Forgot to add, I am running:

Dell Dimension 8200, Pentium 4 1.8Ghz, 512MB RAM

Thanks

You have several problems in your log, I may be able to have a go in my lunchtime (1-2pm GMT) but due to work commitments, may not be till my evening (After 7pm GMT)

My boardroom meeting finished early, so herewith reply to log:-
-------------------------
First run cwshredder from here http://www.spywareinfo.com/~merijn/files/cwshredder.zip unzip and run deleting all that it finds

Then reboot, and Tick these in hijackthis, AND WITH ALL OTHER WINDOWS CLOSED, Fix Ticked. (some may be deleted by cwshredder).

These two should be deleted by cwshredder, but if not MUST be ticked in hijackthis.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dev.ntcor.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dev.ntcor.com/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-A08E-8E1CA787AD2D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrs0102.dll

O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1351d8e6a665dd0b4b01/netzip/RdxIE6.cab

These six may be deleted by cwshredder, they all have random names, which normally means badies, tick them UNLESS YOU KNOW WHAT THEY ARE.
O2 - BHO: (no name) - {2BCA21FB-CC48-B17B-FC75-D839DD344ADF} - C:\WINDOWS\system32\mskkctfm.dll
O2 - BHO: (no name) - {3C46DD93-2C9C-4938-957D-825C78F5FD61} - C:\WINDOWS\SYSTEM32\pgdjsctd.dll
O2 - BHO: (no name) - {BAB68AF4-EC13-803F-9DAC-2852A8E012A4} - C:\WINDOWS\system32\jtizjmpp.dll
O4 - HKLM\..\Run: [hobwjphg] C:\WINDOWS\System32\kbpowvgt.exe
O4 - HKLM\..\Run: C:\WINDOWS\System32\rgcaqx.exe
O4 - HKLM\..\Run: [ipzaigjf] C:\WINDOWS\dhbjbwrm.exe

This is not a badie but a resource hog that most people dont find speeds up access to MS files any, tick if you wish, leave if you don't.
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

These are activeX contraols that have been installed on your machine, they are not on a known list of badies, but if deleted and you need they would reinstall from the site when you next visit, I would prefer if these were ticked, UNLESS YOU KNOW THEM TO BE FROM A SAFE SOURCE.
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://www.wildtangent.com/multiplayer/cannonsmmp/wtinst.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_3_0.cab

Then reboot to safe mode (Instuctions from here - http://support.dell.com/us/en/kb/document.asp?dn=1027295)
And find and delete the following files
File > > C:\Program Files\syslaunch.exe
File > > C:\WINDOWS\Belt.exe

and these if you tick to remove in hijackthis
File > > C:\WINDOWS\System32\kbpowvgt.exe
File > > C:\WINDOWS\System32\rgcaqx.exe
File > > C:\WINDOWS\dhbjbwrm.exe

then reboot and do another hijackthis log, and post as a reply to this thread, for me to check.

Chris, I can't thank you enough for taking your time to help. I have followed your instuctions to the letter. Below is my latest log. What do you think? I have also noticed that my hijackthis folder has several backup files. Should I keep them or delete? Thanks again. Look forward to your next response. Luke

Logfile of HijackThis v1.97.7
Scan saved at 10:14:44 PM, on 12/15/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\lxamsp32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1054EC0F-1879-4A37-B3DF-75F968C5F26F}: NameServer = 192.168.1.1,68.58.160.5,68.58.160.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{1054EC0F-1879-4A37-B3DF-75F968C5F26F}: NameServer = 192.168.1.1,68.58.160.5,68.58.160.6

You look clean now. Do you have any problems left.
-----------------------
If not :-

how on earth did I get infected with all that spyware in the first place?
http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?;act=ST;f=38;t=3051
--------------
Look at the info on my website regarding malware (Link below). Some things you can do to stop getting infected again:-
Sypbot s&d, Ad-aware Run weekly - or after a heavy internet session.
Sypwareblaster & Sypwareguard, first sets kill bits to stop known bad activeX controls installing, second acts like your AV to stop browser hijacks and installing of known badies.
All those with links from my site. Do remember just like AV they need to be updated regularly, I do mine weekly, AV daily.
Also ie-spyad (no link on my site yet - find from google), puts 5000 bad sites in your restricted (banned) sites list, to stop you accidentaly getting sent to a bad site, it has optional list of "bad" adult sites to install as well.
With these and a firewall in place I have to try various bad sites when checking peoples hijackthis logs looking to sort bad from good, and I have not yet been infected. Still time for it to happen LOL.

Leave the backup files for a time, they and the hijackthis program should then be deleted, download a new hijackthis for any future time (it gets updated at periods), as does cwshredder. Spybot and Ad-aware updated before running each time.