I'm submitting my first highjack log. Can someone please look at it and explain why my puter still works as well as it does Logfile of HijackThis v1.96.1 Scan saved at 12:03:12, on 22/08/03 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE C:\PROGRAM FILES\CYBERMEDIA\CMAGENT.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\OLDDISK\PROGRAM FILES\MAILWASHER\MAILWASHER.EXE C:\PROGRAM FILES\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nbonline.co.uk/ibank/index.php O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.95-deleon.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.95-deleon.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe O4 - HKLM\..\Run: [CyberMedia Agent] "C:\PROGRAM FILES\CYBERMEDIA\CMAGENT.EXE" /SU O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [New application] C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE O4 - Startup: Image.LNK = C:\Program Files\Norton Utilities\IMAGE32.EXE O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsearch.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmsimilar.html O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GOOGLETOOLBAR_EN_2.0.95-DELEON.DLL/cmtrans.html O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll Cheers, .......Peter
Hi petersmyth, Welcome at Wilders. Probably because you take good care of it and don't accept ActiveX. Nothing wrong with your log. Regards, Pieter
Hi Pieter thanks but what am I missing by not accepting Active X Or put another way what are the advantages of not accepting ActiveX. ........Peter
Hi petersmyth , What you are missing is programs running locally on your computer triggered by Internet Explorer (if you use that) There are some useful ones: Windows update, Macromedia, Quicktime, some online scanners, banks and providers use ActiveX. But there are also a lot of them that sneakily install spyware, dialers and crapware in general on your PC. Normally these are listed under O16 in HijackThis, but yours show none, hence my remark. (you did post the entire log, didn't you?) Regards, Pieter
Yep Pieter that was the entire log. I use Opera for all my online browsing except Banking, funny you mentioned that, and because my online bank doesn't support Opera I have to use IE to access it. BTW I use the same bank on and offline so you see my problem. Now I know why there's a few niggly things I can't do online by not accepting ActiveX. If I decide I need it how do I activate it again for certain downloads. As for the M/S updates, my Win 98se o/s has been pensioned off
Hi petersmyth, The easiest way is to add your bank and other sites where you need ActiveX to your Trusted Sites (and only if you really trust them). Where Win98 may be retired IE6 is not and you have not installed SP1 yet. Regards, Pieter