I've been having this problem for about 3 days now, and I just cannot get rid of it. I've tried everything I could think of. I've tried Ad-Aware, Spybot, CWShredder, Norton, AVG, HouseCall, and Panda Software Online Scan. Nothing has gotten rid of it. Anyway, everytime I open an application such as Firefox or Winamp, I get a popup from AVG that says the following:

"Virus
Trojan horse BackDoor.Agent.BA

is found in file
C:\WINNT\system32\d3d.dll

To remove this virus, please run AVG for Windows"

However, AVG does not remove it. I've seen a lot of people post there HijackThis log, so here is mine. I hope you can help.

Logfile of HijackThis v1.98.0
Scan saved at 11:49:10 AM, on 8/3/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\sstray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\loadqm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\Documents and Settings\Emil Zelek\Desktop\mIRC\mirc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\AIM+\AIM+.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\Program Files\Real\RealJukebox\tsystray.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ist service uninstall x] C:\WINNT\simple1.exe /u
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: www.mt-download.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=5bec23d1562dab27c48938193de61df5e3ffaf4db8f1c38a9767d8cbe81bb208afd040da6a49dbc247bcebccfc4cdeda05a101265e6af8d4:cc9e7876534d1287abe41fc73afd63dd
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
O16 - DPF: {59131903-4A33-40D5-80C2-5242DD365AB3} (MS3DViewerOCX Control) - http://www.swissquake.ch/chumbalum-soft/files/MS3DViewerOCX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F48EAB92-8BCE-4C77-BE98-D10060BD8590} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader/downloader.ocx
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}
O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINNT\System32\msxword.dll
O20 - AppInit_DLLs: C:\WINNT\System32\d3d.dll

I have Win2000, so i do NOT have System Restore, which a lot of people seem to be suggesting. I'm desperate, can someone help me?

Thank you.

-Emil

Try running AVG in Safe Mode per http://aumha.org/forum/viewtopic.php?t=5878

Hi PABear and emil!

That's good advice PABear. Emil should try that and then post a fresh log.

Welcome to Computer Cops!

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

Glad to see you here. It's no trouble.


_______________________________________
NOTE FROM FORUM HOSTS: This thread is now closed. Should you need it reopened, please PM a Host/mod. Everyone else having a similar issue, please launch a new topic for yourselves. Thank you.