Chris
My apologies for the delay in replying.
I really dont know where to start. The machine got from OK to worse and finally would not boot into anything except safe mode.
I just could not find what or where the problem lay.
In desperation I carried out a full recover dated 23 December 2004, about 6months old.
I got it working last night around 2am, but of course all the nasty stuff like popup killer, history kill etc is now embedded in the registry. I will carry out another hijackthis and include it here.
Sorry for all the trouble. I thought my problems were behind me.
Logfile of HijackThis v1.99.1
Scan saved at 19:56:17, on 30/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\SBPCI\CTMIX32.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TRUST\305KS\MOUSE\MOUSE32A.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\TRUST\305KS\KEYBOARD\KBDAP32A.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\HPRTRY09.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.free64all.com/tgp/out.php3?l=207
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.topsearcher.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie6.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customi ... ch/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.free64all.com/tgp/out.php3?l=207
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
http://www.tgponline.com/cgi-bin/show.cgi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
N1 - Netscape 4: user_pref("browser.startup.homepage","http://www.777search.com"); (e:\Users\rvanrixtel\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaaa.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Trust\305KS\Keyboard\MMKEYBD.EXE
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Trust\305KS\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\RunOnce: [CDGuide] "C:\Program Files\Quarterdeck\CleanSweep\csinsm32.exe" -s "C:\Program Files\Quarterdeck\CleanSweep\IM004650.CIL" "C:\Program Files\Quarterdeck\CleanSweep\csinsm32.exe" -s "C:\Program Files\Quarterdeck\CleanSweep\IM015326.CIL" C:\WINDOWS\SYSTEM\REGSVR32.EXE /s e:\HPWRIT~1\EASYCD~1\SHARED\CDGUIDE\CDGUIDE.OCX
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: 3Com HomeConnect Launcher.lnk = C:\Program Files\HomeConnect\HC.exe
O4 - Startup: HP 2000C Taskbar Icon.lnk = C:\WINDOWS\SYSTEM\HPRTRY09.EXE
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0527.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0527.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) -
http://members4.clubphoto.com/_img/uplo ... loader.cab
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) -
http://objects.compuserve.com/chat/RTCChat.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) -
http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -
http://www.gmtv.co.uk/ftp/misc/dropdial/mazda.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) -
http://communities.msn.co.uk/scr/MsnUpld.cab
O16 - DPF: {D14D6793-9B65-11D3-80B6-00500487BDBA} -
http://files.cc.cometsystems.com/cc2/re ... in/cc3.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) -
http://sc.communities.msn.com/controls/ ... nchat4.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: YExplorer1_8US.CAB -
http://photos.groups.yahoo.com/ocx/us/y ... r1_8us.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) -
http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {F04F4F32-6457-401A-8169-D2773DDFF930} (Yahoo! Photos Easy Upload Tool Class) -
http://us.dl1.yimg.com/download.yahoo.c ... r1_4uk.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab