Bug from Hell

G

Guest

my previous posts:

Impossible URL Scrub

and read through "A little Problem"
........


and to no avail is there anything i can do to remove my
apparent hijackware, or whatever u would like to call it

tried all the solutions available, even the "extreme"
hijackthis advice
........

my log

Logfile of HijackThis v1.97.7
Scan saved at 8:51:20 PM, on 06/06/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
SUPPORT\CPQEAUI.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\IMATION\SDA\SDACCEL.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\SMART PROTECTOR PRO\SMARTPROTECTORPRO.EXE
C:\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = dl.cssd.ab.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&query=%s&i=enu
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry]
c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Compaq Internet Setup]
C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program]
C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init]
A3dInit.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy
Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM
FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [OEMCLEANUP]
c:\windows\OPTIONS\oemreset.exe
O4 - HKLM\..\Run: [TaskPlus] C:\TASKPLUS\TASKPLUS0.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Brasil] C:\WINDOWS\Brasil.pif
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
\NAVAPW32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LimeShop] C:\Program
Files\LimeShop\LimeShoprun.exe /cp:p "C:\Program
Files\LimeShop\System\Code" Main lp: "C:\Program
Files\LimeShop"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio]
sa3dsrv.exe
O4 - HKLM\..\RunServices: [EncMonitor]
c:\compaq\access\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program
Files\Common Files\Symantec Shared\Script
Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program
Files\Netscape\Communicator\Program\AIM\aim.exe -
cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SPSTEALT] "C:\PROGRAM FILES\SMART
PROTECTOR PRO\SMARTPROTECTORPRO.EXE" /stealt
O4 - Startup: Microsoft Find Fast.lnk = C:\Program
Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = ?
O4 - Startup: Imation SuperDisk Accelerator.lnk = ?
O4 - Startup: Run WinVNC (App Mode).lnk = C:\Program
Files\ORL\VNC\WinVNC.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Startup: LimeWire 3.8.7.lnk = c:\WINDOWS\Application
Data\Microsoft\Installer\{06EE3071-6551-422D-8D5F-
9D1816070C47}\NewShortcut1_1.exe
O8 - Extra context menu item: LimeShop Preferences -
file://C:\Program
Files\LimeShop\System\Temp\limeshop_script0.htm
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} -
https://webresponse.one.microsoft.com/oas/ActiveX/winrep.ca
b
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
255.255.255.0

..........

if anyone can offer me some advice, i'm eager to listen,
as this problem is really really pissing me off


thank you very much
 
N

norm

try a different browser for now untill there is a cure from
anti-spyware companys. like firefox from mozilla.org

and that smart protector may be saving the drop down
address's too and that is causing the problem???? check the
backup files that it keeps.

-----Original Message-----
my previous posts:

Impossible URL Scrub

and read through "A little Problem"
........


and to no avail is there anything i can do to remove my
apparent hijackware, or whatever u would like to call it

tried all the solutions available, even the "extreme"
hijackthis advice
........

my log

Logfile of HijackThis v1.97.7
Scan saved at 8:51:20 PM, on 06/06/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
SUPPORT\CPQEAUI.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\IMATION\SDA\SDACCEL.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\SMART PROTECTOR PRO\SMARTPROTECTORPRO.EXE
C:\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = dl.cssd.ab.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&query=%s&i=enu
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry]
c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Compaq Internet Setup]
C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program]
C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init]
A3dInit.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy
Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM
FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [OEMCLEANUP]
c:\windows\OPTIONS\oemreset.exe
O4 - HKLM\..\Run: [TaskPlus] C:\TASKPLUS\TASKPLUS0.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Brasil] C:\WINDOWS\Brasil.pif
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
\NAVAPW32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LimeShop] C:\Program
Files\LimeShop\LimeShoprun.exe /cp:p "C:\Program
Files\LimeShop\System\Code" Main lp: "C:\Program
Files\LimeShop"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio]
sa3dsrv.exe
O4 - HKLM\..\RunServices: [EncMonitor]
c:\compaq\access\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program
Files\Common Files\Symantec Shared\Script
Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program
Files\Netscape\Communicator\Program\AIM\aim.exe -
cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SPSTEALT] "C:\PROGRAM FILES\SMART
PROTECTOR PRO\SMARTPROTECTORPRO.EXE" /stealt
O4 - Startup: Microsoft Find Fast.lnk = C:\Program
Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = ?
O4 - Startup: Imation SuperDisk Accelerator.lnk = ?
O4 - Startup: Run WinVNC (App Mode).lnk = C:\Program
Files\ORL\VNC\WinVNC.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Startup: LimeWire 3.8.7.lnk = c:\WINDOWS\Application
Data\Microsoft\Installer\{06EE3071-6551-422D-8D5F-
9D1816070C47}\NewShortcut1_1.exe
O8 - Extra context menu item: LimeShop Preferences -
file://C:\Program
Files\LimeShop\System\Temp\limeshop_script0.htm
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} -
https://webresponse.one.microsoft.com/oas/ActiveX/winrep.ca
b
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
255.255.255.0

