OT: help on hijackthis

I scanned my system with it but cannot figure out which to fix:

Logfile of HijackThis v1.97.6
Scan saved at 10:13:22 pm, on 26/12/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WIN98SE\SYSTEM\KERNEL32.DLL
C:\WIN98SE\SYSTEM\MSGSRV32.EXE
C:\WIN98SE\SYSTEM\MPREXE.EXE
C:\WIN98SE\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL\PERSFW.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WIN98SE\EXPLORER.EXE
C:\WIN98SE\SYSTEM\INTERNAT.EXE
C:\WIN98SE\SYSTEM\SYSTRAY.EXE
C:\WIN98SE\SM56HLPR.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WIN98SE\SYSTEM\DDHELP.EXE
C:\WIN98SE\SYSTEM\RPCSS.EXE
C:\WIN98SE\SYSTEM\WMIEXE.EXE
C:\WIN98SE\SYSTEM\RNAAPP.EXE
C:\WIN98SE\SYSTEM\TAPISRV.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcqanda.com/dc/dcboard.php?az=show_topics&forum=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {7D8A2042-8904-43FF-A919-582CB9BA9C7F} - (no file)
O2 - BHO: (no name) - {6E34D984-4054-45E3-8452-0159A2F0D232} - (no file)
O2 - BHO: (no name) - {B824E7B0-E8E3-4D75-895E-2C309EA4CC5D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\PROGRAM FILES\UNH SOLUTIONS\IE PRIVACY KEEPER\IEPKBHO.DLL
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WIN98SE\DOWNLO~1\CONFLICT.2\ALTAVI~1.DLL
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN98SE\SYSTEM\MSDXM.OCX
O3 - Toolbar: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WIN98SE\DOWNLO~1\CONFLICT.2\ALTAVI~1.DLL
O4 - HKLM..\Run: [internat.exe] internat.exe
O4 - HKLM..\Run: [SystemTray] systray.exe
O4 - HKLM..\Run: [ScanRegistry] C:\WIN98SE\scanregw.exe /autorun
O4 - HKLM..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM..\RunServices: [PersFw] “C:\PROGRAM FILES\KERIO\PERSONAL FIREWALL\PERSFW.EXE”
O4 - HKLM..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O8 - Extra context menu item: AltaVista Search - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Translate - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextTranslation.htm
O8 - Extra context menu item: Download by Net Transport - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTAddLink.html
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTAddList.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Show/Hide Tarjim Toolbar (HKLM)
O9 - Extra ‘Tools’ menuitem: Tarjim.com (HKLM)
O9 - Extra button: Look for Spybot-S&&D updates (HKLM)
O9 - Extra ‘Tools’ menuitem: Look for Spybot-S&&D updates (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra ‘Tools’ menuitem: ieSpell (HKLM)
O9 - Extra ‘Tools’ menuitem: ieSpell Options (HKLM)
O9 - Extra ‘Tools’ menuitem: Sun Java Console (HKLM)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) - http://comp.mediaring.com/partner/pcphone/wbaxuiph311.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37937.3766435185
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} (AltaVista Toolbar) - http://toolbar.altavista.com/app/toolbar/cfg/altavista.cab?r=ENIOBQ
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

thanx in advance… :wink:

What makes you thing it is necessary to fix something? :slight_smile: Looks quite nice. You can clean this if you want:
O2 - BHO: (no name) - {7D8A2042-8904-43FF-A919-582CB9BA9C7F} - (no file)
O2 - BHO: (no name) - {6E34D984-4054-45E3-8452-0159A2F0D232} - (no file)
O2 - BHO: (no name) - {B824E7B0-E8E3-4D75-895E-2C309EA4CC5D} - (no file)
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)

I thought the same but wanted to be sure :wink:
many thanx Raman ;D (a k cookie from me :wink: )

Raman,

I’m of the same mind as Mina… not sure if there is anything I need to do with this. Could you tell me please.

Thanks, Walker.

Logfile of HijackThis v1.97.5
Scan saved at 21:28:54, on 04/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
d:\Alwil Software\Avast4\aswUpdSv.exe
d:\Alwil Software\Avast4\ashserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\RVS\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\System32\svchost.exe
d:\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\RunDll32.exe
D:\RVS\WCOM\SYSTEM\RVSCC.EXE
C:\WINDOWS\DitExp.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
D:\Alwil Software\Avast4\ashDisp.exe
D:\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Moony\moony.exe
D:\Belkin Bulldog Plus\MUPS.exe
D:\SpywareGuard\sgmain.exe
D:\United Devices\UD.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
D:\RVS\WCOM\SYSTEM\ccui.exe
D:\SpywareGuard\sgbhp.exe
D:\RVS\WCOM\SYSTEM\ADBSERV.EXE
D:\RVS\WCOM\SYSTEM\CCSRV.EXE
D:\RVS\WCOM\SYSTEM\RVSRmd.exe
D:\United Devices\ud_1396140.exe
D:\United Devices\ud_1396140_0.dir\ud_ligfit_Release.exe
C:\Documents and Settings\Ken\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - d:\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [Dit] Dit.exe
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [PCMService] “C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe”
O4 - HKLM..\Run: [CHotkey] mHotkey.exe
O4 - HKLM..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM..\Run: [avast!] d:\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ashMaiSv] D:\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM..\Run: [SmcService] D:\Sygate\SPF\smc.exe -startgui
O4 - HKLM..\Run: [Omnipage] D:\ScanSoft\OmniPageSE\opware32.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU..\RunOnce: [CommCenter] “D:\RVS\WCOM\SYSTEM\ccui.exe”
O4 - Startup: SpywareGuard.lnk = D:\SpywareGuard\sgmain.exe
O4 - Startup: UD Agent.lnk = D:\United Devices\UD.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Moony.LNK = D:\Moony\moony.exe
O4 - Global Startup: MUPS.lnk = D:\Belkin Bulldog Plus\MUPS.exe
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37900.3739814815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip..{7699411A-35B9-4657-A984-47A63EA89FA2}: NameServer = 195.235.113.3 195.235.96.90

Looks nice, if you want you can fix these useless/ not necessary Entries:

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

You use a UPS? Cool!:slight_smile:

Thanks Raman, much appreciated.

I’ve often noticed your advice’s on the hjt log and always been impressed. Think it would be nice to have your own forum (or at least one thread) for all these. :wink:

Well I can have all the A-V and PFW, but I could be stuffed if the power goes at the wrong time ;). Belt, braces and a piece of string :wink:

Thanks again… a well deserved Krma to you (if it hasn’t been abolished yet 8) ).

Walker

NO! Definitly not!! If you want, than you can do it!

I certainly do not want to! :slight_smile: