Can one of our HJT experts please check this for me. I have removed a couple of real nasties but others may still be lurking in there, plus any other freeloaders that are not needed. And would like to add, that I am thankfull of the help given here @ PC Guide, a few years ago I would never have attempted to do what I have to day. :):D

Thanx to all.
PS: When I did a print out, it was 3 pages long ?????


Thank you



Logfile of HijackThis v1.99.1
Scan saved at 12:47:03, on 30/04/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-GB\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SPAMIHILATOR\SPAMIHILATOR.EXE
C:\WINDOWS\TWAIN_32\1200UB\WATCH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HJTNEW\HIJACKTHIS NEW.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\PROGRAM FILES\POPUP MANAGER\POPUPMGR_1.0.1.5.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\PROGRAM FILES\SPAMBLOCKERUTILITY\BIN\4.6.0.0\SBHOSTIE.DLL (file missing)
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\PROGRAM FILES\SHOPPERREPORTS\BIN\1.0.3.0\SHPRRPRT.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\PROGRAM FILES\SPAMBLOCKERUTILITY\BIN\4.6.0.0\SBHOSTIE.DLL (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.4000.1001\EN-GB\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Onscreen Display] C:\Program Files\Netropa\Onscreen Display\OSD.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.0.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\PROGRAM FILES\SPAMBLOCKERUTILITY\BIN\4.6.0.0\SBWEATHERONTR AY.EXE
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\BIN\460~1.0\SBInst.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - Startup: Watch.lnk = C:\Windows\TWAIN_32\1200UB\WATCH.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\Windows\system\E_SRCV03.EXE
O4 - User Startup: Watch.lnk = C:\Windows\TWAIN_32\1200UB\WATCH.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\Windows\system\E_SRCV03.EXE
O8 - Extra context menu item: Check &Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\PROGRAM FILES\SHOPPERREPORTS\BIN\1.0.3.0\SHPRRPRT.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\PROGRAM FILES\SHOPPERREPORTS\BIN\1.0.3.0\SHPRRPRT.DLL
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - [url]http://support.packardbell.com/files/activex/InfosFinder2.CAB[/url]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [url]http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab[/url]
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (WHIP! Control) - [url]ftp://ftp.autodesk.com/pub/autocad/plugin/whip.cab[/url]
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - [url]http://installs.spamblockerutility.com/installs/SpamBlockerUtility/programs/SpamBlockerUtility.cab[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url]
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - [url]http://www.crucial.com/controls/cpcScanner.cab[/url]

Looks good to me! Are you having any problems?

Yes, booted up this am and had a porn icon on my desk top. Tried to delete it but would not delete, said it was part of Widows. Eventually did HJT and found it, but do not know if it has left any thing hidden?
It was every where. Is there any thing extraneous I can fix also. And thanx.

I do see a couple of things that may need attention... Please open an HJT scan and put checks by these if you are not sure they are safe:

O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\PROGRAM FILES\SHOPPERREPORTS\BIN\1.0.3.0\SHPRRPRT.DLL
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\PROGRAM FILES\SHOPPERREPORTS\BIN\1.0.3.0\SHPRRPRT.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\PROGRAM FILES\SHOPPERREPORTS\BIN\1.0.3.0\SHPRRPRT.DLL

The info I was able to find on these is unclear... If you are not sure they are okay, you could fix them and see if it helps:

O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\PROGRAM FILES\SPAMBLOCKERUTILITY\BIN\4.6.0.0\SBHOSTIE.DLL (file missing)
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\PROGRAM FILES\SPAMBLOCKERUTILITY\BIN\4.6.0.0\SBHOSTIE.DLL (file missing)
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.0.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\PROGRAM FILES\SPAMBLOCKERUTILITY\BIN\4.6.0.0\SBWEATHERONTR AY.EXE
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\BIN\460~1.0\SBInst.exe

Close all open windows except for HJT and click on Fix checked...

If you find that this helps, you will want to uninstall each of these programs... If it doesn't help, you can restore them from the HJT backups... Post back on what you do and if it helps...

Thanx will do.

Before HJT came along I found out how to remove things from your Desktop that couldn't be removed from the desktop itself. Go to youe partition with Windows in it and open Windows, then Desktop and delete from there. Most times it would work IIRC. But with a handy tool as HJT the manual method is no longer needed.

I see you are using SPAMIHILATOR. This is a really great spam blocking tool if you do not use Thunderbird. It learns spam quickly and prevents it from getting on your PC. Love it for people who use earlier versions of Netscape and OE.

Also, I do not see a firewall on this PC. Now would be a good time to get one and finally, I would get a copy of Firefox and stop using IE.

Thanx! How :o

How what?? :confused:

Did you do any HJT fixes yet... Have you seen a difference in the problem... Please post a fresh HJT log to see if there is anything else that needs attention...

Sorry I have taken so long to reply. I have had big problems, ie pc rebooting, slow in in changeing windows and access to Internet denied. Contacted ISP and BT, they could not find any problems, but I suspect that it was onetel that had server problems, the suggested that I re-instal and I have but still could not access internet till this am, hhmmmnn was it the ISP. Made a copy of latest log and will post it later it is on a floppy, after re-installing my pc still freezes @ times and keep loseing the internet. :mad: even now to post this I will have to log on again?

It may also be a good idea to run an MWavScan if the computer will stay working long enough to do it... Try it in Safe Mode if that will work...
It will produce a log in the lower right hand corner and you will need to use Ctrl-C to copy the bottom part of it that has the bad items and then paste it here for review....

http://www.mwti.net/antivirus/free_utilities.asp

It will suggest that you buy the product to fix what it finds, but that is not necessary... Just post the bad part of the scan and we will deal with it...

