New Highjack log

Discussion in 'privacy problems' started by petersmyth, Aug 22, 2003.

Thread Status:
Not open for further replies.
  1. petersmyth

    petersmyth Registered Member

    Joined:
    Aug 22, 2003
    Posts:
    4
    I'm submitting my first highjack log. Can someone please look at it and explain why my puter still works as well as it does :D :eek:

    Logfile of HijackThis v1.96.1
    Scan saved at 12:03:12, on 22/08/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
    C:\PROGRAM FILES\CYBERMEDIA\CMAGENT.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\OLDDISK\PROGRAM FILES\MAILWASHER\MAILWASHER.EXE
    C:\PROGRAM FILES\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nbonline.co.uk/ibank/index.php
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.95-deleon.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.95-deleon.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [CyberMedia Agent] "C:\PROGRAM FILES\CYBERMEDIA\CMAGENT.EXE" /SU
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [New application] C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
    O4 - Startup: Image.LNK = C:\Program Files\Norton Utilities\IMAGE32.EXE
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll

    Cheers, .......Peter
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi petersmyth,

    Welcome at Wilders. :)

    Probably because you take good care of it and don't accept ActiveX. ;)
    Nothing wrong with your log.

    Regards,

    Pieter
     
  3. petersmyth

    petersmyth Registered Member

    Joined:
    Aug 22, 2003
    Posts:
    4
    Hi Pieter thanks but what am I missing by not accepting Active X :eek: Or put another way what are the advantages of not accepting ActiveX. ........Peter
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi petersmyth ,

    What you are missing is programs running locally on your computer triggered by Internet Explorer (if you use that)
    There are some useful ones: Windows update, Macromedia, Quicktime, some online scanners, banks and providers use ActiveX.
    But there are also a lot of them that sneakily install spyware, dialers and crapware in general on your PC.

    Normally these are listed under O16 in HijackThis, but yours show none, hence my remark. (you did post the entire log, didn't you?)

    Regards,

    Pieter
     
  5. petersmyth

    petersmyth Registered Member

    Joined:
    Aug 22, 2003
    Posts:
    4
    Yep Pieter that was the entire log. I use Opera for all my online browsing except Banking, funny you mentioned that, and because my online bank doesn't support Opera I have to use IE to access it. BTW I use the same bank on and offline so you see my problem.

    Now I know why there's a few niggly things I can't do online by not accepting ActiveX. If I decide I need it how do I activate it again for certain downloads. As for the M/S updates, my Win 98se o/s has been pensioned off :D :'(
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi petersmyth,

    The easiest way is to add your bank and other sites where you need ActiveX to your Trusted Sites (and only if you really trust them).
    Where Win98 may be retired IE6 is not and you have not installed SP1 yet. ;)

    Regards,

    Pieter
     
Loading...
Thread Status:
Not open for further replies.