CWS: I'm begging anyone to help me...

Hello, I've been reading all of these forums and I'm simply blue in the face from trying to eliminate CWS. I've tried all the programs from Adaware, Search and Destroy, PV, HiJackThis, AVG, etc. Here is my Hijack log file, please...someone help me.

5150evh

Logfile of HijackThis v1.97.7
Scan saved at 3:48:36 PM, on 6/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\d3px32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\netge32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cgisp.dll/sp.html#22776
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://cgisp.dll/index.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://cgisp.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cgisp.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://cgisp.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cgisp.dll/sp.html#22776
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {85CC1685-0441-3212-9DC9-3C658F9C15E6} - C:\WINDOWS\winhs.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [netge32.exe] C:\WINDOWS\system32\netge32.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\GiPo@FileUtilities\mount.exe /z
O4 - HKLM\..\RunOnce: [wintx.exe] C:\WINDOWS\system32\wintx.exe
O4 - HKLM\..\RunOnce: [javadr32.exe] C:\WINDOWS\javadr32.exe
O4 - HKLM\..\RunOnce: [d3px32.exe] C:\WINDOWS\d3px32.exe
O4 - HKLM\..\RunOnce: [javasw32.exe] C:\WINDOWS\javasw32.exe
O4 - HKLM\..\RunOnce: [ipgi.exe] C:\WINDOWS\system32\ipgi.exe
O4 - HKLM\..\RunOnce: [netqe.exe] C:\WINDOWS\netqe.exe
O4 - HKLM\..\RunOnce: [sdkby32.exe] C:\WINDOWS\system32\sdkby32.exe
O4 - HKLM\..\RunOnce: [javaxw.exe] C:\WINDOWS\javaxw.exe
O4 - HKLM\..\RunOnce: [SpySweeper_BT01] "C:\Program Files\Webroot\Spy Sweeper\Bt01.exe" /SpySweeper_BT01
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - URL
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - URL
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - URL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - URL

Have you tried CW Shredder from Soeperman Enterprises Ltd.?

Hi 5150evh,

You have a new variant of CWS which does not have a fix yet. RubberDuckY has created a program to deal with this variant. Please follow thers instructions carefully:

Run HijackThis, place a checkmark next to the following items. Close ALL other windows and browsers except HijackThis. Click "fix checked".

O2 - BHO: (no name) - {85CC1685-0441-3212-9DC9-3C658F9C15E6} - C:\WINDOWS\winhs.dll
O4 - HKLM\..\Run: [netge32.exe] C:\WINDOWS\system32\netge32.exe
O4 - HKLM\..\RunOnce: [wintx.exe] C:\WINDOWS\system32\wintx.exe
O4 - HKLM\..\RunOnce: [javadr32.exe] C:\WINDOWS\javadr32.exe
O4 - HKLM\..\RunOnce: [d3px32.exe] C:\WINDOWS\d3px32.exe
O4 - HKLM\..\RunOnce: [javasw32.exe] C:\WINDOWS\javasw32.exe
O4 - HKLM\..\RunOnce: [ipgi.exe] C:\WINDOWS\system32\ipgi.exe
O4 - HKLM\..\RunOnce: [netqe.exe] C:\WINDOWS\netqe.exe
O4 - HKLM\..\RunOnce: [sdkby32.exe] C:\WINDOWS\system32\sdkby32.exe
O4 - HKLM\..\RunOnce: [javaxw.exe] C:\WINDOWS\javaxw.exe

Open Task manager and end the following processes if running:
netge32.exe
wintx.exe
javadr32.exe
d3px32.exe
javasw32.exe
ipgi.exe
netqe.exe
sdkby32.exe
javaxw.exe

Show hidden files:
How to Show hidden files and folders.
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Delete the following files:
C:\WINDOWS\system32\netge32.exe
C:\WINDOWS\system32\wintx.exe
C:\WINDOWS\javadr32.exe
C:\WINDOWS\d3px32.exe
C:\WINDOWS\javasw32.exe
C:\WINDOWS\system32\ipgi.exe
C:\WINDOWS\netqe.exe
C:\WINDOWS\system32\sdkby32.exe
C:\WINDOWS\javaxw.exe

Reboot normally.

After you have restarted your computer please download about:Buster by RubbeRDuckY and save it to your desktop. Unzip it and start it. Read the Message that popsup (which is directions.). You have done most of it. Now hit start. Start up internet explorer and copy ALL THE TEXT in the address bar. Then in the white box paste the text and hit Ok. It should work. Then please restart your computer and post a new Hijack this log.

http://tools.zerosrealm.com/AboutBuster.zip

Tom