I have ran Ad-Aware 6.0 and Norton AntiVirus and have the google search bar pop up blocker and im still receiving annoying pop ups. please help me figure out whats wrong

Logfile of HijackThis v1.98.0
Scan saved at 7:17:36 PM, on 7/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\apirt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\opdhrjh.exe
C:\WINDOWS\system32\apiwn32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJack This\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vaiyi.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vaiyi.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vaiyi.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vaiyi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vaiyi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vaiyi.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com
%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com
%00@www.e-finder.cc/search/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A263007C-D0C9-5EB7-16EE-A0E13C5D8C42} - C:\WINDOWS\sysni.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CC5DFEE2-722A-5C44-8CC5-7BAD2AA546F5} - C:\WINDOWS\system32\apihg32.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [hfcagpa] C:\WINDOWS\System32\opdhrjh.exe
O4 - HKLM\..\Run: [sdkso.exe] C:\WINDOWS\system32\sdkso.exe
O4 - HKLM\..\Run: [ipwf.exe] C:\WINDOWS\system32\ipwf.exe
O4 - HKLM\..\Run: [d3kb.exe] C:\WINDOWS\system32\d3kb.exe
O4 - HKLM\..\Run: [iprs32.exe] C:\WINDOWS\system32\iprs32.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [apiwn32.exe] C:\WINDOWS\system32\apiwn32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [netkk.exe] C:\WINDOWS\netkk.exe
O4 - HKLM\..\RunOnce: [sysxp32.exe] C:\WINDOWS\system32\sysxp32.exe
O4 - HKLM\..\RunOnce: [iete.exe] C:\WINDOWS\iete.exe
O4 - HKLM\..\RunOnce: [netkt.exe] C:\WINDOWS\netkt.exe
O4 - HKLM\..\RunOnce: [ieht32.exe] C:\WINDOWS\ieht32.exe
O4 - HKLM\..\RunOnce: [mskn32.exe] C:\WINDOWS\system32\mskn32.exe
O4 - HKLM\..\RunOnce: [netyh.exe] C:\WINDOWS\netyh.exe
O4 - HKLM\..\RunOnce: [apizp.exe] C:\WINDOWS\apizp.exe
O4 - HKLM\..\RunOnce: [javase32.exe] C:\WINDOWS\javase32.exe
O4 - HKLM\..\RunOnce: [atldr32.exe] C:\WINDOWS\atldr32.exe
O4 - HKLM\..\RunOnce: [addht.exe] C:\WINDOWS\system32\addht.exe
O4 - HKLM\..\RunOnce: [apixc.exe] C:\WINDOWS\system32\apixc.exe
O4 - HKLM\..\RunOnce: [windu.exe] C:\WINDOWS\windu.exe
O4 - HKLM\..\RunOnce: [sysrj.exe] C:\WINDOWS\sysrj.exe
O4 - HKLM\..\RunOnce: [javauc32.exe] C:\WINDOWS\javauc32.exe
O4 - HKLM\..\RunOnce: [atlmk.exe] C:\WINDOWS\atlmk.exe
O4 - HKLM\..\RunOnce: [iesp32.exe] C:\WINDOWS\system32\iesp32.exe
O4 - HKLM\..\RunOnce: [ipvs.exe] C:\WINDOWS\ipvs.exe
O4 - HKLM\..\RunOnce: [apibh32.exe] C:\WINDOWS\system32\apibh32.exe
O4 - HKLM\..\RunOnce: [ipec.exe] C:\WINDOWS\ipec.exe
