I have completed all the tasks in your reply. Here is the latest HiJackThis log.
Logfile of HijackThis v1.99.1
Scan saved at 5:18:57 PM, on 7/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\temp\Hijack This version 1.99\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dell.com/O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VisualElementFXad] C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Music Communication Module.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{79B24127-5052-4A3F-8637-B96C4B6C959C}: NameServer = 128.118.25.3,130.203.1.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Here is the log file from PFIND.
Files found with this application may be legitimate.
Only remove files that you know are malware related.
Checking the C: folder
Checking the C:\Program Files folder
Checking the C:\WINDOWS folder
C:\WINDOWS\nctoot.dll: defcfg_srv=u.urllogic.com
C:\WINDOWS\nctoot.dll: chpop_srv=s.urllogic.com
C:\WINDOWS\nctoot.dll: excl_urls=onemoresearch.net,update32.searchmiracle.com,atdmt.com,switch.atdmt.com,js1.yimg.com,us.js1.yimg.com,us.yimg.com,us.i1.yimg.com,cdn.comcast.net,goldenpalace.com,banner.goldenpalace.com,msads.net,global.msads.net,topmoxie.com,mediaplex.com,altfarm.mediaplex.com,maxserving.com,c4.maxserving.com,ar.atwola.com,cdn.aim.com,fxfeeds.mozilla.org,alwaysupdatednews.com,adv.eblocs.com,v8.alwaysupdatednews.com,login.passport.net,pagead2.googlesyndication.com,ads.inet1.com,loginnet.passport.com,z1.adserver.com,falkag.net,as-us.falkag.net,a.as-us.falkag.net,a1.yimg.com,yimg.com,trafficmp.com,us.a1.yimg.com,aaabesthomepage.com,ads.exitexchange.com,t.trafficmp.com,clicktrk.com,pan-advert.com,loadingwebsite.com,server.iad.liveperson.net,ezula.com,u.clkoptimizer.com,adsv2.delfinproject.com,popup.msn.com,ads2.revenue.net,i.emarketresearchgroup.com,counters.honesty.com,oz.valueclick.com,ads.bidclix.com,radio.launch.yahoo.com,zone.msn.com,sr.adwave.com,xlime.offeroptimizer.com,clickspring.net,qksrv.net,us.update.companion.yahoo.com,kill-pop-ups.com,cdn-aimtoday.aol.com,search200.com,servedby.adscpm.com,xanga.com,count.exitexchange.com,jnictech.cjt1.net,xadsq.offeroptimizer.com,popuptraffic.com,paypopup.com,cdn-cf.aol.com,by.optimost.com,hotmail.msn.com,adfarm.mediaplex.com,allaboutsearching.com,amch.questionmarket.com,akapp.whenu.com,newupdates.lzio.com,cfg.mywebsearch.com,searcheffect.com,ads.delfinproject.com,hotmail.com,master.mx-targeting.com,ctl.twain-tech.com,mail.yahoo.com,m2.doubleclick.net,insider.msg.yahoo.com,focusin.ads.targetnet.com,e.rn11.com,topicks.com,jmnad1.com,pgq.yahoo.com,stopzilla.com,ayb.lop.com,webpdp.gator.com,xadso.offeroptimizer.com,download.smileycentral.com,mm.delfinproject.com,view.atdmt.com,delfinproject.com,jbns2.cydoor.com,bannerfarm.ace.advertising.com,popuppers.com,as.adwave.com,look2me.com,wisapidata.weatherbug.com,ads.addynamix.com,ar.atwola.com,ads1.revenue.net,updates.qoologic.com,ad.trafficmp.com,jicmedia.cjt1.net,weatherbug.com,games.yahoo.com,adsrv.qoologic.com,servedby.advertising.com,ww2.weatherbug.com,www4.yesadvertising.com,bannerserver.gator.com,rightmedia.net,mmm.media-motor.net,hop.clickbank.net,media76.fastclick.net,websearch.com,isapi60.weatherbug.com,web.tickle.com,wwp.icq.com,smileycentral.com,messenger.zango.com,cdn.icq.com,adserv1.gruvmedia.com,tv.180solutions.com,s.clkoptimizer.com,banners.pennyweb.com,pops.browseraid.com,adserv.internetfuel.com,download.abetterinternet.com,sr.websearch.com,messenger.msn.com,top-banners.com,advert.runescape.com,join1.winhundred.com,odysseusmarketing.com,v4.windowsupdate.microsoft.com,windowsupdate.microsoft.com,adverts.lzio.com,clickit.go2net.com,filter.belkin.com,comcast.net,sc.musicmatch.com,license.hotbar.com,web.icq.com,trk.pcsecurityshield.com,whenusearch.com,jbigpops.cjt1.net,isg05.casalemedia.com,anrdoezrs.net,yahoo.com,microsoft.com,target.com,aol.com,aim-charts.pf.aol.com,download.websearch.com,actualdeals.com,images.trafficmp.com,mydailyhoroscope.net,creativeby.viewpoint.com,ekmas.com,ads.mydailyhoroscope.net,c5.zedo.com,affiliates.4lowrates.com,couponage.com,hits.clickandtrack.net,jcontent.bns1.net,clickserve.cc-dt.com,host239.ipowerweb.com,popups.ad-logics.com,adlog2.lzio.com,bv.channel.aol.com,img2.mailpostdirect.com,dw.dailywinner.net,m3.doubleclick.net,as.casalemedia.com,ad.doubleclick.net,toprebates.com,trk.bestmagsdirect.com,ads.clickagents.com,a.websponsors.com,sandboxer.com,media.fastclick.net,click2.containsitall.com,ads234.com,banners.searchingbooth.com,passportimages.com,stats.eblocs.com,media.deskwizz.com,c1.zedo.com,photobucket.com,
Checking the C:\WINDOWS\SYSTEM32 folder
C:\WINDOWS\SYSTEM32\au3.exe: UPX!
C:\WINDOWS\SYSTEM32\gah95on6.ini: SAHAgent=gah95on6.exe
C:\WINDOWS\SYSTEM32\gah95on6.ini: [SAHAgent]
C:\WINDOWS\SYSTEM32\ntdll.dll: .aspack
Checking all directories under the C:\WINDOWS\SYSTEM32\drivers folder
Checking the C:\Documents and Settings\All Users\Start Menu\programs\Startup\ folder
Checking the C:\Documents and Settings\All Users\Application Data folder
Checking the C:\Documents and Settings\Mike\Start Menu\programs\Startup\ folder
Checking the C:\Documents and Settings\Mike\Application Data folder
Checking the Windows folder for system and hidden files within the last 60 days
C:\WINDOWS\
bootstat.dat Thu Jul 7 2005 4:12:36p A.S.. 2,048 2.00 K
qtfont.qfn Thu Jul 7 2005 8:26:58a A..H. 54,156 52.89 K
C:\WINDOWS\INF\
oem32.inf Tue Jun 28 2005 10:39:02p ...H. 0 0.00 K
C:\WINDOWS\TASKS\
sa.dat Thu Jul 7 2005 4:11:36p A..H. 6 0.00 K
C:\WINDOWS\SYSTEM32\CONFIG\
default.log Thu Jul 7 2005 5:02:40p A..H. 57,344 56.00 K
sam.log Thu Jul 7 2005 4:12:52p A..H. 1,024 1.00 K
security.log Thu Jul 7 2005 4:12:38p A..H. 16,384 16.00 K
software.log Thu Jul 7 2005 5:04:46p A..H. 577,536 564.00 K
system.log Thu Jul 7 2005 4:12:44p A..H. 1,003,520 980.00 K
C:\WINDOWS\SYSTEM32\CATROOT\{F750E~1\
kb890046.cat Tue May 17 2005 11:23:22a ..S.. 11,845 11.57 K
kb893066.cat Wed May 25 2005 2:39:08p ..S.. 10,786 10.53 K
kb896358.cat Thu May 26 2005 7:22:40p ..S.. 15,022 14.67 K
kb896422.cat Tue May 10 2005 10:34:26a ..S.. 10,786 10.53 K
kb896428.cat Tue May 10 2005 7:52:26p ..S.. 10,786 10.53 K
kb898458.cat Tue May 24 2005 11:00:54a ..S.. 8,817 8.61 K
kb898461.cat Tue May 17 2005 3:16:24p ..S.. 9,735 9.50 K
oem32.cat Thu May 26 2005 4:27:36a ..S.. 13,511 13.19 K
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\
ntuser~1.log Thu Jun 23 2005 10:18:22p A..H. 1,024 1.00 K
C:\WINDOWS\SYSTEM32\MICROS~1\PROTECT\S-1-5-18\USER\
23f815~1 Tue Jun 21 2005 4:10:14p A.SH. 388 0.38 K
prefer~1 Tue Jun 21 2005 4:10:14p A.SH. 24 0.02 K
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\MICROS~1\CRYPTN~1\CONTENT\
e6024e~1 Tue Jun 28 2005 8:16:52p A.S.. 558 0.54 K
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\MICROS~1\CRYPTN~1\METADATA\
e6024e~1 Tue Jun 28 2005 8:16:52p A.S.. 144 0.14 K
