hijack check please

Many Thanks,
Logfile of HijackThis v1.97.7
Scan saved at 07:21:06, on 29/12/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Folder Shield\FSService.exe
C:\Program Files\Folder Shield\fsp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgemc.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\HideFolders\hf.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\AnalogX\CookieWall\cookie.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\WINDOWS\hh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\John\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG_EMC] C:\PROGRA~1\Grisoft\AVG6\avgemc.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [hf] C:\Program Files\HideFolders\hf.exe /s
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Clear Fields   &0 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O8 - Extra context menu item: Customize Menu   &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill && Submit   &8 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillSubmit.html
O8 - Extra context menu item: Fill Forms   &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Fill from Identity   &; - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillIdent.html
O8 - Extra context menu item: Fill from Passcard   &' - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillPass.html
O8 - Extra context menu item: Fill Without Asking   &9 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillWithoutAsking.html
O8 - Extra context menu item: Go && Fill   &6 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComGoFill.html
O8 - Extra context menu item: Identities   &, - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Login   &7 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComGoFillSubmit.html
O8 - Extra context menu item: Logoff   &5 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: Passcards   &. - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Password Generator   &3 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: Reset Fields   &- - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O8 - Extra context menu item: Rf Options   &O - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RF Toolbar   &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Robo TaskBar Icon   &1 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: SafeNotes   &/ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html
O8 - Extra context menu item: Save Forms   &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Set Fields   &= - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms   &] (HKLM)
O9 - Extra button: Fill Id (HKLM)
O9 - Extra 'Tools' menuitem: Fill from Identity   &; (HKLM)
O9 - Extra button: Fill Pass (HKLM)
O9 - Extra 'Tools' menuitem: Fill from Passcard   &' (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms   &[ (HKLM)
O9 - Extra button: Go Fill (HKLM)
O9 - Extra 'Tools' menuitem: Go && Fill   &6 (HKLM)
O9 - Extra button: Login (HKLM)
O9 - Extra 'Tools' menuitem: Login   &7 (HKLM)
O9 - Extra button: Options (HKLM)
O9 - Extra 'Tools' menuitem: Rf Options   &O (HKLM)
O9 - Extra button: Customize (HKLM)
O9 - Extra 'Tools' menuitem: Customize Menu   &4 (HKLM)
O9 - Extra button: Generate (HKLM)
O9 - Extra 'Tools' menuitem: Password Generator   &3 (HKLM)
O9 - Extra button: TaskBar (HKLM)
O9 - Extra 'Tools' menuitem: Robo TaskBar Icon   &1 (HKLM)
O9 - Extra button: Set Fields (HKLM)
O9 - Extra 'Tools' menuitem: Set Fields   &= (HKLM)
O9 - Extra button: Reset Fields (HKLM)
O9 - Extra 'Tools' menuitem: Reset Fields   &- (HKLM)
O9 - Extra button: Clear Fields (HKLM)
O9 - Extra 'Tools' menuitem: Clear Fields   &0 (HKLM)
O9 - Extra button: Logoff (HKLM)
O9 - Extra 'Tools' menuitem: Logoff   &5 (HKLM)
O9 - Extra button: Fill Submit (HKLM)
O9 - Extra 'Tools' menuitem: Fill && Submit   &8 (HKLM)
O9 - Extra button: Fill NoAsk (HKLM)
O9 - Extra 'Tools' menuitem: Fill Without Asking   &9 (HKLM)
O9 - Extra button: Identities (HKLM)
O9 - Extra 'Tools' menuitem: Identities   &, (HKLM)
O9 - Extra button: Passcards (HKLM)
O9 - Extra 'Tools' menuitem: Passcards   &. (HKLM)
O9 - Extra button: Safenotes (HKLM)
O9 - Extra 'Tools' menuitem: SafeNotes   &/ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar   &2 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1.63-big/GoogleNav.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37632.1534837963
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4281/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F741991A-4F27-44E2-BD70-3673B8A5AE5A}: NameServer = 195.92.195.95 195.92.195.94

 

Hi tarren,

Welcome at Wilders.

Looks clean to me. Was there a special reason for having it checked?

Regards,

Pieter

 

Hello pietei,
Many thanks for reply,and for report on log.It was a colleague who suggested I have my log looked at.
If I am not experiencing problems is there any need to post a log?
Thanks again,
tarren.

 

Hi tarren,

If any scanners gives you dubious results or when you have any reason to believe that something starnge is going on, it is always a good ide to have someone check your log. They don't always reveal everything, but are an excellent tool to find any spyware or browser hijackers.

Another reason would be, that you can now save this log and when you make a new one, compare it with this one. Any changes that can't be accounted for, would be another reason to have your log checked.

Regards,

Pieter