Comments and/or Suggestions on my "hijackthis.log"

Hello,

Any comments or suggestions would be appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 15:54:33, on 11/19/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
E:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: SmartWhois (HKLM)
O9 - Extra button: SmartWhois (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


ski123

 

Hello ski,

These are harmless, can stay or go:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

These I would question, stuff like this is an indication of hijacked search pages:

O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm

I would ask on these sites. These people do this all day long and are familiar with a wide variety of apps and processes:

http://www.wilderssecurity.com/index.php under:
adware, spyware & hijack cleaning
logs and analysis.

http://www.spywareinfo.com/yabbse/ under:
Spyware and Hijackware Removal Support
For help getting rid of spyware, browser hijackers, **** dialers, thiefware, and all other unwanted advertising parasites.

http://www.lavasoftsupport.com/index.php?showforum=44 This is Lavasoft's (Ad-Aware) section of analyzing HijackThis logs.

Regards - Charles

 

Hi ski,

Take a look at this thread: http://www.wilderssecurity.com/index.php?board=9;action=display;threadid=4164

Specifically Tony Klein's 2nd post. In it he links to a list of all known BHO's - the good, the bad, and the ugly

Also a link to the cexx site which lists all known adware - foistware - spyware.

And if you haven't, download and use BHODemon. The thread is about a comparison between BHOCop and BHODemon.

Regards - Charles

 

O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm

Those are all legit IE Context Menu entries.

 

This was an accidental double reply.

 

Hi ski123 Looks spiffy clean to me

where did you come across
O9 - Extra 'Tools' menuitem: SmartWhois (HKLM)
O9 - Extra button: SmartWhois

and have you thought about add to trusted and restricted ?
there great,, In my opinion IE should have came with them..

Lonny

 

Hello,

Thanks charlesvar,

I took your advice and did a similar post as this one in the SpywareInfo forum.
http://forums.spywareinfo.com/index.php?showtopic=17850
My next stop is there to reply.
I, also, took a look at that BHO List you recommended.
http://home01.wxs.nl/~kleyn080/BHO_list.html
Very nice! Thanks again.

-----------------------------------------------------------------------------------

Thanks markp62,

I didn't think that I had any kind of crud on this machine. But, one never knows with so much of it going around these days. The reason I posted my hijackthis log was because my computer totally locked up twice the other day. The first time was in Internet Explorer. The second time was about 10 minutes later in Windows Explorer. I make it appoint to check and get updates to my AVG, Ad-aware and SpywareBlaster as soon as they are released. But, thought maybe something snuck in that I wasn't aware of.

-----------------------------------------------------------------------------------

Thanks Lonny Jones,

Are you the same Lonny Jones that posted here:
http://forums.spywareinfo.com/index.php?showtopic=17774

Anyway...you asked about my Extra 'Tools' & button. SmartWhois is a very nice utility that a good friend of mine made me aware of. You can read all about it here:
http://www.tamos.com/products/smartwhois/

Have I thought about adding what to trusted and restricted sites?
If, you mean SmartWhois, it doesn't need to be added to any zone. Just allow it access to the internet through your firewall. Microsoft will never package any kind of utility like that with Internet Explorer. But, I should never say never.

Take care,
ski123

 

Yep twas me , taken completly wrong ,, then Spywareinfo.. spanked both of us or what they call warned,, so many warning and they boot you out I guess,, It was not a nasty or tricky link
and I didnt intend it to harm or confuse folk's ,,
I should have posted more of a discription when i did though..

all it does is open a full screen with no apperent way out except to use keybourd shortcuts or ctrl alt del the first IE in the list.
Some i assume would have had to restart there internet connection.. Some newbees would probaly have used the PCs Off button if clear instructs wernt posted I huess..

It ammazis me how they do that,, somewhat take control of our PC,, still havent figured out how it happens.

also even though I had been there I still wouldnt have posted it unles several other well respected people had been there and done that,, ie TonyKlein and gabrial
ie last thing I would do is intenionaly trick or harm others

anywho the add to trusted or restricted I got from one of the MS tools .. cant see it now, Tony mentioned another at
Jason Levine's Toolbox
http://www.jasons-toolbox.com/ScriptRepository/
called Trust Setter v1.72
It just allows us to when at a site ,add it without opening ie options da da and typing it and adding..

Lonny

PS ive had the same symtoms you report happen..
Im conviced its a compination of sygate ie win ME and me thats to blame ,, You did get the latest sygate 5.5 if its the free one ?seams to be better

 

Hi Lonny,

Was that the "evil" link that you posted in the kbalertz thread? I didn't experience any ill effects or trouble getting out. So what is the exitement about?

Regards - Charles

 

I guess the forum moderators basically just got tired of ghost trying to argue with me , and me not well not ignoring it..
cnm did say I shouldn't post such links because they get allot of newbies there,, and she/he erased the link and close it becouse the thread was overheated..
thats My interpretation anyway.. I will say It did bother me that ghost person took me that way,,

I don't care to look back at them,, (threads) just now.

take a look if you care to
Adjusting to graveyard shift
http://forums.spywareinfo.com/index.php?showtopic=17774&hl=
and
Ok cnm
No harm was intended
http://forums.spywareinfo.com/index.php?showtopic=17805&hl=

I guess the evil link so to speak, effect PCs differently ,Most of our keyboard is disabled,, only choice I had is ctrl alt del and then only the first ie in the list ,, if I do the second nothing happens(that link)

Regards
Lonny

 

The phrase 'much ado about nothing' comes to mind here. Can't believe all that fuss over your posting a link that led to a joke. Ah well.

There are a fair number of humor pages out there that say they are the "end of the internet" or something similar. This page has some (along with some broken links) as well as one clever page that claims to be the Beginning of the internet.

I tested each before I posted the link and on my PC at least, all of them were well behaved.

 

Thanks Newt,
with the way they had responded , and Charles ,others hadn't responded to my other thread where i had posted it , well I went and added some notes and made the link unhot..
just in case..
I agree the best we can do is go to URLs before posting,, maybe wait for folks like yourself that have been there to. (ie leaders)
Unless a person can read code and has test-beds with every conceivable OS configuration. we cant say they are safe for sure.
its an impossibility,,even after running our favorite anti spyware programs to check,, da da da ,, wild wild world out there.
If the web wernt unsafe what fun would it be ?

On the other hand,, about spanking,,,,,Please watch any advise I give,, and if necessary edit out anything that might cause harm,
whatever is necessary..
being corrected is another way to learn.meanwhile I tend to be very conservative, and not even suggest radical changes,
last thing I want to do is couse and have to help someone have to reinstall windows.
Lonny

 

Lonny - I've never seen anything from you that was the least bit dangerous or misleading.

As to certain web pages/sites being unsafe and maybe only unsafe for certain operating systems - the potential damage is easy enough to avoid if you have a properly protected PC. Otherwise, the unprotected user is gonna get bit by something and will be hit after ignoring all the warning information that's available so I have very little sympathy when it happens.

I know in most cases they just don't know about the potential hazards but they should. I have equally little sympathy for folks who say, 'but I didn't know you have to change the oil' when they blow up an engine.