Hijack this log if someone could have a look?

Hi again.

Only been here long enough for a couple of posts, but I've learned alot just lurking.

As I said in my first or second post, I've just recently (9, November 2003) reformated and reinstalled windows 98se. After installing SpywareGuard it found this:

NEW BHO DETECTION ALERT
On 08:47:08 11/12/2003 a new BHO installation attempt was detected.
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
ProgramID: AcroIEHelper.AcroIEHlprObj.1
File Location: C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
User Action Taken: REMOVE BHO


I'm not quite sure what yet what a BHO is but, as I didn't ask Adobe for it, I took the above action.

Coincidentally, the night I installed Adobe (before learning of Spyware Guard) my wife complained that her Slimbrowser was acting up.....badly. Refusing to minimize and generally locking up the system to the point of requiring a manual shutdown. She hasn't tried it since I removed the BHO.

I personally have started having problems with my preferred browser, Opera 7.2. Mostly "has performed an illegal operation and will now shutdown". This seems to be happening more and more at the same time I'm noticing the computer does not want to shutdown properly.

Not knowing what I'm looking at in the following log , I can only say that my wife does run Yahoo! Messenger while browsing to notify her of e-mails and keep in touch with friends. She also does a bit of selling on E-bay if that helps explain some of the entries.

Any help would be much appreciated.

Logfile of HijackThis v1.97.6
Scan saved at 10:51:49 AM, on 11/13/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\OPERA7\OPERA.EXE
C:\DOWNLOADEDPROGRAMS\SECURITY\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi1.ebay.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://mail.yahoo.com/
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

[EDITED to take out ebay users account] Unzy

 

About BHO's: http://home01.wxs.nl/~kleyn080/BHO_list.html

They are not ALL bad. As you can see on that list The Adobe BHO is listed as:
L {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}: AcroIEhelper.ocx/AcroIEhelper.dll - Adobe Acrobat reader

The L stands for legitimate, so there was no need to remove it.

About your problem with Opera: did you see version 7.22 was released?
http://www.wilderssecurity.com/showthread.php?t=16259

Your log is short and clean.

Regards,

Pieter

 

Hi BlackHawk,

Welcome aboard

First you'll have to learn that not all BHO's are bad. A BHO is a Browser Helping Object, used to control certain internet actions. Unfortunately, it's also popular with hijackers, who alter your personal settings and redirect you to malware places.

Read HERE if you want to know more info

Your log looks just fine , and the Adobe BHO is necessary if you use acrobat.

I dunno what your specific problem is related to, but if you feel a lockup is about to happen, open the takmanager and check in the processes tab which of the items listed has a high cpu usage

Thanks!

BTW, it's also a good idea to update your Internet Explorer (5.0 is seriously outdated) and probably a bunch of patches at windowsupdate.com

Cheers,

 

Hi Pieter

 

Hi Unzy,

Two advises are better then one. At least as long as we agree, and we usually do.

Regards,

Pieter

 

Thanks, Pieter!

Had heard that Opera 7.22 was out but thought it was not a final release. Perhaps I'll give it a go and maybe change cache size to boot.

Again, thanks.

 

Thanks!

Paranoia strikes again!!!!
Guess I'll be putting that back.

This sounds incredibly cool and very useful. Can you direct me to an area where I could learn to do this?

For what? You helped me......now, if this were a woodworking forum......

Never use IE, to tell the truth. Haven't since......well 5.0. Just never could stand it.

Thanks for taking the time to look at my log.

All the best...

 

Hi BlackHawk,

Here is a great site who has most tasks/processes covered, which appear in your processes list :

http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

To view the processes list just do ctrl-alt-del, and check the processes there.

There's no cpu usage indicator in win98SE though but at least you can crosscheck your running tasks through the tasklist.

I can dig a little further if you want to see if there are some task editors for won98SE who show cpu usage.

Cheers,

 

Hi Unzy,

Something like this: http://www.wintaskman.de/ ?

Couldn't find an English version.

Regards,

Pieter

 

EXACTLY like that Pieter

Very late here, i'll try to look for an english version as well, next thing in the morning :thumbsup:

Thanks!

Cheers,

 

Oooooooookay. The cntl/alt/del I know about. Use it when I can't get a program to close......if it hasn't locked up the system too badly.

Now that you mention task editors, I think I've read about some. Now, if I can only think of where. Appreciate your looking but if it's a bother, don't worry. Gotta do some of the work myself.

Thanks again...