Right, boys n girls, here goes.
Results of my HijackThis scan attached.
I'm not a techie, but the following look dodgy to me:
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinUpdate] C:\windows\p385.hta
O4 - HKLM\..\Run: [SEXO120gb] C:\SEXO120gb\SEXO120GB[1].EXE -t
O4 - HKLM\..\Run: [saap] c:\windows\saap.exe
O4 - HKLM\..\Run: [qxyp] C:\WINDOWS\qxyp.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -
http://static.topconverting.com/activex/loader2.ocxAll assistance very gratefully received.
pjfb
Logfile of HijackThis v1.99.1
Scan saved at 10:05:57, on 06/03/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MEDIASCAPE\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\Mediascape\OnScreen Display\OSD.exe
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\CONFSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\E_S4I0R2.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBTASK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBDASH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\WINHLP32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.wanadoo.co.uk/cd_redirects/search.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ntlworld.com/gearboxR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.wanadoo.co.uk/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Mediascape\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [OnScreen Display] C:\Mediascape\OnScreen Display\OSD.exe
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinUpdate] C:\windows\p385.hta
O4 - HKLM\..\Run: [SEXO120gb] C:\SEXO120gb\SEXO120GB[1].EXE -t
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\SYSTEM\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O7 "EPUSB1:" /M "Stylus C86"
O4 - HKLM\..\Run: [saap] c:\windows\saap.exe
O4 - HKLM\..\Run: [qxyp] C:\WINDOWS\qxyp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Freeserve - {E4F0BBE0-DD93-11D4-BD0F-92BD21DFA03D} -
http://www.freeserve.net/ (file missing) (HKCU)
O12 - Plugin for .exe: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPAUDIO.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {380D8192-23CB-11D3-B94F-00105A566F76} (first-e E-Mail Reader) -
https://secure1.first-e.com/jsp/display/tnbinst.cabO16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -
http://static.topconverting.com/activex/loader2.ocxO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/techsupp/asa/SymAData.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab