -> Adware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\cv3wanv28.exe -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\DH.dll -> Hijacker.Small.jf : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\dhocx.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\dmyvkice.dll -> Adware.PurityScan : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\dtprop.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\FT20ENU.DLL -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\gbe90qs.exe -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\guard.tmp -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\guard__0.tmp -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\horedota.dll -> Downloader.Small.ctp : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\Installer.exe -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\javaw.dll -> Adware.PurityScan : Cleaned with backup

C:\Documents and Settings\Scott\DoctorWeb\Quarantine\lwinmrag.exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\lwinmre0.exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\lwinmrez.exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\mvp0l97m1.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\NDNuninstall6_ 38.exe -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\nptapi.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\nsevtmsg.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\pjbhgmea.dll -> Adware.Agent : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\qldsreg0.exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\qldsreg1.exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\qldsregp.exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\rk.bin -> Adware.RK : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\Runner.dll -> Adware.CASClient : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\Ssk.exe -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\SskCore.dll -> Adware.Surfside : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\Ssk____0.exe -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\ssn6tuu.exe -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\ssn6tuu0.exe -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\stub_113_4_0_4 _0.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\Sudoku.exe -> Dropper.VB.kk : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\toolbar.exe -> Downloader.Adload.w : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\vilceguh.exe -> Adware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\visfx501.exe -> Dropper.Agent.aie : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\w003c303.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\w004fb54.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\w9seq.dll -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\warebundle.exe -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\webhdll.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\whiehlpr.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\wtdsp.dll -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\Ypgofcue.dll -> Adware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\ZICORN003.exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\ZIGID003.exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Scott\DoctorWeb\Quarantine\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll -> Trojan.VB.aft : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@vegasred[2].txt -> TrackingCookie.Vegasred : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@www.vegasred[2].txt -> TrackingCookie.Vegasred : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Temporary Internet Files\Content.IE5\WHMH21W3\!update-3895[1].0000 -> Downloader.PurityScan.co : Cleaned with backup
C:\Program Files\Metamail Inc\Metamail.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup
C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\bsx32 -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI2.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI5AFF.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASISSRE.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\bspace.html -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\EECH1.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\MYGEEK.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SPZ4.bsx -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\system32\esvfteh.dll -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\system32\faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\system32\gbe90qs.exe -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\mptft.exe -> Adware.SearchAssistant : Cleaned with backup
C:\WINDOWS\system32\msutilse.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nr1rnqm8.exe -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\rlls.dll -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\ssec.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\system32\tfthot.exe -> Adware.SearchAssistant : Cleaned with backup
C:\WINDOWS\system32\yqunncv.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\system32ssec.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\system32tfthot.exe -> Adware.SearchAssistant : Cleaned with backup
C:\WINDOWS\Temp\Cookies\scott@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\WINDOWS\Temp\Cookies\scott@server.iad.liveperso n[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup


::Report End

Did you run the other fix I posted?? If not, how did you get the tools to run??

We need to see a HJT log to know what else might be left... This was a major mess, so it is likely there is still some more to clean up... Be sure to reboot prior to creating and posting the new HJT log...

Did you run the other fix I posted?? If not, how did you get the tools to run??

We need to see a HJT log to know what else might be left... This was a major mess, so it is likely there is still some more to clean up... Be sure to reboot prior to creating and posting the new HJT log...

Major mess is an understatement! I have ran everything you posted up. I'll run hijack this again and post a fresh log.

New log:

Logfile of HijackThis v1.99.1
Scan saved at 7:49:11 PM, on 6/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Scott\APPLIC~1\YSTEM3~1\services.exe
C:\Documents and Settings\Scott\My Documents\??stem\t?skmgr.exe
C:\WINDOWS\system32\RAMASST.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\PECarlin\wUninstall.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - _{021449E1-F6DB-124E-6D39-719D4E9E959A} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ounjd.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,yqunncv. exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Search - {7AF88C96-F4F9-A2F6-FBDB-50CF8AAFD60C} - C:\WINDOWS\Ypgofcue.dll (file missing)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [wdbwdt] C:\WINDOWS\system32\xlwfdv.exe reg_run
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [win320900-12626393] C:\WINDOWS\win320900-12626393.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [w003c303.dll] RUNDLL32.EXE w003c303.dll,I2 0013f2cf0003c303
O4 - HKLM\..\Run: [Turas] c:\Program Files\Emsyh\Wedi.exe
O4 - HKLM\..\Run: [{DA-A7-73-3C-ZN}] c:\windows\system32\qldsregp.exe CORN001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\lwinmrez.exe CORN001
O4 - HKLM\..\Run: [vezhtpqA] C:\WINDOWS\vezhtpqA.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMedia] "C:\DOCUME~1\Scott\LOCALS~1\Temp\F5.tmp2560.exe"
O4 - HKCU\..\Run: [tahye] C:\WINDOWS\system32\xlwfdv.exe reg_run
O4 - HKCU\..\Run: [Eprc] "C:\DOCUME~1\Scott\APPLIC~1\YSTEM3~1\services.exe" -vt ndrv
O4 - HKCU\..\Run: [Bnnjyt] C:\Documents and Settings\Scott\My Documents\??stem\t?skmgr.exe
O4 - HKCU\..\Run: [miiu] C:\PROGRA~1\COMMON~1\miiu\miium.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\lwinmrez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab[/url]
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\t48ulel91hq.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Mixer - sndmixex.dll (file missing)
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\system32\ennoeamm.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

Try to clean up as much as we can with HJT and then we will see what is left... Open and HJT scan and put checks by:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - _{021449E1-F6DB-124E-6D39-719D4E9E959A} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ounjd.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,yqunncv. exe
O3 - Toolbar: Search - {7AF88C96-F4F9-A2F6-FBDB-50CF8AAFD60C} - C:\WINDOWS\Ypgofcue.dll (file missing)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O4 - HKLM\..\Run: [wdbwdt] C:\WINDOWS\system32\xlwfdv.exe reg_run
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [win320900-12626393] C:\WINDOWS\win320900-12626393.exe
O4 - HKLM\..\Run: RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [w003c303.dll] RUNDLL32.EXE w003c303.dll,I2 0013f2cf0003c303
O4 - HKLM\..\Run: [Turas] c:\Program Files\Emsyh\Wedi.exe
O4 - HKLM\..\Run: [{DA-A7-73-3C-ZN}] c:\windows\system32\qldsregp.exe CORN001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\lwinmrez.exe CORN001
O4 - HKLM\..\Run: [vezhtpqA] C:\WINDOWS\vezhtpqA.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKCU\..\Run: [WinMedia] "C:\DOCUME~1\Scott\LOCALS~1\Temp\F5.tmp2560.exe"
O4 - HKCU\..\Run: [tahye] C:\WINDOWS\system32\xlwfdv.exe reg_run
O4 - HKCU\..\Run: [Eprc] "C:\DOCUME~1\Scott\APPLIC~1\YSTEM3~1\services.exe" -vt ndrv
O4 - HKCU\..\Run: [Bnnjyt] C:\Documents and Settings\Scott\My Documents\??stem\t?skmgr.exe
O4 - HKCU\..\Run: [miiu] C:\PROGRA~1\COMMON~1\miiu\miium.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\lwinmrez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\t48ulel91hq.dll
O20 - Winlogon Notify: Mixer - sndmixex.dll (file missing)
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\system32\ennoeamm.dll (file missing)

Close all open windows except HJT and press Fix checked...

Find and delete:

C:\WINDOWS\system32\xlwfdv.exe
C:\Program Files\[b]webHancer\Programs\whsurvey.exe (whole folder)
C:\WINDOWS\win320900-12626393.exe
C:\WINDOWS\bxxs5.dll
c:\Program Files\Emsyh\Wedi.exe
c:\windows\system32\qldsregp.exe
C:\WINDOWS\system32\lwinmrez.exe
C:\WINDOWS\vezhtpqA.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\DOCUME~1\Scott\LOCALS~1\Temp\F5.tmp2560.exe
C:\WINDOWS\system32\xlwfdv.exe
C:\DOCUME~1\Scott\APPLIC~1\YSTEM3~1\services.exe (whole folder)
C:\PROGRA~1\COMMON~1\miiu\miium.exe (whole folder)
C:\Program Files\Common Files\svchostsys\svchostsys.exe (whole folder)
C:\WINDOWS\system32\lwinmrez.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\dmonwv.dll
C:\WINDOWS\system32\x3cqp0.dll
C:\WINDOWS\system32\t48ulel91hq.dll
C:\WINDOWS\system32\ennoeamm.dll

You will need to find a folder that looks something like this, but the question marks will have some other similar character in it to the one you would expect to be there... DO NOT delete the "system" folder if you find it there, but do delete the whole folder that looks like it...

C:\Documents and Settings\Scott\My Documents\??stem\t?skmgr.exe

Use Windows Search function to find and delete this one:

sndmixex.dll

If you can't find any of them, you may need to set Windows to show all hidden and system files... If you can't delete any of them, try booting to Safe Mode and deleting them there...

Reboot and post a fresh HJT log with a report on how things went....

Couldn't find a few of them. Here is the fresh log

Logfile of HijackThis v1.99.1
Scan saved at 10:59:36 PM, on 6/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Microsoft ActiveSync\RICHINK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Scott\Desktop\New Folder\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [url]http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab[/url]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [url]http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab[/url]
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2NvdHQg\command.exe (file missing)
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vezhtpq.exe (file missing)

What files/folders couldn't you find?? Did you set Windows to show hidden/system files??

Follow these instructions for each of the following:

Go to Start > Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the below services:

Command Service
Windows Overlay Components

When you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.

The from Run type:

sc Command Service

and then

sc Windows Overlay Components

Open an HJT scan and fix:

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2NvdHQg\command.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vezhtpq.exe (file missing)

Find and delete:

C:\WINDOWS\U2NvdHQg\command.exe (whole folder)
C:\WINDOWS\vezhtpq.exe

Reboot and post a fresh HJT log with details about any files/folders you couldn't find and how your system is running... We need info if we are going to help you sort this mess out...

What files/folders couldn't you find??

C:\WINDOWS\win320900-12626393.exe
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\vezhtpqA.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\DOCUME-1\Scott\LOCALS-1\Temp\F5.tmp2560.exe
C:\PROGRA-1\COMMON-1\miiu\miium.exe(whole folder)
C:\WINDOWS\system32\dmonwv.dll
C:\WINDOWS\system32\ennoeamm.dll



Did you set Windows to show hidden/system files??
Yes





Open an HJT scan and fix:

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2NvdHQg\command.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vezhtpq.exe (file missing)
Those 2 services weren't in my HJT log.

Find and delete:

C:\WINDOWS\U2NvdHQg\command.exe (whole folder)
C:\WINDOWS\vezhtpq.exe

Couldn't find either of these in my my comp.

Those 2 services weren't in my HJT log.
They were in the log you posted... Did you do some other fix since you posted that log??

Please download and install Killbox using the link in my signature for HJT:

Then copy/paste this list into a Notepad file so that you can access it in Safe Mode... Boot to Safe Mode (tap F8 just before Windows starts loading and select Safe Mode)... Choose the "Delete on reboot" and "End Explorer Shell while Killing file" options... Copy/paste the entire list into the line for the file... It should be able to accept the whole list, but if it doesn't you will need to enter them one at a time... Do not click through to close it out and reboot until they have all been entered... Once they are all entered, click through to kill them...

C:\WINDOWS\win320900-12626393.exe
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\vezhtpqA.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\DOCUME-1\Scott\LOCALS-1\Temp\F5.tmp2560.exe
C:\WINDOWS\system32\dmonwv.dll
C:\WINDOWS\system32\ennoeamm.dll
C:\WINDOWS\vezhtpq.exe

and then do this list with the folder option:

C:\PROGRA-1\COMMON-1\miiu\miium.exe
C:\WINDOWS\U2NvdHQg\command.exe

Reboot and post a fresh HJT log with an update on how things are going... You did not post the log I asked for last time and you still haven't told me how your system is working...