Can someone please have a look at this hjt log as my friend is gettin a lot of pop ups i have run adaware and cwshredder and a dew more and fixed a lot of problems thanking you in advanceLogfile of HijackThis v1.97.7
Scan saved at 14:43:15, on 20/03/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\180SOLUTIONS\MSBB.EXE
C:\PROGRAM FILES\BARGAIN BUDDY\BIN\BARGAINS.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\INTEL\INTEL PSNCU\CPUNUMBER.EXE
C:\PROGRAM FILES\EZULA\MMOD.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WINLOGON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.2.0.3\EBAYTBAR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\MY DOCUMENTS\MY RECEIVED FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.net:8080;ftp=http://www-cache.freeserve.net:8080
O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.2.0.3\EBAYBAND.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN\APUC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM FILES\ISTBAR\ISTBAR.DLL
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.2.0.3\EBAYBAND.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe /launchpad
O4 - HKLM\..\Run: [Onscreen Display] C:\Program Files\Netropa\Onscreen Display\OSD.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\180SOLUTIONS\MSBB.EXE
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [EOIVZCFJM] C:\WINDOWS\EOIVZCFJM.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Intel\Intel PSNCU\CpuNumber.exe" /nosplash
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\winlogon.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: eBay Toolbar.LNK = C:\Program Files\eBay\eBay Toolbar\4.2.0.3\ebaytbar.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: eBay Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM)
O9 - Extra button: Freeserve (HKCU)
O9 - Extra button: PB Home (HKCU)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPAVI32.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {6CAE02B8-EB30-11D1-8CE5-0004ACF74B57} (IFS_List Control) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_List.cab
O16 - DPF: {5DD1BBF5-E4B2-11D1-9211-0004ACF75CFC} (IFS_Wizard2 Control) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Wz02.cab
O16 - DPF: {F3DAE1EA-01DA-11D2-8E33-08005AAA630C} (IFS_Wizard4 Control) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Wz04.cab
O16 - DPF: {5915C16A-F555-11D1-8E31-08005AAA630C} (IFS_Wizard5 Control) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Wz05.cab
O16 - DPF: {C6C07D4E-3911-11D2-8708-0001FAF8D5C4} (IFS_Wizard7 Control) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Wz07.cab
O16 - DPF: {A3186A8D-134F-11D3-BBAE-0010E3624141} (IFS_Wizard8 Control) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Wz08.cab
O16 - DPF: {35831956-96AF-11D3-BC12-0010E3624141} (IFS_Wizard10 Control) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Wz10.cab
O16 - DPF: {1096842F-FEE6-11D2-965E-0010E3622565} (IFS_Lib00) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_OLB.cab
O16 - DPF: {8F78C964-B20B-11D2-8D4A-0004ACF74B57} (IFS_Lib01) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb01.cab
O16 - DPF: {C6726AD0-E1E0-11D2-929E-0004ACF75CFC} (IFS_Lib03) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb03.cab
O16 - DPF: {C0E10B5C-DA42-11D3-9FED-0004ACF74B57} (IFS_Lib02) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb02.cab
O16 - DPF: {219CF65A-B13C-11D2-8D4A-0004ACF74B57} (IFS_Lib04) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb04.cab
O16 - DPF: {F0FB4064-2940-11D3-92B1-0004ACF75CFC} (IFS_Lib06) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb06.cab
O16 - DPF: {5B2FD039-D08C-11D2-9FFD-0004ACF74B57} (IFS_Lib08) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb08.cab
O16 - DPF: {770941A0-11BD-11D3-8E92-0001FAF8D90D} (IFS_Lib09) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb09.cab
O16 - DPF: {498439C0-0921-11D3-9484-0001FAF8503C} (IFS_Lib10) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb10.cab
O16 - DPF: {9E2D89BB-D888-11D2-A002-0004ACF74B57} (IFS_Lib12) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb12.cab
O16 - DPF: {9D24756B-CBFC-11D2-9FFB-0004ACF74B57} (IFS_Lib13) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb13.cab
O16 - DPF: {D71A2028-D578-11D2-9FFF-0004ACF74B57} (IFS_Lib14) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb14.cab
O16 - DPF: {F3A16EEE-39B4-11D3-8E96-0001FAF8D90D} (IFS_Lib15) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb15.cab
O16 - DPF: {BBAE9E7E-3F7D-11D3-94B7-0001FAF8503C} (IFS_Lib16) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb16.cab
O16 - DPF: {29548124-B145-11D3-BC1B-0010E3624141} (IFS_Lib18) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb18.cab
O16 - DPF: {D6CD9D82-AC85-11D3-878A-0010E36241AE} (IFS_Lib19) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Lb19.cab
O16 - DPF: {F49159DA-E0C6-11D1-8E28-08005AAA630C} (IFS_Service Control) - http://tescoonline.co.uk/dbpc2/controls/2.6.11.0/IFS_Serv.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O19 - User stylesheet: C:\Windows\color.css