..........

if anyone can offer me some advice, i'm eager to listen,
as this problem is really really pissing me off


thank you very much

.
Click to expand...
 
S

Sandi - Microsoft MVP

Sorry but you definitely have malware on that system; two show themselves
after just a quick glance:

There are many people who have helped this FAQ improve over time - MVPs and
newsgroup users. I thank all of you who have made the newsgroups,
anti-malware websites and dedicated mailing lists into such a wonderful
resource.

IMPORTANT: Before trying to remove spyware, download a copy of LSPFIX from
the URL below - some malware can kill your internet connection when it is
removed, and this software should get things going for you again:
http://www.cexx.org/lspfix.htm

IMPORTANT: After obtaining the software below, make sure you check for
updates and then run the programmes in safe mode.

You can go to the link below to check your system for parasites (supplied by
Doxdesk.com):
http://inetexplorer.mvps.org/parasite.htm

Malware removal (beginners guide):

First, go to Control Panel, add/remove programs. Check for malware entries
and use the uninstall programs.

Second, get AdAware. [..Warning: AdAware is now version 6.181. All previous
versions are NO LONGER SUPPORTED and will not be updated...]

AdAware is available at www.lavasoft.de. Make sure you check for updates
every time you use it.

To be most effective, you must run AdAware while Windows is in safe mode.

Modern malware uses more than one process, and these processes are
'co-dependent'. In other words, when one processes detects that the other
has been shut down, it automatically restarts its sibling, often using a
different name.

Disable the ability of suspect processes to start automatically by using
MSCONFIG (startup tab) before booting into safe mode. Use the information
at the URL below as a guide:

http://www2.whidbey.com/djdenham/Uncheck.htm

Reboot your computer and hold down the F8 key until the boot menu options
appear. Select 'safe mode'. After you are in safe mode, check to make sure
the suspect processes did not start up. If they did start up, we are going
to have to track down *where* they are coming from before going any further.
An experienced computer technician can use programme such as AutoStart
Viewer for in-depth diagnosis:
http://www.diamondcs.com.au/index.php?page=asviewer

While still in safe mode, and after you have shut down as many malware
processes as possible, start AdAware. AdAware, when run using default
settings, simply does not cope with new 'intelligent' malware. Make sure
'activate in depth scan' is enabled. Select 'use custom scanning options'
and then click on the 'customize' button. Turn on the following scan
options - scan within archives, active processes, registry (including deep
scan), IE favorites and hosts file. You must also turn on the following
option via the 'tweak' button:

Cleaning engine: 'automatically try to unregister objects prior to deletion'

IMPORTANT: Before letting AdAware delete malware, write down on a piece of
paper exactly where the malware is stored. You will need to delete those
directories after AdAware has done its work, but ONLY IF IT IS NOT A
STANDARD WINDOWS DIRECTORY.

After running AdAware, run it again, this time using the option 'select
drives/folders to scan'. Click on 'select'. Scan your entire hard drive.
Also do the following:

Empty your IE cache and your other temporary file folders, eg:
c:\windows\temp (if using Windows 98) or C:\Documents and
Settings\<name>\Local Settings\Temp (the path to your temp folder will
change depending on your name) - sometimes programmes can be hidden in
there - watch out for mysterious *.exe files or *.dll files in those
folders.

Go to IE Tools, Internet Options, Temporary Internet Files {Settings
Button}, View Objects, Downloaded Programme Files. Check for unusual objects
there.

Go to IE Tools, Internet Options, Accessibility. Make sure there is no
style sheet chosen (under User Style Sheet - format documents using my style
sheet). If the option is turned on, turn it OFF.