Thanx, just came from hospital to have some stiches re-sutured in my foot, yesterday Tues 31st. (24 hrs later)
Here is acopy of the log.

Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Sierra On-Line\EREG3201.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\Program Files\Sierra On-Line\EREG.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\SYSTEM\JETERR40.CHM". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\SYSTEM\SQLSOLDB.HLP". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\SYSTEM\SQLOLEDB.TXT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINDOWS\SYSTEM\MSRPJT40.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D3B1DE00-6B94-1069-8754-08002B2BD64F}" refers to invalid object "c:\windows\SYSTEM\disktool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}" refers to invalid object "ksqmf.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765C5-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "BRPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765C6-AE47-11D1-9975-00805F8AC636}" refers to invalid object "BRPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765C7-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "BRPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765C8-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "EDPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765CB-AE47-11D1-9975-00805F8AC63E}" refers to invalid object "MNPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FC765CC-AE47-11D1-9975-00805F8AC6B3}" refers to invalid object "MNPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{62845280-4FE2-11D1-8EAC-00805FD26FAA}" refers to invalid object "LIPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{744C3DF0-DFAE-11D1-826B-00805F2AB103}" refers to invalid object "BRPREF32.DLL". Action Taken: No Action Taken.
Entry "HKCR\Overview.Document" refers to invalid object "{DA23B9C9-6893-11D0-8534-00C04FD7AD0C}". Action Taken: No Action Taken.
Entry "HKCR\NetscapeMarkup" refers to invalid object "{61D8DE20-CA9A-11CE-9EA5-0080C82BE3B6}". Action Taken: No Action Taken.

Run Regseeker (http://www.snapfiles.com/get/regseeker.html) to remove all the invalid objects. I would not bother with backups.

the suggested that I re-instal and I have but still could not access internet till this am

reinstall what? modem? router?

You've got Alexa. Adaware should take care of it.

Take care of that foot. We don't want another 'invalid object' on our hands... ;)

Thanx already taken care of (And Foot) lol

If the computer is still unstable, we can try some other options... How is it going... Try this one if it is still unstable:

http://www.f-secure.com/blacklight/

It seems to be stable now. I have re-installed every thing ie Win98 SE, Spy Bot, Adaware and AVG. Adaware found 16 items, and have fixed them. Is it wise to quarantine or just delete them? I have 23 items in "q" from just the first scan after re-installing evey thing. And again thanx.

You reinstalled Windows and AdAware found stuff on a fresh install??? :confused:

Something's fishy.

It was the first thing I did after re-installing and your.


[It may also be a good idea to run an MWavScan if the computer will stay working long enough to do it... Try it in Safe Mode if that will work...
It will produce a log in the lower right hand corner and you will need to use Ctrl-C to copy the bottom part of it that has the bad items and then paste it here for review....

http://www.mwti.net/antivirus/free_utilities.asp

It will suggest that you buy the product to fix what it finds, but that is not necessary... Just post the bad part of the scan and we will deal with it...]

After complete re installation of Win98 I am still haveing problems. I cannot access Microsoft Word 2000. Also I cannot open Word Pad ? An error window tells me that. Yhis programme has commited ana illegal operation! I have been useing it for years! Here is acopy of a recent hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 13:41:51, on 05/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
C:\WINDOWS\TWAIN_32\1200UB\WATCH.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS1991.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iesearch.freeserve.net/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.net/packard-bell
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [Multimedia Keyboard] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Onscreen Display] C:\Program Files\Netropa\Onscreen Display\OSD.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - Startup: Watch.lnk = C:\Windows\TWAIN_32\1200UB\WATCH.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Freeserve - {3FDEDD80-D07D-11D9-A398-EE516B225F3E} - http://www.freeserve.net/packard-bell/ (file missing) (HKCU)
O9 - Extra button: PB Home - {3FDEDD81-D07D-11D9-A398-EE516B225F3E} - http://www.packardbell-europe.com/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.net/packard-bell
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

I think it's time to start looking at problems other than malware.

1) Run SFC and let windows replace any files it finds.

2) Download the diagnostics from the HDD manufacturer and run them

3) Download and run MEMTEST.

Post the results from steps 1-3 and we can go from there.

When you say you did a reinstallation... Do you mean you wiped the drive, reformatted and started with a clean install or do you mean you installed over a previous install??

I have reinstalled yet again, Win98SE from the recovery cd`s and up till now all seems ok.I will reinstal AVG,SPYBOT and ADA-WARE after closeing here, after installatin ended Norton Window popped up informing me it had found a virus , Press okay to remove. I am tired now, spent 6 + hrs @ this. Still convinced it is a ISP problem, thanx all, Mangwana (To-Morrow )
SFC ? What is that ?

I have reinstalled yet again, Win98SE from the recovery cd`s and up till now all seems ok.I will reinstal AVG,SPYBOT and ADA-WARE after closeing here, after installatin ended Norton Window popped up informing me it had found a virus , Press okay to remove. I am tired now, spent 6 + hrs @ this. Still convinced it is a ISP problem, thanx all, Mangwana (To-Morrow )
SFC ? What is that ?

Why would norton be on there if you did a fresh install?

Who's recovery cd's, HP? Compaq? home-made? etc.

Recovery cd's can be used with or without reformatting. You haven't been clear enough in your answers for us to be able to tell just what you did.

I am aware of some recovery cd's that have bundled software built in that some of us consider spyware (backweb with some HP's recovery cd's) but I am not aware of any that will install a virus.

It would be nice to know the exact order of rebuilding your pc that you encountered the virus. But if it were me, I'd zero out the drive and install complete to see if it happens again.