Media-Motor/Diamond Dollz

Raiders16

I have been getting a persistent pop-up ad from Media-Motor that's titled something from Diamond Dollz. I've used Clean Cache, Spybot, Ad-Aware & Norton Anti-Virus but it still keeps popping up. I've also checked in the registry & have found nothing. It's really not doing anything to my computer, just an annoyance. Here is my HiJackThis log file. Thanks in advance for any help you may give.

Logfile of HijackThis v1.99.1
Scan saved at 9:26:12 AM, on 6/29/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\WINNT\xkgsvuyn.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\WINNT\system32\ipm50_.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINNT\system32\ipm50_.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijack This\HijackThis.exe

O1 - Hosts: ÐJ¸ÐJ¸¸¸˜¸˜¸*¸*¸¨¸¨¸°¸°¸¸¸¸¸À¸À¸È¸È¸Ð¸Ð¸Ø¸Ø¸à¸à¸è¸è¸ð¸ð¸ø¸ø¸ ˆ¸¸¸˜¸˜¸*¸*¸¨¸¨¸°¸°¸¸¸¸¸À¸À¸È¸È¸Ð¸Ð¸Ø¸Ø¸à¸à¸è¸è¸ð¸ð¸ø¸ø¸
O1 - Hosts: ¸˜¸˜¸*¸*¸¨¸¨¸°¸°¸¸¸¸¸À¸À¸È¸È¸Ð¸Ð¸Ø¸Ø¸à¸à¸è¸è¸ð¸ð¸ø¸ø¸
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Lamp] C:\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [vthixwbs] C:\WINNT\xkgsvuyn.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [UpdSys] Z:\Program Files\Internet Explorer\System.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\dennis\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\dennis\Client\HelpExp.exe
O4 - HKCU\..\Run: [ipm50_] C:\WINNT\system32\ipm50_.exe
O4 - HKCU\..\RunOnce: [ipm50_] C:\WINNT\system32\ipm50_.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\WINNT\system32\shdocvw.dll
O15 - Trusted Zone: *.msn.com
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) -
O23 - Service: Application - Unknown owner - C:\WINNT\system32\ntservice.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Buckeye_Sam

Download this tool and run it.
http://securityresponse.symantec.com/avcenter/FixMumu.exe


Please make sure that you can VIEW ALL HIDDEN FILES.

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

O1 - Hosts: ÐJ¸ÐJ¸¸¸˜¸˜¸*¸*¸¨¸¨¸°¸°¸¸ ¸¸¸À¸À¸È¸È¸Ð¸Ð¸Ø¸Ø¸à¸à¸è¸ è¸ð¸ð¸ø¸ø¸ ˆ¸¸¸˜¸˜¸*¸*¸¨¸¨¸°¸°¸¸¸¸ ¸À¸À¸È¸È¸Ð¸Ð¸Ø¸Ø¸à¸à¸è¸è¸ ð¸ð¸ø¸ø¸
O1 - Hosts: ¸˜¸˜¸*¸*¸¨¸¨¸°¸°¸¸¸¸¸À¸À ¸È¸È¸Ð¸Ð¸Ø¸Ø¸à¸à¸è¸è¸ð¸ð¸ ø¸ø¸
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [vthixwbs] C:\WINNT\xkgsvuyn.exe
O4 - HKCU\..\Run: [UpdSys] Z:\Program Files\Internet Explorer\System.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: Application - Unknown owner - C:\WINNT\system32\ntservice.exe (file missing)


Reboot your computer into SAFE MODE

Then delete these files or directories (Do not be concerned if they do not exist):

C:\WINNT\system32\ntservice.exe
C:\WINNT\xkgsvuyn.exe
C:\Program Files\E2G
Z:\Program Files\Internet Explorer\System.exe



Run FixMumu.exe once more while in Safe mode.



Reboot your computer to go back to normal mode.



Please run at least two of these online scans.
Make sure they are set to clean automatically

Panda Virus Scan

Bit Defender

TrendMicro Housecall

There will be files that these scans will not remove. Please include that information in your next post.


Reboot and post a new hijackthis log and the info from your virus scans.

Raiders16

Buckeye_Sam
OK, I did everything you instructed(at least I think I did). Here's the new HiJack This Log & 2 Virus Scan reports:
Logfile of HijackThis v1.99.1
Scan saved at 3:08:41 PM, on 6/30/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Lamp] C:\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\dennis\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\dennis\Client\HelpExp.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: *.msn.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Panda Virus Scan Report:
Incident Status Location

Virus:Trj/Prutec.M Disinfected Operating system
Adware:Adware/SaveNow No disinfected C:\SaveInstcm.exe
Adware:Adware/nCase No disinfected C:\WINNT\180ax.log
Spyware:Spyware/AdClicker No disinfected C:\WINNT\usta33.ini
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/BrowserAid No disinfected C:\WINNT\system32\stlbdist.dll
Spyware:Spyware/BetterInet No disinfected C:\WINNT\system32\in10b6s.dll
Adware:Adware/SAHAgent No disinfected C:\WINNT\unstall.exe
Adware:Adware/Xupiter No disinfected C:\Program Files\Orbit
Adware:Adware/StatBlaster No disinfected C:\Program Files\Media\Media
Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/AdDestroyer No disinfected C:\WINNT\system32\SWRT??.dll
Adware:Adware/VirtualBouncer No disinfected C:\WINNT\system32\swrt01.dll
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\administrator\Application Data\tvm*.dll
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\administrator\Application Data\Lycos
Adware:Adware/Adroar No disinfected C:\WINNT\artmmp.ini
Spyware:Spyware/Media-motor No disinfected C:\WINNT\Downloaded Program Files\mm??.ocx
Adware:Adware/E2Give No disinfected C:\Program Files\E2G
Adware:Adware/PowerSearch No disinfected C:\Program Files\PowerSearch
Spyware:Spyware/Whazit No disinfected C:\WINNT\system32\fiz1
Spyware:Spyware/SurfSideKick No disinfected Windows Registry
Spyware:Spyware/Lowzones No disinfected C:\WINNT\newpop63.exe
Adware:Adware/StoolBar No disinfected Windows Registry
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\administrator\Application Data\Sskknwrd.dll
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\administrator\Application Data\tvmknwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\administrator\Local Settings\Temporary Internet Files\Ssk.log
