Tried "stuff to do before posting HijackThis Log" HELP!

Ay up fellows! I've tried AdAware, Spybot and finally after doing the tutorial on Hijack this I fixed the R1 line of the log. My home page is still going to some ***** ad site (about blank) and even my email goes to this page when I log in. Its driving me up the feckin wall and I'm thinking of restoring the system (with a lump hammer). You geezers have helped me fix a horrible problem with IE before so please give us a hand again. I know you can do it.I'll attach the HJT log...

Ay up, its me (Geezer) again... I know you're sick to death of Hijack this logs but I've done every thing I can think of to fix the problem myself... Ive gone over the log and what's left seems to be safe enough but I keep getting that bloody microsoft search page and I just dont want any viagra...
Logfile of HijackThis v1.97.7
Scan saved at 11:22:30, on 06/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\internet security suite\hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0809&s=search&ap=b204
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Had to edit this post for content due to language. Please have a look at the Forum Rules regarding use of profanity in the forums.

Thanks.

Logfile of HijackThis v1.97.7

You are running an outdated version of HijackThis. Please get the latest version (1.98.2) and post the log that version generates.

You are running an outdated version of HijackThis. Please get the latest version (1.98.2) and post the log that version generates.

Nice one! I'm gonna have a go at that now... I'll try moderating my language too. Tricky when you're as flippin wound up as I am now rant rave snarl etc.... Ok!... well the ****in' websearch fo ***'in viagra etc is back. anyway before I get into more trouble with my vernacular here's my log file..

Logfile of HijackThis v1.98.2
Scan saved at 21:21:07, on 06/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\Program Files\internet security suite\new hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

There's a few new ones in here allright. Earlier i tried Merijn's tutoial but I'm no techie and I've already done a bit of messing with the OS and seem to have gotten away with it... Anyone who isn't sick of checking over these logs will be forever in my favour. (hey! still no expletives!)

Many of the processes listed in your log don't necessarily need to be running as startup items, but none of them are malicious as far as I can see.

1. Given that your log indicates no obvious "nasties", can you describe the pages/ads/pop-ups/whatever that you're getting in greater detail please?

2. Stop using Internet Explorer as your *$#$% web browser, ya foul-mouthed Geezer! :mrgreen:

Use Netscape, Firefox, or Opera instead; they're pretty much immune to the spyware/adware/etc. problems that plague IE

3. If you absolutely need to use Internet Exploder, at the very least download and install SpywareGuard and SpywareBlaster; they plug some of the security "loopholes" in IE. Links to those two programs are in my sig below.

4. Try Shoot the Messenger; it might stop some of the crud.

Many of the processes listed in your log don't necessarily need to be running as startup items, but none of them are malicious as far as I can see.

1. Given that your log indicates no obvious "nasties", can you describe the pages/ads/pop-ups/whatever that you're getting in greater detail please?

2. Stop using Internet Explorer as your *$#$% web browser, ya foul-mouthed Geezer! :mrgreen:

Use Netscape, Firefox, or Opera instead; they're pretty much immune to the spyware/adware/etc. problems that plague IE

3. If you absolutely need to use Internet Exploder, at the very least download and install SpywareGuard and SpywareBlaster; they plug some of the security "loopholes" in IE. Links to those two programs are in my sig below.

4. Try Shoot the Messenger; it might stop some of the crud.

Ay up! I've just been trying out major geeks "do this before posting HJT logs" advice. I couln't stop one RPC helper (options greyed out) and I'm starting to get worried about all this messing with my puter's mind... The home page I'm getting is about:blank with search the web all in *^%$*!! orange offering to search for all the usual***!!!%^$!. Oh no I'm off again... Its even hijacked my email opening page - as soon as I sign in There it *&^%$£!! is! How come there's no preposterously irate smilies? Thanks for helping my bloodpressure somewhat, I'll let you know how I'm getting on... Oh, does about:Buster do what it says on the tin?

How come there's no preposterously irate smilies?

But they're are, oh geezerly-one; you just need to know where to look:

[img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/furious.gif[/img] [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/grr.gif[/img] [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/possessed.gif[/img] [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/para.gif[/img]

well... you get the idea, yes?

Oh, does about:Buster do what it says on the tin?

Yes- good catch; give AboutBuster a try; it's legit. MajorGeeks as a whole is a trusted and reputable site, so if you find something available for download there, it's pretty sure bet that the program has merit.

1. The about:blank home page setting is legit in one instance; it is what you'll get if you choose the "Use Blank" home page option in your Internet Options control Panel.

Can you change the home page setting to something other than about:blank via your Internet Options control Panel? If so, does that change persist, or does your home page keep reverting to about:blank?

2. Is the "Search the Web" stuff you describe an unwanted toolbar that appears in IE? If so, can you give us a screenshot of it? There are some particularly nasty variants/offshoots of the CoolWebSearch family that exhibit similar symptoms, and not even CWShredder can kill all of those. One such variant is the rather new-ish HSA (Home Search Assistant) infection; see the following link for more info on that:

http://www.short-media.com/forum/showthread.php?p=172774

Ay up magnanamous marsupial! I've since tried even more in depth stuff and still no joy. I've run all the antispy stuff including about:blaster and CWShredder and was going through the HJT log tutorial (bewildering for a novice like myself) when i found the "qttask.exe" thing with a lower case q - identified by castle cops as spyware. I'm not sure how to get rid of it though and I'm not sure about all the stuff from the "global startup" bits onward, especially the "o12" bits.
I'm trying all I can myself to avoid wasting the time of you good folks and your help and zen calming is very welcome.
by the way the red smiley is about right...
Oh yeah, the page that comes up (still) is a whole page full of advertising links not a toolbar extension.

Thanks for keeping in touch

Hey Geezer, you are seriously behind on your Critical Updates (Windows Update). Getting those patches may help fix your problem. I don't think you should get SP2 though until after you've got the problem fixed.

again me wats a hijack this log about. please dont be angry i am too curous tghat every1 is talking abt that and i dont even know wats that .

Yeah nice one! This little CRASH course in the computing Dark Side has taught me many lessons. How do you back up your Hard drive? Is there any point until this thing's sorted? Will simply restoring to factory settings resolve anythin apart from taking ages to re install everything?

Incedentally, I tried Quarantining the "qttask.exe" by moving it to another folder and changing "exe" to"xxx" but the problem persists.

I can't use expletives here so I'm gonna log off and use some bold words...

Thanks for the advice about updates by the by

Oh yeah, Does uninstalling IE and installing Firefox work? Will this carry on in the new browser? (It does when i used msnexplorer)

Will the wombat of happiness ever snuffle through my underbrush?

How do you back up your Hard drive? Is there any point until this thing's sorted?

There's not much point in doing a full system backup until you're clean; you'd just be archiving the "nasties" along with everything else. However, it is always a good idea to back up your important documents/data at regular intervals. There are many different backup options (another hard drive/a zip drive/a tape drive, burn to CD/DVD, etc.) some of which depend on just how much data you need to archive. If it's not a huge amount of data, you can just do manual copies to one of the types of media I just mentioned. If have a lot of data, or simply want to automate/schedule the process, you should look into a commercial backup utility porgram like Dantz's Retrospect package. (Maxtor's One-Touch line of external USB/FireWire drives come with a "lite" version of Retrospect which can be set up to fire off backups literally at the press of a button.)

Will simply restoring to factory settings resolve anythin apart from taking ages to re install everything?

Even if you go as far as a full reinstall of Windows, you'll still get infected in the future unless you take precautions.

I tried Quarantining the "qttask.exe" by moving it to another folder and changing "exe" to"xxx" but the problem persists.

qttask is a component of Apple's QuickTime multimedia software. It is not malicious, but it certainly doesn't need to be running as a startup item (this goes for the RealPlayer and Winamp startup components as well). Unfotunately, qttask does have a very irritating way of re-enabling itself. Try going into Task Manager and ending the qttask.exe process before removing the "Run" entry in the registry and renaming/delete the file.

Does uninstalling IE and installing Firefox work? Will this carry on in the new browser?

Unfortunately, in modern versions of Windows you can't uninstall Internet Exploder; it is integral to the operating system itself (which is one of the reasons it's so prone/vulnerable to attack). Even though you can't get rid of it entirely, you don't need to use it; one of the foremost recommendations in terms of avoiding spyware/adware is to use a non-Internet Explorer based browser such as Firefox, Netscape, or Opera.

Will the wombat of happiness ever snuffle through my underbrush?

That's rather personal; let's not go there, OK? :mrgreen:

There's not much point in doing a full system backup until you're clean; you'd just be archiving the "nasties" along with everything else. However, it is always a good idea to back up your important documents/data at regular intervals. There are many different backup options (another hard drive/a zip drive/a tape drive, burn to CD/DVD, etc.) some of which depend on just how much data you need to archive. If it's not a huge amount of data, you can just do manual copies to one of the types of media I just mentioned. If have a lot of data, or simply want to automate/schedule the process, you should look into a commercial backup utility porgram like Dantz's Retrospect package. (Maxtor's One-Touch line of external USB/FireWire drives come with a "lite" version of Retrospect which can be set up to fire off backups literally at the press of a button.)

Even if you go as far as a full reinstall of Windows, you'll still get infected in the future unless you take precautions.

qttask is a component of Apple's QuickTime multimedia software. It is not malicious, but it certainly doesn't need to be running as a startup item (this goes for the RealPlayer and Winamp startup components as well). Unfotunately, qttask does have a very irritating way of re-enabling itself. Try going into Task Manager and ending the qttask.exe process before removing the "Run" entry in the registry and renaming/delete the file.

Unfortunately, in modern versions of Windows you can't uninstall Internet Exploder; it is integral to the operating system itself (which is one of the reasons it's so prone/vulnerable to attack). Even though you can't get rid of it entirely, you don't need to use it; one of the foremost recommendations in terms of avoiding spyware/adware is to use a non-Internet Explorer based browser such as Firefox, Netscape, or Opera.

That's rather personal; let's not go there, OK? :mrgreen:

Ay up! Back again... Just to let you know that the "qqtask,exe" according to the castlecops identifier is not the same as "Qqtask.exe" which is the actual quicktime application...They say its known spystuff...

About different browsers, I tried using the MSN browser already installed on my puter and that has the same symptoms!grr, snarl, (expletive deleted) etc.

Tomorrow I'll try doing the whole shebang again + what you said about disabling the exe thing or maybe getting HijackThis to sort out the exe.

If I restore to an earlier restore point before I ever got the internet I have a sinking feeling that this won't help either.

I'll try and work out how you reply to my miserable missives using quotes instead of recycling all the text next time

Thanks for keeping in touch,eh?

Go raibh mile maith agat
(as they say in these parts)

Ay up! Back again... Just to let you know that the "qqtask,exe" according to the castlecops identifier is not the same as "Qqtask.exe" which is the actual quicktime application...They say its known spystuff...

Hmm.. I can't find the CastleCops link to the supposed spyware version; can you post it here?

About different browsers, I tried using the MSN browser...

I did say "...use a non-Internet Explorer based browser", which disqualifies the MSN browser.

If I restore to an earlier restore point before I ever got the internet I have a sinking feeling that this won't help either.

It may not, and it may even make things worse. Read this to find out why.

I'll try and work out how you reply to my miserable missives using quotes instead of recycling all the text next time

Sorry, but there's no magic wand invloved in that one. I do recycle the text; I just manually wrap the separate bits in their own quote tags for clarity.

Go raibh mile maith agat
(as they say in these parts)

Tá fáilte romhat.

MSN browser isn't one that DMR suggested (it is still Microsoft, after all). Try Firefox or Opera. In any case, you will still need IE to get your Windows Updates (can't get them with other browsers).