Recommended Answers

Can someone please have a look at this hjt log as my friend is gettin a lot of pop ups i have run adaware and cwshredder and a few more and fixed a lot of problems.

Start by running Shoot the Messenger, DCOMbobulator, and UnPlug n' Pray from

Jump to Post

Get rid of these
C:\PROGRAM FILES\180SOLUTIONS\MSBB.EXE
C:\PROGRAM FILES\BARGAIN BUDDY\BIN\BARGAINS.EXE
You may have to do it from add/remove programs.

This one O4 - HKLM\..\Run: [RDLL] RunDll16.exe according to this page http://www.sysinfo.org/startuplist.php?filter=RunDll16.exe&count=&type= was added as a virus.

O4 - HKLM\..\Run: [EOIVZCFJM] C:\WINDOWS\EOIVZCFJM.exe< this one needs to be removed …

Jump to Post

Oops... please ignore the first paragraph of my reply in your case:

Start by running Shoot the Messenger, DCOMbobulator, and UnPlug n' Pray from Gibson Research (about mid-page). This will close the door …

Jump to Post

All 10 Replies

oh yeah and he has just informed me that the scan i started about 3 hours ago on his comm with trend micros has come up with 112 viruses I can honestly say he can throw it down the stairs ha ha just kidding

Can someone please have a look at this hjt log as my friend is gettin a lot of pop ups i have run adaware and cwshredder and a few more and fixed a lot of problems.

Start by running Shoot the Messenger, DCOMbobulator, and UnPlug n' Pray from Gibson Research (about mid-page). This will close the door on some of the vunerabilities used.

Next, you should remove the following malware-related items:

O2 - BHO: (no name) - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN\APUC.DLL

O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAM FILES\ISTBAR\ISTBAR.DLL

O4 - HKLM\..\Run: [RDLL] RunDll16.exe (be sure to remove both instances)

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [msbb] C:\PROGRAM FILES\180SOLUTIONS\MSBB.EXE

O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe

O4 - HKLM\..\Run: [EOIVZCFJM] C:\WINDOWS\EOIVZCFJM.exe

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

O16 - DPF: {6CAE02B8-EB30-11D1-8CE5-0004ACF74B57} (IFS_List Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_List.cab
O16 - DPF: {5DD1BBF5-E4B2-11D1-9211-0004ACF75CFC} (IFS_Wizard2 Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Wz02.cab
O16 - DPF: {F3DAE1EA-01DA-11D2-8E33-08005AAA630C} (IFS_Wizard4 Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Wz04.cab
O16 - DPF: {5915C16A-F555-11D1-8E31-08005AAA630C} (IFS_Wizard5 Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Wz05.cab
O16 - DPF: {C6C07D4E-3911-11D2-8708-0001FAF8D5C4} (IFS_Wizard7 Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Wz07.cab
O16 - DPF: {A3186A8D-134F-11D3-BBAE-0010E3624141} (IFS_Wizard8 Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Wz08.cab
O16 - DPF: {35831956-96AF-11D3-BC12-0010E3624141} (IFS_Wizard10 Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Wz10.cab
O16 - DPF: {1096842F-FEE6-11D2-965E-0010E3622565} (IFS_Lib00) - http://tescoonline.co.uk/dbpc2/cont...1.0/IFS_OLB.cab
O16 - DPF: {8F78C964-B20B-11D2-8D4A-0004ACF74B57} (IFS_Lib01) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb01.cab
O16 - DPF: {C6726AD0-E1E0-11D2-929E-0004ACF75CFC} (IFS_Lib03) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb03.cab
O16 - DPF: {C0E10B5C-DA42-11D3-9FED-0004ACF74B57} (IFS_Lib02) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb02.cab
O16 - DPF: {219CF65A-B13C-11D2-8D4A-0004ACF74B57} (IFS_Lib04) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb04.cab
O16 - DPF: {F0FB4064-2940-11D3-92B1-0004ACF75CFC} (IFS_Lib06) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb06.cab
O16 - DPF: {5B2FD039-D08C-11D2-9FFD-0004ACF74B57} (IFS_Lib08) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb08.cab
O16 - DPF: {770941A0-11BD-11D3-8E92-0001FAF8D90D} (IFS_Lib09) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb09.cab
O16 - DPF: {498439C0-0921-11D3-9484-0001FAF8503C} (IFS_Lib10) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb10.cab
O16 - DPF: {9E2D89BB-D888-11D2-A002-0004ACF74B57} (IFS_Lib12) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb12.cab
O16 - DPF: {9D24756B-CBFC-11D2-9FFB-0004ACF74B57} (IFS_Lib13) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb13.cab
O16 - DPF: {D71A2028-D578-11D2-9FFF-0004ACF74B57} (IFS_Lib14) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb14.cab
O16 - DPF: {F3A16EEE-39B4-11D3-8E96-0001FAF8D90D} (IFS_Lib15) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb15.cab
O16 - DPF: {BBAE9E7E-3F7D-11D3-94B7-0001FAF8503C} (IFS_Lib16) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb16.cab
O16 - DPF: {29548124-B145-11D3-BC1B-0010E3624141} (IFS_Lib18) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb18.cab
O16 - DPF: {D6CD9D82-AC85-11D3-878A-0010E36241AE} (IFS_Lib19) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Lb19.cab
O16 - DPF: {F49159DA-E0C6-11D1-8E28-08005AAA630C} (IFS_Service Control) - http://tescoonline.co.uk/dbpc2/cont....0/IFS_Serv.cab

