Logfile of HijackThis v1.98.2
Scan saved at 11:16:40 AM, on 10/1/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\AS***ent.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\qdkhsilw.exe
C:\WINDOWS\System32\WSHTCPIP.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\snmusx.exe
C:\WINDOWS\system32\egsvcr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\UPS\UOWS\ShipUps.exe
c:\ups\uows\upslnkmg.exe
C:\WINDOWS\system32\ORCEDOSF.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\tprintn.exe
C:\WINDOWS\system32\0421.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\PARTYP~1\LOCALS~1\Temp\HijackThis.exe
C:\WINDOWS\system32\HKNTFSC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [xandbxqmj] C:\WINDOWS\System32\qdkhsilw.exe
O4 - HKLM\..\Run: [YFCFu] C:\documents and settings\partypoopers\local settings\temp\YFCFu.exe
O4 - HKLM\..\Run: [DK] C:\documents and settings\partypoopers\local settings\temp\DK.exe
O4 - HKLM\..\Run: [tLS7xYL] C:\documents and settings\partypoopers\local settings\temp\tLS7xYL.exe
O4 - HKLM\..\Run: [xykczc] C:\WINDOWS\System32\xykczc.exe
O4 - HKLM\..\Run: [ee7594357305] C:\WINDOWS\System32\WSHTCPIP.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [egsvcr] C:\WINDOWS\system32\egsvcr.exe
O4 - HKLM\..\Run: [ORCEDOSF] C:\WINDOWS\system32\ORCEDOSF.exe
O4 - HKLM\..\Run: [tprintn] C:\WINDOWS\system32\tprintn.exe
O4 - HKLM\..\Run: [0421] C:\WINDOWS\system32\0421.exe
O4 - HKLM\..\Run: [HKNTFSC] C:\WINDOWS\system32\HKNTFSC.exe
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [Y358RXH6S] snmusx.exe
O4 - HKCU\..\Run: [USBMON759w.exe] "C:\WINDOWS\System32\USBMON759w.exe"
O4 - HKCU\..\Run: [USRFAXA291u.exe] "C:\WINDOWS\System32\USRFAXA291u.exe"
O4 - HKCU\..\Run: [msscp247g.exe] "C:\WINDOWS\System32\msscp247g.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O18 - Protocol hijack: mhtml -
O20 - AppInit_DLLs: C:\WINDOWS\System32\kbdibm02982j.dll

Problem Description please? I can see what your problem is, but I like to know from the user what exactly they are experiencing.

Hi,
I am getting pop ups when I open explorer on the PC running XP. They don't stop and continuously open up one on top of the other.
On Mozilla I see no pop ups.
thanks for asking,

Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

O4 - HKLM\..\Run: [xandbxqmj] C:\WINDOWS\System32\qdkhsilw.exe
O4 - HKLM\..\Run: [YFCFu] C:\documents and settings\partypoopers\local settings\temp\YFCFu.exe
O4 - HKLM\..\Run: [DK] C:\documents and settings\partypoopers\local settings\temp\DK.exe
O4 - HKLM\..\Run: [tLS7xYL] C:\documents and settings\partypoopers\local settings\temp\tLS7xYL.exe
O4 - HKLM\..\Run: [xykczc] C:\WINDOWS\System32\xykczc.exe
O4 - HKLM\..\Run: [ee7594357305] C:\WINDOWS\System32\WSHTCPIP.exe
O4 - HKLM\..\Run: [egsvcr] C:\WINDOWS\system32\egsvcr.exe
O4 - HKLM\..\Run: [ORCEDOSF] C:\WINDOWS\system32\ORCEDOSF.exe
O4 - HKLM\..\Run: [tprintn] C:\WINDOWS\system32\tprintn.exe
O4 - HKLM\..\Run: [0421] C:\WINDOWS\system32\0421.exe
O4 - HKLM\..\Run: [HKNTFSC] C:\WINDOWS\system32\HKNTFSC.exe
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [Y358RXH6S] snmusx.exe
O4 - HKCU\..\Run: [USBMON759w.exe] "C:\WINDOWS\System32\USBMON759w.exe"
O4 - HKCU\..\Run: [USRFAXA291u.exe] "C:\WINDOWS\System32\USRFAXA291u.exe"
O4 - HKCU\..\Run: [msscp247g.exe] "C:\WINDOWS\System32\msscp247g.exe"
O18 - Protocol hijack: mhtml -
O20 - AppInit_DLLs: C:\WINDOWS\System32\kbdibm02982j.dll

Click Fix Checked

Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

Go to the Control Panel, double click Add/Remove programs and uninstall the following programs:
ClockSync

Go to C:\documents and settings\partypoopers\local settings\temp and once in the folder click Edit> Select All. Then hit the delete key to get rid of the entire contents of the folder. Leave the folder itself intact though.

Delete the following files and folders:
C:\WINDOWS\System32\qdkhsilw.exe
C:\WINDOWS\System32\xykczc.exe
C:\WINDOWS\System32\WSHTCPIP.exe
C:\WINDOWS\system32\egsvcr.exe
C:\WINDOWS\system32\ORCEDOSF.exe
C:\WINDOWS\system32\tprintn.exe
C:\WINDOWS\system32\0421.exe
C:\WINDOWS\system32\HKNTFSC.exe
C:\Program Files\ClockSync
C:\WINDOWS\system32\snmusx.exe
C:\WINDOWS\System32\USBMON759w.exe
C:\WINDOWS\System32\USRFAXA291u.exe
C:\WINDOWS\System32\msscp247g.exe

Reboot and post a fresh log

Hi Owen,
Thanks for the help. Here is the Hijack log as requested. I will not start explorer till I see that my log is clean- so I'll wait for your reply.
Thanks,
Isaac

Logfile of HijackThis v1.98.2
Scan saved at 12:32:01 PM, on 10/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\AS***ent.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\netwizh.exe
C:\WINDOWS\system32\ao360D.exe
C:\WINDOWS\system32\rstrms3p.exe
C:\WINDOWS\system32\mpcorew.exe
C:\WINDOWS\system32\ABELL.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\PARTYP~1\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [netwizh] C:\WINDOWS\system32\netwizh.exe
O4 - HKLM\..\Run: [ao360D] C:\WINDOWS\system32\ao360D.exe
O4 - HKLM\..\Run: [rstrms3p] C:\WINDOWS\system32\rstrms3p.exe
O4 - HKLM\..\Run: [mpcorew] C:\WINDOWS\system32\mpcorew.exe
O4 - HKLM\..\Run: [ABELL] C:\WINDOWS\system32\ABELL.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: UPS Online PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O18 - Protocol hijack: mhtml -