I have been trying for 2 days now to remove all the adwares/spywares on my laptop without success. I have used Ad-aware, Sypot, Spy Sweeper, CWShredder,...nothing works.
Please help. Thank you.
Here is my Hijack Log:
Logfile of HijackThis v1.99.1
Scan saved at 1:26:05 PM, on 8/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\TWFsbG9yeSBTdHVjaGlu\command.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\nfsiod.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\System32\nfsiod.exe
C:\WINDOWS\System32\usbhdctl.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Vrlgqzy\Gsqnk.exe
C:\Program Files\Royembw\Tstjhp.exe
C:\WINDOWS\System32\usbhdctl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\asrres.exe
C:\WINDOWS\System32\?hkdsk.exe
C:\WINDOWS\System32\asrres.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\John Doe\Desktop\repair\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/landingpages/ ... popup=true (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - _{CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - (no file)
O1 - Hosts: 69.31.81.22 http://www.google.ae
O1 - Hosts: 69.31.81.22 http://www.google.am
O1 - Hosts: 69.31.81.22 http://www.google.as
O1 - Hosts: 69.31.81.22 http://www.google.at
O1 - Hosts: 69.31.81.22 http://www.google.az
O1 - Hosts: 69.31.81.22 http://www.google.be
O1 - Hosts: 69.31.81.22 http://www.google.bi
O1 - Hosts: 69.31.81.22 http://www.google.ca
O1 - Hosts: 69.31.81.22 http://www.google.cd
O1 - Hosts: 69.31.81.22 http://www.google.cg
O1 - Hosts: 69.31.81.22 http://www.google.ch
O1 - Hosts: 69.31.81.22 http://www.google.ci
O1 - Hosts: 69.31.81.22 http://www.google.cl
O1 - Hosts: 69.31.81.22 http://www.google.co.cr
O1 - Hosts: 69.31.81.22 http://www.google.co.hu
O1 - Hosts: 69.31.81.22 http://www.google.co.il
O1 - Hosts: 69.31.81.22 http://www.google.co.in
O1 - Hosts: 69.31.81.22 http://www.google.co.je
O1 - Hosts: 69.31.81.22 http://www.google.co.jp
O1 - Hosts: 69.31.81.22 http://www.google.co.ke
O1 - Hosts: 69.31.81.22 http://www.google.co.kr
O1 - Hosts: 69.31.81.22 http://www.google.co.ls
O1 - Hosts: 69.31.81.22 http://www.google.co.nz
O1 - Hosts: 69.31.81.22 http://www.google.co.th
O1 - Hosts: 69.31.81.22 http://www.google.co.ug
O1 - Hosts: 69.31.81.22 http://www.google.co.uk
O1 - Hosts: 69.31.81.22 http://www.google.co.ve
O1 - Hosts: 69.31.81.22 http://www.google.com
O1 - Hosts: 69.31.81.22 http://www.google.com.ag
O1 - Hosts: 69.31.81.22 http://www.google.com.ar
O1 - Hosts: 69.31.81.22 http://www.google.com.au
O1 - Hosts: 69.31.81.22 http://www.google.com.br
O1 - Hosts: 69.31.81.22 http://www.google.com.co
O1 - Hosts: 69.31.81.22 http://www.google.com.cu
O1 - Hosts: 69.31.81.22 http://www.google.com.do
O1 - Hosts: 69.31.81.22 http://www.google.com.ec
O1 - Hosts: 69.31.81.22 http://www.google.com.fj
O1 - Hosts: 69.31.81.22 http://www.google.com.gi
O1 - Hosts: 69.31.81.22 http://www.google.com.gr
O1 - Hosts: 69.31.81.22 http://www.google.com.gt
O1 - Hosts: 69.31.81.22 http://www.google.com.hk
O1 - Hosts: 69.31.81.22 http://www.google.com.ly
O1 - Hosts: 69.31.81.22 http://www.google.com.mt
O1 - Hosts: 69.31.81.22 http://www.google.com.mx
O1 - Hosts: 69.31.81.22 http://www.google.com.my
O1 - Hosts: 69.31.81.22 http://www.google.com.na
O1 - Hosts: 69.31.81.22 http://www.google.com.nf
O1 - Hosts: 69.31.81.22 http://www.google.com.ni
O1 - Hosts: 69.31.81.22 http://www.google.com.np
O1 - Hosts: 69.31.81.22 http://www.google.com.pa
O1 - Hosts: 69.31.81.22 http://www.google.com.pe
O1 - Hosts: 69.31.81.22 http://www.google.com.ph
O1 - Hosts: 69.31.81.22 http://www.google.com.pk
O1 - Hosts: 69.31.81.22 http://www.google.com.pr
O1 - Hosts: 69.31.81.22 http://www.google.com.py
O1 - Hosts: 69.31.81.22 http://www.google.com.sa