O19 - User stylesheet: C:\Windows\color.css

Removing the following items is optional, but recommended -- they are excess baggage:

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

Get rid of these
C:\PROGRAM FILES\180SOLUTIONS\MSBB.EXE
C:\PROGRAM FILES\BARGAIN BUDDY\BIN\BARGAINS.EXE
You may have to do it from add/remove programs.

This one O4 - HKLM\..\Run: [RDLL] RunDll16.exe according to this page http://www.sysinfo.org/startuplist.php?filter=RunDll16.exe&count=&type= was added as a virus.

O4 - HKLM\..\Run: [EOIVZCFJM] C:\WINDOWS\EOIVZCFJM.exe< this one needs to be removed in safe mode.

Do what TallCool1 & myself have said & repost a new log.

ok thx guys i will do that as soon as i can thx again

Oops... please ignore the first paragraph of my reply in your case:

Start by running Shoot the Messenger, DCOMbobulator, and UnPlug n' Pray from Gibson Research (about mid-page). This will close the door on some of the vunerabilities used.

It doesn't apply to Windows 98. I was thinking XP, for some reason. Sorry about that!

no problem thx anyway i will run everything else when i get chance and post a new log

thx for your help guys here his his new hjt log i know there are a few things still on there that need fixing but it seems a lot better
Logfile of HijackThis v1.97.7
Scan saved at 17:29:01, on 23/03/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\INTEL\INTEL PSNCU\CPUNUMBER.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WINLOGON.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.2.0.3\EBAYTBAR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\KAZAA LITE K++\KAZAA.KPP
C:\MY DOCUMENTS\MY RECEIVED FILES\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.123found.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.net:8080;ftp=http://www-cache.freeserve.net:8080
O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.2.0.3\EBAYBAND.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR\4.2.0.3\EBAYBAND.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe /launchpad
O4 - HKLM\..\Run: [Onscreen Display] C:\Program Files\Netropa\Onscreen Display\OSD.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Intel\Intel PSNCU\CpuNumber.exe" /nosplash
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\winlogon.exe
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: eBay Toolbar.LNK = C:\Program Files\eBay\eBay Toolbar\4.2.0.3\ebaytbar.exe
O9 - Extra button: eBay Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM)
O9 - Extra button: Freeserve (HKCU)
O9 - Extra button: PB Home (HKCU)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPAVI32.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/

thx for your help guys here his his new hjt log i know there are a few things still on there that need fixing but it seems a lot better.

You are correct, you are almost there -- to the point where most of these are merely resource-wasters (except ISTSvc):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.123found.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

Those should do it.

ok thx for your reply will do that now

well thx for your help guys but he did end up throwing his cpu down the stairs and gettin a new one on his insurance so ill let you know wen he fcuks up his next cpu.Thx again

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.20 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.