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/KeenValue No disinfected C:\Program Files\PowerSearch\Toolbar\tipb.exe
Virus:Trj/Clicker.FB Disinfected C:\RECYCLER\S-1-5-21-1757981266-1563985344-854245398-500\Dc2.exe
Adware:Adware/SaveNow No disinfected C:\SaveInstCm.exe
Adware:Adware/nCase No disinfected C:\WINNT\180ax.log
Adware:Adware/nCase No disinfected C:\WINNT\180ax_gdf.dat
Adware:Adware/Adroar No disinfected C:\WINNT\artmmp.ini
Adware:Adware/Gator No disinfected C:\WINNT\Downloaded Program Files\CONFLICT.1\HDPlugin1015.dll
Spyware:Spyware/Media-motor No disinfected C:\WINNT\Downloaded Program Files\CONFLICT.1\mm63.ocx
Spyware:Spyware/Media-motor No disinfected C:\WINNT\Downloaded Program Files\CONFLICT.2\mm63.ocx
Spyware:Spyware/Media-motor No disinfected C:\WINNT\Downloaded Program Files\CONFLICT.3\mm63.ocx
Spyware:Spyware/Media-motor No disinfected C:\WINNT\Downloaded Program Files\m67m.inf
Spyware:Spyware/Media-motor No disinfected C:\WINNT\Downloaded Program Files\m67m.ocx
Spyware:Spyware/Media-motor No disinfected C:\WINNT\Downloaded Program Files\mm63.ocx
Virus:Trj/Downloader.BZD Disinfected C:\WINNT\Downloaded Program Files\roing17.INF
Adware:Adware/SaveNow No disinfected C:\WINNT\Downloaded Program Files\WUInst.dll
Adware:Adware/SaveNow No disinfected C:\WINNT\Downloaded Program Files\WUInst.inf
Adware:Adware/HelpExpress No disinfected C:\WINNT\emsw.exe
Adware:Adware/WinTools No disinfected C:\WINNT\hisistheurls.exe
Adware:Adware/SAHAgent No disinfected C:\WINNT\inf\bi5.inf
Adware:Adware/ImGiant No disinfected C:\WINNT\myurlff.exe
Virus:Trj/Notifier.AA Disinfected C:\WINNT\newpop63.exe
Spyware:Spyware/Media-motor No disinfected C:\WINNT\seeve.exe
Spyware:Spyware/BetterInet No disinfected C:\WINNT\system32\b5s.dll
Virus:Trj/Multidropper.MM Disinfected C:\WINNT\system32\c17bQs.dll
Virus:Trj/Qhost.Y Disinfected C:\WINNT\system32\drivers\etc\hosts
Spyware:Spyware/Whazit No disinfected C:\WINNT\system32\fiz1
Virus:Trj/Multidropper.AGD Disinfected C:\WINNT\system32\in10b6s.dll
Adware:Adware/eZula No disinfected C:\WINNT\system32\KVIF_11.dll
Adware:Adware/eZula No disinfected C:\WINNT\system32\KVIF_11.exe
Spyware:Spyware/Whazit No disinfected C:\WINNT\system32\kyf.dat
Virus:Trj/Spy.PcGhost.A Disinfected C:\WINNT\system32\NWIZ_.exe
Virus:Bck/Digarix.A Disinfected C:\WINNT\system32\rmtcfg\files\servers.ini
Adware:Adware/BrowserAid No disinfected C:\WINNT\system32\stlbdist.DLL
Adware:Adware/VirtualBouncer No disinfected C:\WINNT\system32\SWRT01.dll
Adware:Adware/eZula No disinfected C:\WINNT\system32\TopTextiLookup.exe
Spyware:Spyware/Media-motor No disinfected C:\WINNT\unstall.exe
Spyware:Spyware/AdClicker No disinfected C:\WINNT\usta33.ini

BitDefender Online Scanner -Scan ReportBitDefender Online Scanner
Scan report generated at: Thu, Jun 30, 2005 - 14:55:34

Scan path: A:\;C:\;D:\;E:\;F:\;

Statistics
Time00:19:28
Files109459
Folders2311
Boot Sectors3
Archives844
Packed Files24026

Results
Identified Viruses 9
Infected Files 12
Suspect Files 0
Warnings0
Disinfected0
Deleted Files11

Engines Info
Virus Definitions187178
Engine buildAVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins13
Archive plugins39
Unpack plugins4
E-mail plugins6
System plugins1

Scan Settings
First ActionDisinfect
Second ActionDelete
HeuristicsYes
Enable WarningsYes
Scanned
Extensionsexe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Exclude Extensions
Scan EmailsYes
Scan ArchivesYes
Scan PackedYes
Scan FilesYes
Scan BootYes

Scanned File Status
C:\Documents and Settings\administrator\Local
Settings\Temp\ei.exeInfected with: Trojan.Downloader.3007.A
C:\Documents and Settings\administrator\Local
Settings\Temp\ei.exeDisinfection failed
C:\Documents and Settings\administrator\Local
Settings\Temp\ei.exeDelete failed
C:\Program Files\PowerSearch\Toolbar\tipb.exeInfected with:
Trojan.Downloader.Keenval.C
C:\Program Files\PowerSearch\Toolbar\tipb.exeDisinfection failed
C:\Program Files\PowerSearch\Toolbar\tipb.exeDeleted
C:\WINNT\Downloaded Program Files\CONFLICT.1\mm63.ocxInfected with:
Trojan.Downloader.Vb.EZ
C:\WINNT\Downloaded Program Files\CONFLICT.1\mm63.ocxDisinfection
failed
C:\WINNT\Downloaded Program Files\CONFLICT.1\mm63.ocxDeleted
C:\WINNT\Downloaded Program Files\CONFLICT.2\mm63.ocxInfected with:
Trojan.Downloader.Vb.EZ
C:\WINNT\Downloaded Program Files\CONFLICT.2\mm63.ocxDisinfection
failed
C:\WINNT\Downloaded Program Files\CONFLICT.2\mm63.ocxDeleted
C:\WINNT\Downloaded Program Files\CONFLICT.3\mm63.ocxInfected with:
Trojan.Downloader.Vb.EZ
C:\WINNT\Downloaded Program Files\CONFLICT.3\mm63.ocxDisinfection
failed
C:\WINNT\Downloaded Program Files\CONFLICT.3\mm63.ocxDeleted
C:\WINNT\Downloaded Program Files\m67m.ocxInfected with:
Trojan.Startpage.SM
C:\WINNT\Downloaded Program Files\m67m.ocxDisinfection failed
C:\WINNT\Downloaded Program Files\m67m.ocxDeleted
C:\WINNT\Downloaded Program Files\mm63.ocxInfected with:
Trojan.Downloader.Vb.EZ
C:\WINNT\Downloaded Program Files\mm63.ocxDisinfection failed
C:\WINNT\Downloaded Program Files\mm63.ocxDeleted
C:\WINNT\seeve.exeInfected with: Trojan.Lowzone.AA
C:\WINNT\seeve.exeDisinfection failed
C:\WINNT\seeve.exeDeleted
C:\WINNT\system32\KVIF_11.dllDetected with: Adware.180Solutions
C:\WINNT\system32\KVIF_11.dllDisinfection failed
C:\WINNT\system32\KVIF_11.dllDeleted
C:\WINNT\system32\KVIF_11.exeInfected with: Trojan.MulDrop.1213
C:\WINNT\system32\KVIF_11.exeDisinfection failed
C:\WINNT\system32\KVIF_11.exeDeleted
C:\WINNT\system32\rmtcfg\files\mdll.exeInfected with:
Trojan.Ircflood.C
C:\WINNT\system32\rmtcfg\files\mdll.exeDisinfection failed
C:\WINNT\system32\rmtcfg\files\mdll.exeDeleted
C:\WINNT\system32\rmtcfg\files\psexec.exeDetected with:
Application.Remotexec.A
C:\WINNT\system32\rmtcfg\files\psexec.exeDisinfection failed
C:\WINNT\system32\rmtcfg\files\psexec.exeDeleted

I hope I did everything correctly. Thanks again for all your help.

Buckeye_Sam

Download the Pocket Killbox.

Unzip the contents of KillBox.zip to a convenient location and then double-click on KillBox.exe to launch the program.

• Highlight the lines below and press the Ctrl key and the C key at the same time to copy them to the clipboard:
  
  C:\SaveInstcm.exe
  C:\WINNT\180ax.log
  C:\WINNT\usta33.ini
  C:\WINNT\system32\stlbdist.dll
  C:\WINNT\system32\in10b6s.dll
  C:\WINNT\unstall.exe
  C:\WINNT\system32\swrt01.dll
  C:\Documents and Settings\administrator\Application Data\tvm*.dll
  C:\keys.ini
  C:\WINNT\artmmp.ini
  C:\WINNT\newpop63.exe
  C:\Documents and Settings\administrator\Application Data\Sskknwrd.dll
  C:\Documents and Settings\administrator\Application Data\tvmknwrd.dll
  C:\WINNT\180ax.log
  C:\WINNT\180ax_gdf.dat
  C:\WINNT\artmmp.ini
  C:\WINNT\Downloaded Program Files\CONFLICT.1\HDPlugin1015.dll
  C:\WINNT\Downloaded Program Files\CONFLICT.1\mm63.ocx
  C:\WINNT\Downloaded Program Files\CONFLICT.2\mm63.ocx
  C:\WINNT\Downloaded Program Files\CONFLICT.3\mm63.ocx
  C:\WINNT\Downloaded Program Files\m67m.inf
  C:\WINNT\Downloaded Program Files\m67m.ocx
  C:\WINNT\Downloaded Program Files\mm63.ocx
  C:\WINNT\Downloaded Program Files\roing17.INF
  C:\WINNT\Downloaded Program Files\WUInst.dll
  C:\WINNT\Downloaded Program Files\WUInst.inf
  C:\WINNT\emsw.exe
  C:\WINNT\hisistheurls.exe
  C:\WINNT\inf\bi5.inf
  C:\WINNT\myurlff.exe
  C:\WINNT\seeve.exe
  C:\WINNT\system32\b5s.dll
  C:\WINNT\system32\c17bQs.dll
  C:\WINNT\system32\in10b6s.dll
  C:\WINNT\system32\KVIF_11.dll
  C:\WINNT\system32\KVIF_11.exe
  C:\WINNT\system32\kyf.dat
  C:\WINNT\system32\NWIZ_.exe
  C:\WINNT\system32\rmtcfg\files\servers.ini
  C:\WINNT\system32\stlbdist.DLL
  C:\WINNT\system32\SWRT01.dll
  C:\WINNT\system32\TopTextiLookup.exe
  C:\WINNT\unstall.exe
  C:\WINNT\usta33.ini
  
  

[*]Now go to the Killbox application and click on the File menu and then the Paste from Clipboard menu item. In the Full Path of File to Delete box you should see the first file. If you dropdown that box you should see the rest of them. Make sure that they are all there.
[*]Click on the Delete on Reboot option and then click on the red circle with a white 'X' in to to delete the files. Killbox will tell you that all listed files will be deleted on next reboot, click YES. When it asks if you would like to Reboot now, click YES. If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Your system will reboot now.


====================


Please delete these directories:

C:\Program Files\Orbit
C:\Program Files\Media
C:\Program Files\E2G
C:\Program Files\PowerSearch
C:\Documents and Settings\administrator\Application Data\Lycos
C:\WINNT\system32\fiz1


===================


Please download, install, and run Cleanup 4.0
http://cleanup.stevengould.org/


===================


Please follow these instructions to run Adware.

• Download, install, update, configure, and run Ad-Aware SE Personal 1.06.
  1. Download Ad-Aware SE Personal 1.06:
     • Download Ad-Aware SE Personal 1.05.
     • Save aawsepersonal.exe to a convenient location.
  2. Install Ad-Aware SE Personal 1.06:
     • Double-click on aawsepersonal.exe to install the program.
     • Follow the default settings for installation.
     • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
  3. Update Ad-Aware SE Personal 1.06:
     • Double-click the Ad-Aware SE Personal icon on your desktop.
     • Click "Check for updates now" then click "Connect".
     • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
  4. Configure Ad-Aware SE Personal 1.06:
     • Click on the Gear button at the top of the window.
     • Click "General" on the left hand side to display the General Settings box.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Automatically save logfile"
         • "Automatically quarantine objects prior to removal"
         • "Safe Mode (always request confirmation)"
         • "Prompt to update outdated definitions" - change to 7 days from the default 14.
     • Click "Scanning" on the left hand side to display the Scan Settings box.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Scan within archives"
         • "Select drives & folders to scan" - select your hard drive(s).
         • "Scan active processes"
         • "Scan registry"
         • "Deep-scan registry"
         • "Scan my IE favorites for banned URLs"
         • "Scan my Hosts file"
     • Click "Advanced" on the left hand side to display the Advanced Settings box.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Move deleted files to Recycle Bin"
         • "Include additional object information"
         • "Include negligible objects information"
         • "Include environment information"
     • Click "Defaults" on the left hand side to display the Default Settings box.
       • Make sure these items have your preferred settings in them.:
         • "Default homepage"
         • "Default searchpage"
     • Click "Tweak" on the left hand side to display the Tweak Settings box.
       • Click the + (plus) sign next to the Log Files section. This will expand the section.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Include basic Ad-Aware settings in log file"
         • "Include additional Ad-Aware settings in log file"
         • "Include reference summary in log file"
         • "Include alternate data stream details in log file"
       • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Unload recognized processes & modules during scan"
         • "Scan registry for all users instead of current user only"
         • "Obtain command line of scanned processes"
       • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
       • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark:
         • "Always try to unload modules before deletion"
         • "During removal, unload Explorer and IE if necessary"
         • "Let Windows remove files in use at next reboot"
         • "Delete quarantined objects after restoring"
     • Once you are done with these settings, click "Proceed" to save them.
     • This will take you back to the main screen.
  5. Run Ad-Aware SE Personal 1.05:
     • Click the "Start" button.
     • Uncheck the "Search for negligible risk entries" entry.
     • Choose the "Use custom scanning options" scan mode.
     • Click the "Next" button.
     • Ad-Aware will begin to scan for malware residing on your computer.
     • Allow the scan to finish.
     • Right-click on any entry in the list and click "Select All" to select the whole list.
     • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.

Reboot and post a new hijackthis log and we'll see what's left.

Raiders16

Sorry. I have KillBox downloaded, but I'm not understanding how to launch it & get all those lines you want highlighted.

Buckeye_Sam

First you have to unzip it. If you double click on Killbox.zip you should find that you have a program that will ask you where you want to extract the file to. For convenience you may want to just put it on your desktop.

Then all you need to do is hilight the list of files, right click and select copy. Then just follow the rest of the steps...

# Now go to the Killbox application and click on the File menu and then the Paste from Clipboard menu item. In the Full Path of File to Delete box you should see the first file. If you dropdown that box you should see the rest of them. Make sure that they are all there.
# Click on the Delete on Reboot option and then click on the red circle with a white 'X' in to to delete the files. Killbox will tell you that all listed files will be deleted on next reboot, click YES. When it asks if you would like to Reboot now, click YES.

Raiders16

Everything seems to be running good. I'm not getting that pop-up anymore. Here is my latest HiJack this log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:10:01 PM, on 7/5/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Lamp] C:\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\dennis\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\dennis\Client\HelpExp.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\WINNT\system32\shdocvw.dll
O15 - Trusted Zone: *.msn.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks for all your help!

Buckeye_Sam

You are not clean yet.

Run Hijackthis. Click on "Open the Misc Tools section". Next click on "Open uninstall manager".
Press the button 'save list'. It will open a Notepad file. Place the content of that file here in your in your next post.

Raiders16

Buckeye Sam, here is the list:

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
Broderbund Home Design 5.1
ccCommon
CleanCache 2.23
CleanUp!
Construction Office 2002 Developer
DirectX 9 Hotfix - KB839643
Easy CD Creator 5 Platinum
EnterNet 300
EPSON Printer Software
Genesis 2000
GoBack Personal Edition
HijackThis 1.99.1
HP PrecisionScan Pro and Utilities
Internet Worm Protection
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Small Business
Microsoft PowerPoint 2000 SR-1
Microsoft VGX Q833989
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Media Video 9 VCM
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton SystemWorks 2003
Norton WMI Update
Norton WMI Update
NVIDIA Windows 2000/XP Display Drivers
PageKeeper Standard 3.0
Pop-Up Stopper Free Edition
PrintMaster 12
QuickBooks Premier Edition 2005
QuickTime
RealPlayer
Scan Manager 3.1
Shockwave
SPBBC
Spybot - Search & Destroy 1.3
Symantec
Symantec Script Blocking Installer
SymNet
Windows 2000 Hotfix - KB329115
Windows 2000 Hotfix - KB822831
Windows 2000 Hotfix - KB823182
Windows 2000 Hotfix - KB823559
Windows 2000 Hotfix - KB824105
Windows 2000 Hotfix - KB825119
Windows 2000 Hotfix - KB826232
Windows 2000 Hotfix - KB828035
Windows 2000 Hotfix - KB828741
Windows 2000 Hotfix - KB828749
Windows 2000 Hotfix - KB834707
Windows 2000 Hotfix - KB835732
Windows 2000 Hotfix - KB837001
Windows 2000 Hotfix - KB839645
Windows 2000 Hotfix - KB840315
Windows 2000 Hotfix - KB840987
Windows 2000 Hotfix - KB841356
Windows 2000 Hotfix - KB841533
Windows 2000 Hotfix - KB841872
Windows 2000 Hotfix - KB841873
Windows 2000 Hotfix - KB842526
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB867282
Windows 2000 Hotfix - KB871250
Windows 2000 Hotfix - KB873333
Windows 2000 Hotfix - KB873339
Windows 2000 Hotfix - KB883939
Windows 2000 Hotfix - KB885250
Windows 2000 Hotfix - KB885835
Windows 2000 Hotfix - KB885836
Windows 2000 Hotfix - KB888113
Windows 2000 Hotfix - KB889293
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB890047
Windows 2000 Hotfix - KB890175
Windows 2000 Hotfix - KB890859
Windows 2000 Hotfix - KB890923
Windows 2000 Hotfix - KB891711
Windows 2000 Hotfix - KB891781
Windows 2000 Hotfix - KB893066
Windows 2000 Hotfix - KB893086
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix (SP5) Q818043
Windows 2000 Service Pack 4
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See KB837272 for more information]
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinZip

Buckeye_Sam

Fix these lines with Hijackthis.

O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\dennis\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\dennis\Client\HelpExp.exe


Delete this folder:

C:\Program Files\Alset\HelpExpress



Reboot and post a new hijackthis log. Let me know of any problems that you are still experiencing.

Raiders16

Everything seems to be running fine. Thanks again for all of your help. Here's the latest HiJack This log:

Logfile of HijackThis v1.99.1
Scan saved at 9:08:35 AM, on 7/7/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Lamp] C:\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\WINNT\system32\shdocvw.dll
O15 - Trusted Zone: *.msn.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Buckeye_Sam

Your log is clean.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.
   
   You can find instructions on how to enable and reenable system restore here:
   
   Managing Windows Millenium System Restore
   
   or
   
   Windows XP System Restore Guide
   
   Renable system restore with instructions from tutorial above
   
   
2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
   1. From within Internet Explorer click on the Tools menu and then click on Options.
   2. Click once on the Security tab
   3. Click once on the Internet icon so it becomes highlighted.
   4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
         
      2. Change the Download unsigned ActiveX controls to Disable
         
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
         
      4. Change the Installation of desktop items to Prompt
         
      5. Change the Launching programs and files in an IFRAME to Prompt
         
      6. Change the Navigate sub-frames across different domains to Prompt
         
      7. When all these settings have been made, click on the OK button.
         
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
   5. Next press the Apply button and then the OK to exit the Internet Properties page.
   
   
3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
   
   See this link for a listing of some online & their stand-alone antivirus programs:
   
   Virus, Spyware, and Malware Protection and Removal Resources
   
   
4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
   
   For a tutorial on Firewalls and a listing of some available ones see the link below:
   
   Understanding and Using Firewalls
   
   
6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
   
   A tutorial on installing & using this product can be found here:
   
   Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
   
   
8. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
   
   A tutorial on installing & using this product can be found here:
   
   Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
   
   
9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
   
   A tutorial on installing & using this product can be found here:
   
   Using SpywareBlaster to protect your computer from Spyware and Malware
   
   
10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.