O4 - HKLM\..\RunOnce: [sdkaj32.exe] C:\WINDOWS\system32\sdkaj32.exe
O4 - HKLM\..\RunOnce: [mfceu.exe] C:\WINDOWS\mfceu.exe
O4 - HKLM\..\RunOnce: [d3ct32.exe] C:\WINDOWS\d3ct32.exe
O4 - HKLM\..\RunOnce: [sdkyb.exe] C:\WINDOWS\system32\sdkyb.exe
O4 - HKLM\..\RunOnce: [apibc.exe] C:\WINDOWS\apibc.exe
O4 - HKLM\..\RunOnce: [atlvc.exe] C:\WINDOWS\atlvc.exe
O4 - HKLM\..\RunOnce: [appkx32.exe] C:\WINDOWS\system32\appkx32.exe
O4 - HKLM\..\RunOnce: [apiiz32.exe] C:\WINDOWS\system32\apiiz32.exe
O4 - HKLM\..\RunOnce: [winna32.exe] C:\WINDOWS\system32\winna32.exe
O4 - HKLM\..\RunOnce: [apppp.exe] C:\WINDOWS\system32\apppp.exe
O4 - HKLM\..\RunOnce: [iegm32.exe] C:\WINDOWS\system32\iegm32.exe
O4 - HKLM\..\RunOnce: [mfccx.exe] C:\WINDOWS\system32\mfccx.exe
O4 - HKLM\..\RunOnce: [sysal32.exe] C:\WINDOWS\system32\sysal32.exe
O4 - HKLM\..\RunOnce: [cryl32.exe] C:\WINDOWS\cryl32.exe
O4 - HKLM\..\RunOnce: [javazo.exe] C:\WINDOWS\system32\javazo.exe
O4 - HKLM\..\RunOnce: [msfv.exe] C:\WINDOWS\system32\msfv.exe
O4 - HKLM\..\RunOnce: [ieoz.exe] C:\WINDOWS\ieoz.exe
O4 - HKLM\..\RunOnce: [addfo.exe] C:\WINDOWS\addfo.exe
O4 - HKLM\..\RunOnce: [netpp32.exe] C:\WINDOWS\system32\netpp32.exe
O4 - HKLM\..\RunOnce: [crxc.exe] C:\WINDOWS\system32\crxc.exe
O4 - HKLM\..\RunOnce: [atlrx32.exe] C:\WINDOWS\atlrx32.exe
O4 - HKLM\..\RunOnce: [d3ze.exe] C:\WINDOWS\system32\d3ze.exe
O4 - HKLM\..\RunOnce: [addkf.exe] C:\WINDOWS\addkf.exe
O4 - HKLM\..\RunOnce: [mfcci32.exe] C:\WINDOWS\mfcci32.exe
O4 - HKLM\..\RunOnce: [appdu.exe] C:\WINDOWS\appdu.exe
O4 - HKLM\..\RunOnce: [iekg.exe] C:\WINDOWS\system32\iekg.exe
O4 - HKLM\..\RunOnce: [sysop.exe] C:\WINDOWS\sysop.exe
O4 - HKLM\..\RunOnce: [mfchg.exe] C:\WINDOWS\system32\mfchg.exe
O4 - HKLM\..\RunOnce: [ipuk32.exe] C:\WINDOWS\ipuk32.exe
O4 - HKLM\..\RunOnce: [ieci32.exe] C:\WINDOWS\system32\ieci32.exe
O4 - HKLM\..\RunOnce: [d3je32.exe] C:\WINDOWS\d3je32.exe
O4 - HKLM\..\RunOnce: [javaek32.exe] C:\WINDOWS\system32\javaek32.exe
O4 - HKLM\..\RunOnce: [winsb.exe] C:\WINDOWS\winsb.exe
O4 - HKLM\..\RunOnce: [iews.exe] C:\WINDOWS\iews.exe
O4 - HKLM\..\RunOnce: [iezu.exe] C:\WINDOWS\iezu.exe
O4 - HKLM\..\RunOnce: [iety.exe] C:\WINDOWS\iety.exe
O4 - HKLM\..\RunOnce: [msdc.exe] C:\WINDOWS\system32\msdc.exe
O4 - HKLM\..\RunOnce: [sdkqk32.exe] C:\WINDOWS\sdkqk32.exe
O4 - HKLM\..\RunOnce: [javadj32.exe] C:\WINDOWS\system32\javadj32.exe
O4 - HKLM\..\RunOnce: [netws.exe] C:\WINDOWS\netws.exe
O4 - HKLM\..\RunOnce: [crzz.exe] C:\WINDOWS\system32\crzz.exe
O4 - HKLM\..\RunOnce: [sdkwm32.exe] C:\WINDOWS\system32\sdkwm32.exe
O4 - HKLM\..\RunOnce: [addug32.exe] C:\WINDOWS\addug32.exe
O4 - HKLM\..\RunOnce: [crgf.exe] C:\WINDOWS\crgf.exe
O4 - HKLM\..\RunOnce: [appkx.exe] C:\WINDOWS\system32\appkx.exe
O4 - HKLM\..\RunOnce: [sysrv32.exe] C:\WINDOWS\sysrv32.exe
O4 - HKLM\..\RunOnce: [d3jz32.exe] C:\WINDOWS\system32\d3jz32.exe