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\89ATUVWF\
desktop.ini Tue Jun 28 2005 8:23:20p ..SH. 67 0.06 K
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\CDQXGH0P\
desktop.ini Tue Jun 28 2005 8:23:20p ..SH. 67 0.06 K
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\YPERG74V\
desktop.ini Tue Jun 28 2005 8:23:20p ..SH. 67 0.06 K
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\YZI12LM5\
desktop.ini Tue Jun 28 2005 8:23:20p ..SH. 67 0.06 K
26 items found: 26 files, 0 directories.
Total of file sizes: 1,805,712 bytes 1.72 M
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched REG_SZ C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
PRONoMgr.exe REG_SZ C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
Dell QuickSet REG_SZ C:\Program Files\Dell\QuickSet\quickset.exe
AdaptecDirectCD REG_SZ "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
vptray REG_SZ C:\PROGRA~1\SYMANT~1\VPTray.exe
SM1BG REG_SZ C:\WINDOWS\SM1BG.EXE
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
VisualElementFXad REG_SZ C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
UserFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -u
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
<NO NAME> REG_SZ
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Spyware Doctor REG_SZ "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} REG_DWORD 0x1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} REG_DWORD 0x40000021
{0DF44EAA-FF21-4412-828E-260A8728E7F1} REG_DWORD 0x20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
And finally, here is the log from EWIDO,
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:03:33 PM, 7/7/2005
+ Report-Checksum: 64EC0FF1
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{302A3240-4805-4A34-97D7-1645A0B08410} -> Spyware.VX2 : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{999A06FF-10EF-4A29-8640-69E99882C26B} -> Spyware.Begin2Search : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED103D9F-3070-4580-AB1E-E5C179C1AE41} -> Spyware.SearchMiracle : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} -> Spyware.NewtonKnows : Cleaned with backup
HKU\S-1-5-21-3452093511-2197457197-180588974-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{302A3240-4805-4A34-97D7-1645A0B08410} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{302A3240-4805-4A34-97D7-1645A0B08410} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{999A06FF-10EF-4A29-8640-69E99882C26B} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED103D9F-3070-4580-AB1E-E5C179C1AE41} -> Spyware.SearchMiracle : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} -> Spyware.NewtonKnows : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wjppeuoc.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wjppeuoc.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wjppeuoc.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\9t3cdch7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\9t3cdch7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\9t3cdch7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP62\A0032617.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP62\A0032695.exe -> Trojan.MulDrop.2057 : Cleaned with backup
C:\WINDOWS\oyvzeal.exe -> Adware.BetterInternet : Cleaned with backup
::Report End
I ran Spy Doctor, and it found 51 infections. There must be more work to do here. Thanks for all you have done so far.