PDA

View Full Version : New Highjack log

petersmyth
August 22nd, 2003, 07:15 AM
I'm submitting my first highjack log. Can someone please look at it and explain why my puter still works as well as it does ;D :o

Logfile of HijackThis v1.96.1
Scan saved at 12:03:12, on 22/08/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\CYBERMEDIA\CMAGENT.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\OLDDISK\PROGRAM FILES\MAILWASHER\MAILWASHER.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nbonline.co.uk/ibank/index.php
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.95-deleon.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.95-deleon.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [CyberMedia Agent] "C:\PROGRAM FILES\CYBERMEDIA\CMAGENT.EXE" /SU
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [New application] C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O4 - Startup: Image.LNK = C:\Program Files\Norton Utilities\IMAGE32.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll

Cheers, .......Peter
Pieter_Arntz
August 22nd, 2003, 07:33 AM
-{ Quote: " quoting: petersmyth link=board=21;threadid=12741;start=0#msg81729 date=1061550933]
I'm submitting my first highjack log. Can someone please look at it and explain why my puter still works as well as it does ;D :o
" }-

Hi petersmyth,

Welcome at Wilders. :)

Probably because you take good care of it and don't accept ActiveX. ;)
Nothing wrong with your log.

Regards,

Pieter
petersmyth
August 22nd, 2003, 07:45 AM
Hi Pieter thanks but what am I missing by not accepting Active X :o Or put another way what are the advantages of not accepting ActiveX. ........Peter
Pieter_Arntz
August 22nd, 2003, 07:53 AM
Hi petersmyth ,

What you are missing is programs running locally on your computer triggered by Internet Explorer (if you use that)
There are some useful ones: Windows update, Macromedia, Quicktime, some online scanners, banks and providers use ActiveX.
But there are also a lot of them that sneakily install spyware, dialers and crapware in general on your PC.

Normally these are listed under O16 in HijackThis, but yours show none, hence my remark. (you did post the entire log, didn't you?)

Regards,

Pieter
petersmyth
August 22nd, 2003, 08:16 AM
Yep Pieter that was the entire log. I use Opera for all my online browsing except Banking, funny you mentioned that, and because my online bank doesn't support Opera I have to use IE to access it. BTW I use the same bank on and offline so you see my problem.

Now I know why there's a few niggly things I can't do online by not accepting ActiveX. If I decide I need it how do I activate it again for certain downloads. As for the M/S updates, my Win 98se o/s has been pensioned off ;D :'(
Pieter_Arntz
August 22nd, 2003, 08:35 AM
Hi petersmyth,

The easiest way is to add your bank and other sites where you need ActiveX to your Trusted Sites (and only if you really trust them).
Where Win98 may be retired IE6 is not and you have not installed SP1 yet. ;)

Regards,

Pieter