O1 - Hosts: 69.31.81.22 http://www.google.com.sg
O1 - Hosts: 69.31.81.22 http://www.google.com.sv
O1 - Hosts: 69.31.81.22 http://www.google.com.tr
O1 - Hosts: 69.31.81.22 http://www.google.com.tw
O1 - Hosts: 69.31.81.22 http://www.google.com.ua
O1 - Hosts: 69.31.81.22 http://www.google.com.uy
O1 - Hosts: 69.31.81.22 http://www.google.com.vc
O1 - Hosts: 69.31.81.22 http://www.google.com.vn
O1 - Hosts: 69.31.81.22 http://www.google.de
O1 - Hosts: 69.31.81.22 http://www.google.dj
O1 - Hosts: 69.31.81.22 http://www.google.dk
O1 - Hosts: 69.31.81.22 http://www.google.es
O1 - Hosts: 69.31.81.22 http://www.google.fi
O1 - Hosts: 69.31.81.22 http://www.google.fm
O1 - Hosts: 69.31.81.22 http://www.google.fr
O1 - Hosts: 69.31.81.22 http://www.google.gg
O1 - Hosts: 69.31.81.22 http://www.google.gl
O1 - Hosts: 69.31.81.22 http://www.google.gm
O1 - Hosts: 69.31.81.22 http://www.google.hn
O1 - Hosts: 69.31.81.22 http://www.google.ie
O1 - Hosts: 69.31.81.22 http://www.google.it
O1 - Hosts: 69.31.81.22 http://www.google.kz
O1 - Hosts: 69.31.81.22 http://www.google.li
O1 - Hosts: 69.31.81.22 http://www.google.lt
O1 - Hosts: 69.31.81.22 http://www.google.lu
O1 - Hosts: 69.31.81.22 http://www.google.lv
O1 - Hosts: 69.31.81.22 http://www.google.mn
O1 - Hosts: 69.31.81.22 http://www.google.ms
O1 - Hosts: 69.31.81.22 http://www.google.mu
O1 - Hosts: 69.31.81.22 http://www.google.mw
O1 - Hosts: 69.31.81.22 http://www.google.nl
O1 - Hosts: 69.31.81.22 http://www.google.no
O1 - Hosts: 69.31.81.22 http://www.google.off.ai
O1 - Hosts: 69.31.81.22 http://www.google.pl
O1 - Hosts: 69.31.81.22 http://www.google.pn
O1 - Hosts: 69.31.81.22 http://www.google.pt
O1 - Hosts: 69.31.81.22 http://www.google.ro
O1 - Hosts: 69.31.81.22 http://www.google.ru
O1 - Hosts: 69.31.81.22 http://www.google.rw
O1 - Hosts: 69.31.81.22 http://www.google.se
O1 - Hosts: 69.31.81.22 http://www.google.sh
O1 - Hosts: 69.31.81.22 http://www.google.sk
O1 - Hosts: 69.31.81.22 http://www.google.sm
O1 - Hosts: 69.31.81.22 http://www.google.td
O1 - Hosts: 69.31.81.22 http://www.google.tm
O2 - BHO: WinStat - {0BAE99AF-A9F7-4f7e-9C72-2C1CC81BE0FF} - C:\WINDOWS\System32\WinStat13.dll
O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: XBTB01658 - {38A15633-D04F-4bed-A8D0-DF1D687D1F7E} - C:\WINDOWS\DOWNLO~1\SEXTEN~1.DLL
O2 - BHO: (no name) - {4FA2B39B-A7DA-983C-68E6-5B095A4118FD} - C:\DOCUME~1\MALLOR~1\LOCALS~1\Temp\nmvyrmdudcb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {96D8274B-B4FD-A526-F5FD-E3CB5BC403B6} - C:\WINDOWS\System32\skc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [asrres] C:\WINDOWS\System32\asrres.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GoogleToolbar.dll/cmtrans.html
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106 ... ontent.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - ms-its:mhtml:file://c:\sxtens.mht!http://bar.sxload.com/data/sxt.chm::/sextension.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33BA8EFA-AA25-4FA2-85C5-2D2D6201152A}: Domain = usc.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{33BA8EFA-AA25-4FA2-85C5-2D2D6201152A}: NameServer = 128.125.253.183,128.125.253.166,128.125.253.136
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = usc.edu,hsc.usc.edu
O17 - HKLM\System\CS1\Services\Tcpip\..\{33BA8EFA-AA25-4FA2-85C5-2D2D6201152A}: Domain = usc.edu
O17 - HKLM\System\CS1\Services\Tcpip\..\{33BA8EFA-AA25-4FA2-85C5-2D2D6201152A}: NameServer = 128.125.253.183,128.125.253.166,128.125.253.136
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = usc.edu,hsc.usc.edu
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\MTI.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFsbG9yeSBTdHVjaGlu\command.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe