I had surfsidekick 3 overload... I've done a lot of recovering but still have some issues here is hijack

Logfile of HijackThis v1.99.1
Scan saved at 2:24:03 AM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PaulB\GetHotmail\GetMail\GetMail.exe
C:\Program Files\s?stem32\w?nspool.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\NetMeeting\nmwb.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hvjfgke.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [defender] C:\\defender23.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [w02d1de3.dll] RUNDLL32.EXE w02d1de3.dll,I2 00112edf002d1de3
O4 - HKLM\..\Run: [fipovd] C:\WINDOWS\system32\gqlwvf.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [getmail] "C:\Program Files\PaulB\GetHotmail\GetMail\GetMail.exe"
O4 - HKCU\..\Run: [Aida] "D:\DOCUME~1\jme\MYDOCU~1\DOBE~1\mmc.exe" -vt yazr
O4 - HKCU\..\Run: [Mtyguu] C:\Program Files\s?stem32\w?nspool.exe
O4 - HKCU\..\Run: [qizi] C:\PROGRA~1\COMMON~1\qizi\qizim.exe
O4 - HKCU\..\Run: [cfwpw] C:\WINDOWS\system32\gqlwvf.exe reg_run
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\twinkqez.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier - Accountant Edition\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: NOD32 FiX.lnk = C:\WINDOWS\system32\regedt32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141713793448
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141713943664
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Unknown owner - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe (file missing)

I am still getting a lot of popups even after running Ad-Aware SE Personal and Spybot both multiple times. My NOD32 antivirus still is going off quite a bit as well but for some reason it's not able to clear the system... also I forgot to add my Panda scan results...

Incident Status Location

Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL03.exe[VSL.dl_]
Virus:Trj/Downloader.ILI Disinfected C:\WINDOWS\system32\w02d1de3.dll
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL05.exe[VSL.dl_]
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\newname.dat
Adware:Adware/CommAd Not disinfected C:\WINDOWS\am1l\uAY5.vbs
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Virus:Trj/VB.MC Disinfected C:\WINDOWS\SYSC00.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_22.exe
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\jme\Local Settings\Temp\Cookies\jme@banners.searchingbooth[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\jme\Local Settings\Temp\Cookies\jme@adopt.hbmediapro[2].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\jme\Local Settings\Temp\Cookies\jme@kmpads[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\jme\Local Settings\Temp\Cookies\jme@www.myaffiliateprogram[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\jme\Local Settings\Temp\Cookies\jme@ad.yieldmanager[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\jme\Local Settings\Temp\Cookies\jme@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\jme\Local Settings\Temp\Cookies\jme@dist.belnk[2].txt

Hi and Welcome

Are you still in need of assistance ?

Start Hijackthis and place a check next to these items If there.
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hvjfgke.exe
O4 - HKLM\..\Run: [defender] C:\\defender23.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [w02d1de3.dll] RUNDLL32.EXE w02d1de3.dll,I2 00112edf002d1de3
O4 - HKLM\..\Run: [fipovd] C:\WINDOWS\system32\gqlwvf.exe reg_run
O4 - HKCU\..\Run: [Aida] "D:\DOCUME~1\jme\MYDOCU~1\DOBE~1\mmc.exe" -vt yazr
O4 - HKCU\..\Run: [Mtyguu] C:\Program Files\s?stem32\w?nspool.exe
O4 - HKCU\..\Run: [qizi] C:\PROGRA~1\COMMON~1\qizi\qizim.exe
O4 - HKCU\..\Run: [cfwpw] C:\WINDOWS\system32\gqlwvf.exe reg_run
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\twinkqez.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
====================================
Hit fix checked and close Hijackthis.
Restart the PC Into safe mode
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Click here if needed (http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx) Start into safe mode(it may help if you print that out)
"Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 (sometimes its ctrl) several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter."

Now run SpyBot check for and fix any problems found then do a full system scan with Nod32

Afterwards restart back to a normal windows session, once back make and post another hijackthis log.

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a pm and provide a link to the thread.

Applies only to the original topic starter.