O4 - HKLM\..\RunOnce: [ntmv.exe] C:\WINDOWS\system32\ntmv.exe
O4 - HKLM\..\RunOnce: [appak32.exe] C:\WINDOWS\appak32.exe
O4 - HKLM\..\RunOnce: [crdb32.exe] C:\WINDOWS\crdb32.exe
O4 - HKLM\..\RunOnce: [netpl.exe] C:\WINDOWS\system32\netpl.exe
O4 - HKLM\..\RunOnce: [winhc32.exe] C:\WINDOWS\system32\winhc32.exe
O4 - HKLM\..\RunOnce: [crah32.exe] C:\WINDOWS\crah32.exe
O4 - HKLM\..\RunOnce: [netgx.exe] C:\WINDOWS\system32\netgx.exe
O4 - HKLM\..\RunOnce: [appjd32.exe] C:\WINDOWS\appjd32.exe
O4 - HKLM\..\RunOnce: [atlef.exe] C:\WINDOWS\system32\atlef.exe
O4 - HKLM\..\RunOnce: [sysqz32.exe] C:\WINDOWS\system32\sysqz32.exe
O4 - HKLM\..\RunOnce: [netch.exe] C:\WINDOWS\system32\netch.exe
O4 - HKLM\..\RunOnce: [addsz32.exe] C:\WINDOWS\addsz32.exe
O4 - HKLM\..\RunOnce: [apirt.exe] C:\WINDOWS\apirt.exe
O4 - HKLM\..\RunOnce: [javafo32.exe] C:\WINDOWS\javafo32.exe
O4 - HKLM\..\RunOnce: [javaxa.exe] C:\WINDOWS\system32\javaxa.exe
O4 - HKLM\..\RunOnce: [javaym32.exe] C:\WINDOWS\system32\javaym32.exe
O4 - HKLM\..\RunOnce: [netot.exe] C:\WINDOWS\netot.exe
O4 - HKLM\..\RunOnce: [mfcyx32.exe] C:\WINDOWS\system32\mfcyx32.exe
O4 - HKLM\..\RunOnce: [crkf.exe] C:\WINDOWS\system32\crkf.exe
O4 - HKLM\..\RunOnce: [nthe.exe] C:\WINDOWS\nthe.exe
O4 - HKLM\..\RunOnce: [mfcrq32.exe] C:\WINDOWS\mfcrq32.exe
O4 - HKLM\..\RunOnce: [d3gt.exe] C:\WINDOWS\d3gt.exe
O4 - HKLM\..\RunOnce: [addrx.exe] C:\WINDOWS\addrx.exe
O4 - HKLM\..\RunOnce: [syswv.exe] C:\WINDOWS\system32\syswv.exe
O4 - HKLM\..\RunOnce: [javadb.exe] C:\WINDOWS\system32\javadb.exe
O4 - HKLM\..\RunOnce: [mfclu32.exe] C:\WINDOWS\system32\mfclu32.exe
O4 - HKLM\..\RunOnce: [sysmj.exe] C:\WINDOWS\system32\sysmj.exe
O4 - HKLM\..\RunOnce: [netzx.exe] C:\WINDOWS\system32\netzx.exe
O4 - HKLM\..\RunOnce: [sysyj32.exe] C:\WINDOWS\sysyj32.exe
O4 - HKLM\..\RunOnce: [msva.exe] C:\WINDOWS\msva.exe
O4 - HKLM\..\RunOnce: [sysrt.exe] C:\WINDOWS\system32\sysrt.exe
O4 - HKLM\..\RunOnce: [netae32.exe] C:\WINDOWS\system32\netae32.exe
O4 - HKLM\..\RunOnce: [msck.exe] C:\WINDOWS\system32\msck.exe
O4 - HKLM\..\RunOnce: [atleq32.exe] C:\WINDOWS\atleq32.exe
O4 - HKLM\..\RunOnce: [ipen32.exe] C:\WINDOWS\ipen32.exe
O4 - HKLM\..\RunOnce: [atlbs.exe] C:\WINDOWS\system32\atlbs.exe
O4 - HKLM\..\RunOnce: [atlet.exe] C:\WINDOWS\atlet.exe
O4 - HKLM\..\RunOnce: [ntpk.exe] C:\WINDOWS\system32\ntpk.exe
O4 - HKLM\..\RunOnce: [mfccq32.exe] C:\WINDOWS\mfccq32.exe
O4 - HKLM\..\RunOnce: [iebp.exe] C:\WINDOWS\iebp.exe
O4 - HKLM\..\RunOnce: [winbd32.exe] C:\WINDOWS\system32\winbd32.exe
O4 - HKLM\..\RunOnce: [addif.exe] C:\WINDOWS\addif.exe
O4 - HKLM\..\RunOnce: [winvw.exe] C:\WINDOWS\winvw.exe
O4 - HKLM\..\RunOnce: [sdktw.exe] C:\WINDOWS\system32\sdktw.exe
O4 - HKLM\..\RunOnce: [crvl.exe] C:\WINDOWS\crvl.exe
O4 - HKLM\..\RunOnce: [ieul.exe] C:\WINDOWS\ieul.exe
O4 - HKLM\..\RunOnce: [sdkpi.exe] C:\WINDOWS\system32\sdkpi.exe
O4 - HKLM\..\RunOnce: [apiqv32.exe] C:\WINDOWS\system32\apiqv32.exe
O4 - HKLM\..\RunOnce: [d3mp.exe] C:\WINDOWS\system32\d3mp.exe
O4 - HKLM\..\RunOnce: [apibp32.exe] C:\WINDOWS\apibp32.exe
O4 - HKLM\..\RunOnce: [apiem32.exe] C:\WINDOWS\system32\apiem32.exe
O4 - HKLM\..\RunOnce: [ieey.exe] C:\WINDOWS\system32\ieey.exe
O4 - HKLM\..\RunOnce: [atlph.exe] C:\WINDOWS\atlph.exe
O4 - HKLM\..\RunOnce: [apinl.exe] C:\WINDOWS\apinl.exe
O4 - HKLM\..\RunOnce: [sdkrh32.exe] C:\WINDOWS\sdkrh32.exe
O4 - HKLM\..\RunOnce: [sdksv32.exe] C:\WINDOWS\system32\sdksv32.exe
O4 - HKLM\..\RunOnce: [winan.exe] C:\WINDOWS\winan.exe
O4 - HKLM\..\RunOnce: [mfctu.exe] C:\WINDOWS\system32\mfctu.exe
O4 - HKLM\..\RunOnce: [javajk32.exe] C:\WINDOWS\javajk32.exe
O4 - HKLM\..\RunOnce: [atlfz32.exe] C:\WINDOWS\atlfz32.exe
O4 - HKLM\..\RunOnce: [iphr32.exe] C:\WINDOWS\iphr32.exe
O4 - HKLM\..\RunOnce: [apiis32.exe] C:\WINDOWS\system32\apiis32.exe
O4 - HKLM\..\RunOnce: [ntpf.exe] C:\WINDOWS\ntpf.exe
O4 - HKLM\..\RunOnce: [d3yx.exe] C:\WINDOWS\d3yx.exe
O4 - HKLM\..\RunOnce: [ntjg.exe] C:\WINDOWS\ntjg.exe
O4 - HKLM\..\RunOnce: [d3ib32.exe] C:\WINDOWS\d3ib32.exe
O4 - HKLM\..\RunOnce: [atljg.exe] C:\WINDOWS\atljg.exe
O4 - HKLM\..\RunOnce: [winbl32.exe] C:\WINDOWS\system32\winbl32.exe
O4 - HKLM\..\RunOnce: [sdkah.exe] C:\WINDOWS\system32\sdkah.exe
O4 - HKLM\..\RunOnce: [netgv.exe] C:\WINDOWS\netgv.exe
O4 - HKLM\..\RunOnce: [javaos32.exe] C:\WINDOWS\javaos32.exe
O4 - HKLM\..\RunOnce: [iewb.exe] C:\WINDOWS\system32\iewb.exe
O4 - HKLM\..\RunOnce: [atlad.exe] C:\WINDOWS\system32\atlad.exe
O4 - HKLM\..\RunOnce: [sdksb32.exe] C:\WINDOWS\system32\sdksb32.exe
O4 - HKLM\..\RunOnce: [netlc.exe] C:\WINDOWS\system32\netlc.exe
O4 - HKLM\..\RunOnce: [addna.exe] C:\WINDOWS\system32\addna.exe
O4 - HKLM\..\RunOnce: [ntct.exe] C:\WINDOWS\system32\ntct.exe
O4 - HKLM\..\RunOnce: [ntew32.exe] C:\WINDOWS\system32\ntew32.exe
O4 - HKLM\..\RunOnce: [atlde.exe] C:\WINDOWS\atlde.exe
O4 - HKLM\..\RunOnce: [ntpo.exe] C:\WINDOWS\ntpo.exe
O4 - HKLM\..\RunOnce: [apict.exe] C:\WINDOWS\system32\apict.exe
O4 - HKLM\..\RunOnce: [ipop32.exe] C:\WINDOWS\system32\ipop32.exe
O4 - HKLM\..\RunOnce: [netod.exe] C:\WINDOWS\netod.exe
O4 - HKLM\..\RunOnce: [ipwb.exe] C:\WINDOWS\system32\ipwb.exe
O4 - HKLM\..\RunOnce: [d3rc32.exe] C:\WINDOWS\d3rc32.exe
O4 - HKLM\..\RunOnce: [mslk32.exe] C:\WINDOWS\system32\mslk32.exe
O4 - HKLM\..\RunOnce: [sysxw32.exe] C:\WINDOWS\system32\sysxw32.exe
O4 - HKLM\..\RunOnce: [crmk32.exe] C:\WINDOWS\system32\crmk32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?
O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\a.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.com/images/nocache/myspe...etup1.0.0.7.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab

Hmm,

That's quite a log you've got there. This will take a few steps:

First, please download CWShredder to your desktop from here but don't run it yet: http://www.downloads.subratam.org/CWShredder.exe

Next, please download AboutBuster from here and unzip it to your desktop but again don't run it yet: http://www.downloads.subratam.org/AboutBuster.zip

Please verify that you have the latest version of Ad-Aware installed and it's updated with the latest reference file (it should be version 6.0, build 181, with reference file 01R334 24.07.2004)

Follow the instructions here to enable viewing of hidden/system files: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Next, go to Start->Run and type Services.msc then click ok. On the screen that comes up, scroll down and look for any of these services (only one should be listed, and the name needs to match exactly):

Network Security Service
Remote Procedure Call (RPC) Helper
Workstation NetLogon Service

If you find one of those double-click on it (if you don't find any of them, stop and post back). On the next screen, click the stop button, then in the Startup Type drop-down, change it to Disabled and click Apply then Ok.

Please print out the remainder of these directions, as you'll have to proceed in Safe Mode and won't want to open IE again until they're complete.

Reboot to Safe Mode.

In Safe mode, with all other windows closed, scan with Hijack This, put checks next to all the items I've quoted below and click "Fix Checked":



Still in Safe Mode, Double click the AboutBuster.exe file that you downloaded earlier. Click OK, then click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report it creates (copy and paste it into notepad or wordpad and save as a .txt file).

Next, run CWShredder and click on the Fix button

Finally, Still in Safe Mode, scan with Ad-Aware and let it remove anything it finds.

Reboot to normal mode, rescan with Hijack This and post a new log here along with the log you saved from AboutBuster, there will likely be a few more steps, but that should hopefully take care of most of it.

Thakn you so much, the IE homepage has been set to google and no more annoying pop ups. I ran ad-Aware and it found 7722 items but as it was deleting them, the computer froze so im not certain that they have all been deleted. here are the two logs you asked for.

Logfile of HijackThis v1.98.0
Scan saved at 4:04:23 PM, on 7/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJack This\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE



-- Scan 1 --------
About:Buster Version 1.32
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 --------
About:Buster Version 1.32
Attempted Clean Of Temp folder.
Pages Reset... Done!

Your log looks clean :thumb:

I included one line by mistake that you didn't need to remove, so please open Hijack This, click the Config button, then the Backups button, locate and highlight the following item and then click restore:

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

Some extra steps to cleanup though:

Delete the following files if still present:

C:\Program Files\Web_Rebates (entire folder)
C:\Program Files\Internet Explorer\a.exe
C:\WINDOWS\vaiyi.dll
C:\WINDOWS\sysni.dll

To really insure cleanup, you should also go through and check for all the files from the 04 lines we removed and delete them if found, though Ad-Aware probably got most of them:



I would also run Ad-Aware a few more times and make sure everything's gone. If it keeps freezing, try selecting oonly some of the items to remove and see if it will remove those.

Also, the hijacker you had sometimes makes other changes to the system, so a few other steps to be sure everything's back to normal:

First, it usually removes/changes your hosts file. To restore that, download the Hoster tool from here: http://members.aol.com/toadbee/hoster.zip. Unzip it and run it, then click "Restore Original Hosts"' and click "OK". Exit the program.

It also sometimes removes control.exe from your c:\windows\system32\ directory. Check there, and if Control.exe is missing, download a fresh copy from here: http://www.spywareinfo.com/~merijn/winfiles.html#control and copy it to c:\windows\system32\.

If you have Spybot Search & Destroy installed, this also sometimes replaces sdhelper.dll. Check the Spybot folder (usually C:\Program Files\Spybot - Search & Destroy) for that file. If missing, download a new version from here and copy it to that folder: http://www.spywareinfo.com/~merijn/winfiles.html#sdhelper

Finally, this seems to sometimes change IE's security settings, so check under Tools, Internet Options, Security Tab that your settings for the zones are where you want them.

That should hopefully be it.

To reduce the chances of future spyware/hijacking problems, please follow the suggestions here: http://forum.gladiator-antivirus.com/index...?showtopic=9857

Thanks so much, you 've been extremely nice and very helpful. Everything's cleaned up now and running smoothly, thanks again Wave.gif