07.29.04 - Below was about a Win2000 system, I just found the same 6ho4svc.dll on a XP home PC 
and was able to delete it in safe mode.

This is the rough draft of part two:

When system booted got Rundll32.exe and iexplore.exe - dll init failed errors, 
local\appdata\ms\windows\UsrClass.dat error. found aqaamon.dll, aaledit.dll created 7/18 - deleted.

Task manager compromised.

Searched registry:
found 6ho4svc.dll in HKLM\Software\WindowsNT\CurrentVersion\wingon\notify\usrinstallabe.drivers.
It will recreate this entry as well as folders WPAEvents, WOW, Winlogon.
Booted in safe mode and it was Type 1 Installer folder. Renaming the dll entry or the folders could not stop it as it
re-created the entries.

Zestyfind.com and secure.html have been added back to the explorer defaults. Used Hijackthis to remove.
Updated adaware and scanned entire C drive, did not detect 6ho4svc.dll,
 still getting popups from 65.61.157.153/adserver/memturbo/adm/ad.htm

googled and found VX2 finder from www.downloads.subratan.org/VX2finder
The tool found the registry entries but not the active .dll

found http://wilderssecurity.com/archive/index.php/t-33044.html that reveals info on a earlier permutation.

Booted on CD, ran recovery console. renamed 6ho4svc.dll, ahmparse.dll and batt374w.dll, rebooted and used tool
 to delete last registry entry.

turned off the desktop web display - set to security.html, deleted this and other crap loaded into c:\windows\web