It is possible to turn off third party extensions (Enable third-party
browser extensions (requires restart) at IE tools, internet options,
advanced) to disable *all* plug-ins but troubleshooting will be difficult
and it is only a BANDAID. Nothing gets fixed. There is software that
depends on 'third party browser extensions" to work, including Acrobat,
Microsoft Money, and many other programmes.

Once your computer is clean, and if it applies to your operating system,
create a new restore point. Your old ones may, of course, be infected with
the malware and therefore cannot be used. Run disk cleanup to remove old
restore points (if you operating system has this option you will find it on
the 'more options' tab of the disk cleanup utility).

If you are still having problems:

You can go to the link below to check your system for parasites and
hopefully identify your problem (supplied by Doxdesk.com):

http://inetexplorer.mvps.org/parasite.htm

Download and run the latest version of "Cool Web Shredder"
http://www.merijn.org/files/CWShredder.exe

The more experienced user can try Spybot. Again, it is a free programme
which can be downloaded from: http://spybot.eon.net.au/. Warning: it is NOT
a good programme for the inexperienced. If you want to use this programme,
please get the advice of those more experienced before 'fixing' anything
that it finds.

Another excellent programme that allows you to examine your system and
*create a results log for experts to examine* is HijackThis, available from:
http://www.tomcoyote.org/hjt/

MS have released a limited KB article regarding what they call 'deceptive
software'.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;827315

Here is advice specific to:

home page hijackings
http://inetexplorer.mvps.org/answers.htm#home_page

pop-up ads
http://inetexplorer.mvps.org/data/popup.htm

search engine hijackings
http://inetexplorer.mvps.org/answers4.htm#search_engine


--
Hyperlinks are used to ensure advice remains current
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://inetexplorer.mvps.org/



my previous posts:

Impossible URL Scrub

and read through "A little Problem"
.......


and to no avail is there anything i can do to remove my
apparent hijackware, or whatever u would like to call it

tried all the solutions available, even the "extreme"
hijackthis advice
.......

my log

Logfile of HijackThis v1.97.7
Scan saved at 8:51:20 PM, on 06/06/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
SUPPORT\CPQEAUI.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\IMATION\SDA\SDACCEL.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\SMART PROTECTOR PRO\SMARTPROTECTORPRO.EXE
C:\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = dl.cssd.ab.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&query=%s&i=enu
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry]
c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Compaq Internet Setup]
C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program]
C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init]
A3dInit.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy
Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM
FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [OEMCLEANUP]
c:\windows\OPTIONS\oemreset.exe
O4 - HKLM\..\Run: [TaskPlus] C:\TASKPLUS\TASKPLUS0.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Brasil] C:\WINDOWS\Brasil.pif
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
\NAVAPW32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LimeShop] C:\Program
Files\LimeShop\LimeShoprun.exe /cp:p "C:\Program
Files\LimeShop\System\Code" Main lp: "C:\Program
Files\LimeShop"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio]
sa3dsrv.exe
O4 - HKLM\..\RunServices: [EncMonitor]
c:\compaq\access\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program
Files\Common Files\Symantec Shared\Script
Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program
Files\Netscape\Communicator\Program\AIM\aim.exe -
cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SPSTEALT] "C:\PROGRAM FILES\SMART
PROTECTOR PRO\SMARTPROTECTORPRO.EXE" /stealt
O4 - Startup: Microsoft Find Fast.lnk = C:\Program
Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = ?
O4 - Startup: Imation SuperDisk Accelerator.lnk = ?
O4 - Startup: Run WinVNC (App Mode).lnk = C:\Program
Files\ORL\VNC\WinVNC.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Startup: LimeWire 3.8.7.lnk = c:\WINDOWS\Application
Data\Microsoft\Installer\{06EE3071-6551-422D-8D5F-
9D1816070C47}\NewShortcut1_1.exe
O8 - Extra context menu item: LimeShop Preferences -
file://C:\Program
Files\LimeShop\System\Temp\limeshop_script0.htm
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} -
https://webresponse.one.microsoft.com/oas/ActiveX/winrep.ca
b
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
255.255.255.0

.........

if anyone can offer me some advice, i'm eager to listen,
as this problem is really really pissing me off


thank you very much
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

elite***32.exe [*** = random char] and EliteToolBar - please help remove 2
IE6 slow and hangs when launched 4
PLS HELP...(about: blank) 1
Search Engine Hijack (qhosts?), HijackThis.log. 3
Help with highjack please 5
DNS but no page access / email access 2
Weird Behavior 1
IE6.0 SP1 probs HJthis Log incl. 2

Top