hijack log

hello everybody!
could someone please look at this log and tell me if these BHO'S r supposed to be there? THANK YOU.

Logfile of HijackThis v1.97.7
Scan saved at 10:34:03 PM, on 06/10/2004
Platform: Windows 95 B (Win9x 4.00.1212)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\TELEPATH.101\tpexe.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\tapiexe.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\MYSPYKILLERS\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Gateway 2000
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [Webcelerator] C:\Program Files\Acceleration Software\Webcelerator\webcel.exe runstart
O4 - HKLM\..\Run: [ddeproc] C:\Program Files\Acceleration Software\Webcelerator\ddeproc.exe
O
O4 - HKLM\..\RunServices: [telepath] TELEPATH.101\tpexe.exe
O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\asiclayer.dll
O13 - WWW. Prefix: http://
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} - http://i1img.com/images/nocache/copilot/i1initialsetup1.0.0.5.cab
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB

 

im not telling you to fix it, but the spawareguard looks kinda suspicious. it wasent on stars list, but im still not sure. id like to see if anyone else feels the same way.

 

Ok , it's no emergency, I'M just trying to make sure I got all the garbage out. Thanks for giving it a look Dan.

 

Hello chas, busy as usual I c, yes the line with zero on it was a mistake , It was left there while I was cutting out the stuff I knew. Like my home page and virus scanner. My eye's aren't as good as they used to b.
I checked my web settings and they are set at the defaults, however the Html editor is blank (I have 2 choices, FRONT PAGE EDITOR OR WINDOWS NOTEPAD) Is leaving it blank a problem???

You have a good memory considering all the logs you look at. these lines are associated with webcelerator. (Just a reminder, I DOWNLOADED AND INSTALLED WEBCELERATOR A WHILE AGO BECAUSE IT CLAIMED TO MAKE WEB SURFING FASTER.) I checked the pest patrol page and went through regedit tree's and didn't find any of the bad stuff they had listed for EAceleration. This will refresh your memory:

"The second one has to do with these lines:
O10 - Unknown file in Winsock LSP: c:\windows\system\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\asiclayer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\asiclayer.dll

PestPatrol consider this to be from EAcceleration and classifies this as adware. See:
http://www.pestpatrol.com/PestInfo/e/eacceleration.asp

But you appear to using this. See these line:
O4 - HKLM\..\Run: [Webcelerator] C:\Program Files\Acceleration Software\Webcelerator\webcel.exe runstart
O4 - HKLM\..\Run: [ddeproc] C:\Program Files\Acceleration Software\Webcelerator\ddeproc.exe

I'm not sure what to do with this Webcelerator stuff yet. Do not touch it yet. Perhaps someone else would have some ideas if this is bad program to be intercepting your data. Spyware and Hijackers can use the LSPs (Layered Service Provider) to see all traffic being transported over your internet connection. So we need to know if Webcelerator is consider good or bad."

Thanks again for helping me get the garbage out and keeping it out.

I'm just an old dog trying to learn some new tricks.

 

Will do, luckily I already downloaded shredder, thanks again chas.

 

Hello chas,
I removed that hijack entry and went into safe mode and removed theNZDD.DLL file .
Now I get an error message when I boot up saying:
Real download can't start .Please reinstall product. (whoops)

also this is what my shredder scan looks like:

Hosts file not present
Registry value: WWW. Prefix [www.] http://
Found Win.ini file: C:\WINDOWS\win.ini (9520 bytes, A)
Found line in Win.ini: load=
Found line in Win.ini: run=hpfsched
Found System.ini file: C:\WINDOWS\system.ini (2339 bytes, A)
Found line in System.ini: shell=Explorer.exe

 

thanks chas, I still have the nzdd.dll file in the recycle bin I can go back into safe mode and restore it. also can I restore the line in hijack back up? (i c you already answered this before I asked)

AND now I can't browse using netscape, it won't go to any url I put in there but IE works fine. I also noticed that in netscape security my 128 bit encyrption is gone.

boy remove one little file and get a load of problems.

 

Just one more question (I hope) do I have to be in safe mode to restore the nzdd file from recyle bin??

 

HI chas, I went back in and restored the nzdd file from safe mode and restored the hijack back up line and now EVERYTHING IS WORKING AGAIN!

Thanks again for all your help!!

 

chas your the best. I just want to say thanks again for all the help.