Well probably. That's the question? I found a PC Parent system monitor on my machine last night while using spyware programs out of curiosity. Now I'm really curious. I didn't put it there. I'm the only person with physical access to my machine and I've no need for a Pc Parent program to be keeping tabs on me. So who put it there I'm asking myself? Is it possible that my ISP did it? ... I wonder about this because when I removed it, it only comes back again as soon as I log back on the net. Weird!

And every time I remove it the same thing happens. I don't want the blasted thing. How do I get rid of it for good? I've got a baaaaaaad feeling it's a high risk, well from what I've read about it. It's sneaky too and doesn't show on the taskbar, so I'd never have known about it if not for that spyware program I started using. I'm using windows 98 ... anybody know how to get rid of this thing for good? Help appreciated.

This is quite serious. I suggest until this problem is sorted, do not use any online shopping facilities or type your credit card details into your computer in anyway. Please post a Hijack This Log to the forum so that I can see what the problem is. Click the link in my signature to find out how.

Thanks for replying Owen. Below is the "Hijack This" log. Two other things seem to have cropped up since I discovered the PC Parent thing lurking in my machine, despite using spyware progs and Avast and firewall software - one is DSO exploit and the other is Possible Extension Hijack, something like that anyway. Neither of them sound very friendly. Here's the log...


Logfile of HijackThis v1.97.7
Scan saved at 00:44:27, on 01/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK\PDESK.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACK THIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evae.exe
O4 - HKLM\..\RunServices: [blaxxun Contact] C:\windows\blaxxun Contact.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [micore] \program files\micore\runc.exe
O4 - HKCU\..\Run: [blaxxun Contact] C:\windows\blaxxun Contact.exe
O4 - HKCU\..\RunServices: [Winstart] C:\windows\winstart32.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {7183CF29-0101-0001-0001-000000000001} - https://autoreg.******.***/release-6...ding/vhome.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products...dsDownload.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab


I don't know what that blaxxun thing is doing in there since I uninstalled that rubbish a long time ago, and I don't know what runc.exe and loadqm.exe are.

Just thought I'd update this post very quickly now. I've fixed the Dso Exploit problem with DSOstop2. Worked a treat. Leaves two problems, the trojan thingy and the PC Parent thing, which is really worrying me now. Thing is, I don't have anything valuable on my machine so I don't understand what anybody would want with it. I've got some game downloads, abandonware stuff, some Mp3 music downloads and that's it. I've got ZoneAlarmPro firewall running now though. But the damage has been done. Initially, before I got a firewall, a load of rubbish was dumped in a folder called Kernell in windows, mostly zipped files under 70k, which I did not open because I knew they weren't mine. They had names like Hitman crack, and Empires crack, and Bathroomsex.zip etc etc. They were probably all virus stuff. I trashed the whole lot then started running spyware progs to find out what had happened. Seems Outlook Express has been corrupted in some way, along with Active X and some of windows vital programs. I replaced some of the missing DLLs but there are still problems with some things.

As for the Pc Parent it still shows up here...

HKEY_CLASSES_ROOT\batfile\shell\open\command\!="%1 " %*

When I checked it says "C:\windows\Winbat.exe %1" ... which doesn't exist. What do I do? If I change or delete this will it screw up my windows?

My mistake. The Pc Parent is here:

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run || winlogin

The other registry in my earlier post is where the possible extension hijack thing is located.

Could you please update your version of Hijack This. The latest version can be downloaded from here