Solved: ANything suspicious here?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

HansOle

Thread Starter
Joined
Jun 29, 2005
Messages
11
Hi

I have this old windows 95 machine which shows no outward signs of infection. But I have grown suspisious - can I be sure? It has been on a local net with my other severely infected machine.

Do you see anything suspicious in this hijackthis log?

Logfile of HijackThis v1.99.1
Scan saved at 09:53:43, on 29-06-05
Platform: Windows 95 C (Win9x 4.00.1111)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMER\WEBSPEED SIKKERHEDSPAKKE\COMMON\FSMA32.EXE
C:\PROGRAMMER\WEBSPEED SIKKERHEDSPAKKE\COMMON\FSMB32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMMER\WEBSPEED SIKKERHEDSPAKKE\COMMON\FCH32.EXE
C:\PROGRAMMER\WEBSPEED SIKKERHEDSPAKKE\BACKWEB\7791805\PROGRAM\FSBWSYS.EXE
C:\PROGRAMMER\WEBSPEED SIKKERHEDSPAKKE\BACKWEB\7791805\PROGRAM\BACKWEB-7791805.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMER\WEBSPEED SIKKERHEDSPAKKE\COMMON\FAMEH32.EXE
C:\PROGRAMMER\WEBSPEED SIKKERHEDSPAKKE\ANTI-VIRUS\FSGK32.EXE
C:\PROGRAMMER\WEBSPEED SIKKERHEDSPAKKE\ANTI-VIRUS\FSAV32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\MGACTRL.EXE
C:\PROGRAMMER\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE
C:\PROGRAMMER\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\PROGRAMMER\WEBSPEED SIKKERHEDSPAKKE\COMMON\FSM32.EXE
C:\PROGRAMMER\WEBSPEED SIKKERHEDSPAKKE\ANTI-VIRUS\FSSM32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMER\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMER\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.finetimesearch.com/index2.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.finetimesearch.com/index2.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.finetimesearch.com/index2.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F1 - win.ini: run=hpfsched
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {8085E374-ACBB-42F9-873F-49EC7E244F97} - C:\WINDOWS\SYSTEM\HIBOGA.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MGA Control Center] Mgactrl.exe
O4 - HKLM\..\Run: [Colorific Control Panel] C:\Programmer\Matrox MGA PowerDesk\Color\hgcctl95.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\PROGRAMMER\WEBSPEED SIKKERHEDSPAKKE\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\PROGRAMMER\WEBSPEED SIKKERHEDSPAKKE\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [fsaa] C:\PROGRAMMER\WEBSPEED SIKKERHEDSPAKKE\Common\fsaa.exe
O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\PROGRAMMER\WEBSPEED SIKKERHEDSPAKKE\Common\FSMA32.EXE
O4 - Startup: WebSpeed Sikkerhedspakke.lnk = C:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\Program\backweb-7791805.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .mov: C:\Programmer\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .avi: C:\Programmer\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .vbs: C:\Programmer\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_07) -
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
 
Joined
Jun 22, 2005
Messages
138
I don't see anything suspicious but I think you should download a free antivirus software like AVG or AntiVir to check for and delete any viruses. Also download a spyware and adware remover.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top