G
Guest
my previous posts:
Impossible URL Scrub
and read through "A little Problem"
........
and to no avail is there anything i can do to remove my
apparent hijackware, or whatever u would like to call it
tried all the solutions available, even the "extreme"
hijackthis advice
........
my log
Logfile of HijackThis v1.97.7
Scan saved at 8:51:20 PM, on 06/06/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
SUPPORT\CPQEAUI.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\IMATION\SDA\SDACCEL.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\SMART PROTECTOR PRO\SMARTPROTECTORPRO.EXE
C:\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = dl.cssd.ab.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&query=%s&i=enu
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry]
c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Compaq Internet Setup]
C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program]
C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init]
A3dInit.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy
Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM
FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [OEMCLEANUP]
c:\windows\OPTIONS\oemreset.exe
O4 - HKLM\..\Run: [TaskPlus] C:\TASKPLUS\TASKPLUS0.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Brasil] C:\WINDOWS\Brasil.pif
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
\NAVAPW32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LimeShop] C:\Program
Files\LimeShop\LimeShoprun.exe /cp "C:\Program
Files\LimeShop\System\Code" Main lp: "C:\Program
Files\LimeShop"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio]
sa3dsrv.exe
O4 - HKLM\..\RunServices: [EncMonitor]
c:\compaq\access\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program
Files\Common Files\Symantec Shared\Script
Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program
Files\Netscape\Communicator\Program\AIM\aim.exe -
cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SPSTEALT] "C:\PROGRAM FILES\SMART
PROTECTOR PRO\SMARTPROTECTORPRO.EXE" /stealt
O4 - Startup: Microsoft Find Fast.lnk = C:\Program
Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = ?
O4 - Startup: Imation SuperDisk Accelerator.lnk = ?
O4 - Startup: Run WinVNC (App Mode).lnk = C:\Program
Files\ORL\VNC\WinVNC.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Startup: LimeWire 3.8.7.lnk = c:\WINDOWS\Application
Data\Microsoft\Installer\{06EE3071-6551-422D-8D5F-
9D1816070C47}\NewShortcut1_1.exe
O8 - Extra context menu item: LimeShop Preferences -
file://C:\Program
Files\LimeShop\System\Temp\limeshop_script0.htm
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} -
https://webresponse.one.microsoft.com/oas/ActiveX/winrep.ca
b
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
255.255.255.0
..........
if anyone can offer me some advice, i'm eager to listen,
as this problem is really really pissing me off
thank you very much
Impossible URL Scrub
and read through "A little Problem"
........
and to no avail is there anything i can do to remove my
apparent hijackware, or whatever u would like to call it
tried all the solutions available, even the "extreme"
hijackthis advice
........
my log
Logfile of HijackThis v1.97.7
Scan saved at 8:51:20 PM, on 06/06/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
SUPPORT\CPQEAUI.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON
SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\IMATION\SDA\SDACCEL.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\SMART PROTECTOR PRO\SMARTPROTECTORPRO.EXE
C:\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = dl.cssd.ab.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) =
http://search.presario.net/scripts/redirectors/presario/src
hredir.dll?c=1c99&s=search&query=%s&i=enu
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry]
c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Compaq Internet Setup]
C:\Compaq\Internet\InetWizard.exe /RUN
O4 - HKLM\..\Run: [CISrvr Program]
C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init]
A3dInit.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy
Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAM
FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [OEMCLEANUP]
c:\windows\OPTIONS\oemreset.exe
O4 - HKLM\..\Run: [TaskPlus] C:\TASKPLUS\TASKPLUS0.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Brasil] C:\WINDOWS\Brasil.pif
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
\NAVAPW32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LimeShop] C:\Program
Files\LimeShop\LimeShoprun.exe /cp "C:\Program
Files\LimeShop\System\Code" Main lp: "C:\Program
Files\LimeShop"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio]
sa3dsrv.exe
O4 - HKLM\..\RunServices: [EncMonitor]
c:\compaq\access\Encompass\Monitor.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program
Files\Common Files\Symantec Shared\Script
Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program
Files\Netscape\Communicator\Program\AIM\aim.exe -
cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SPSTEALT] "C:\PROGRAM FILES\SMART
PROTECTOR PRO\SMARTPROTECTORPRO.EXE" /stealt
O4 - Startup: Microsoft Find Fast.lnk = C:\Program
Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = ?
O4 - Startup: Imation SuperDisk Accelerator.lnk = ?
O4 - Startup: Run WinVNC (App Mode).lnk = C:\Program
Files\ORL\VNC\WinVNC.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Startup: LimeWire 3.8.7.lnk = c:\WINDOWS\Application
Data\Microsoft\Installer\{06EE3071-6551-422D-8D5F-
9D1816070C47}\NewShortcut1_1.exe
O8 - Extra context menu item: LimeShop Preferences -
file://C:\Program
Files\LimeShop\System\Temp\limeshop_script0.htm
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} -
https://webresponse.one.microsoft.com/oas/ActiveX/winrep.ca
b
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
255.255.255.0
..........
if anyone can offer me some advice, i'm eager to listen,
as this problem is really really pissing me off
thank you very much