Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My HijackThis Log


  • Please log in to reply

#1
Coren

Coren

    New Member

  • Member
  • Pip
  • 5 posts
Couple days ago I was scanning my computer with Spysweeper and I found an adware named "216.65.101.250 hijack". I deleted it and did a new scan, but it had returned. I deleted it again, but it came back. In this point I decided to clean up my whole hardware.

Before scanning with HijackThis, I've scanned with these programs

F-Secure
Ad-Aware SE
CleanUp!
CWShredder
Spybot S&D
TrojanHunter
Housecall
Spysweeper


Logfile of HijackThis v1.99.1
Scan saved at 16:09:26, on 11.8.2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINTOOSA\SYSTEM\KERNEL32.DLL
C:\WINTOOSA\SYSTEM\MSGSRV32.EXE
C:\WINTOOSA\SYSTEM\SPOOL32.EXE
C:\WINTOOSA\SYSTEM\MPREXE.EXE
C:\WINTOOSA\SYSTEM\MSTASK.EXE
C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FSMA32.EXE
C:\WINTOOSA\SYSTEM\KB891711\KB891711.EXE
C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FSMB32.EXE
C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FCH32.EXE
C:\OHJELMATIEDOSTOT\F-SECURE\BACKWEB\7681197\PROGRAM\FSBWSYS.EXE
C:\WINTOOSA\SYSTEM\LEXBCES.EXE
C:\WINTOOSA\SYSTEM\RPCSS.EXE
C:\OHJELMATIEDOSTOT\F-SECURE\BACKWEB\7681197\PROGRAM\F-SECURE AUTOMATIC UPDATE.EXE
C:\WINTOOSA\SYSTEM\LEXPPS.EXE
C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FNRB32.EXE
C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FAMEH32.EXE
C:\OHJELMATIEDOSTOT\F-SECURE\ANTI-VIRUS\FSGK32.EXE
C:\OHJELMATIEDOSTOT\F-SECURE\FWES\PROGRAM\FSDFWD.EXE
C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FIH32.EXE
C:\OHJELMATIEDOSTOT\F-SECURE\ANTI-VIRUS\FSSM32.EXE
C:\WINTOOSA\SYSTEM\mmtask.tsk
C:\OHJELMATIEDOSTOT\F-SECURE\ANTI-VIRUS\FSAV32.EXE
C:\WINTOOSA\EXPLORER.EXE
C:\WINTOOSA\TASKMON.EXE
C:\WINTOOSA\SYSTEM\SYSTRAY.EXE
C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FSM32.EXE
C:\WINTOOSA\V38SHELL.EXE
C:\OHJELMATIEDOSTOT\TROJANHUNTER 4.2\THGUARD.EXE
C:\OHJELMATIEDOSTOT\F-SECURE\FSGUI\FSGUIEXE.EXE
C:\WINTOOSA\SYSTEM\WMIEXE.EXE
D:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://216.65.101.250/sbms/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phnet.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.phnet.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\OHJELMATIEDOSTOT\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINTOOSA\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINTOOSA\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINTOOSA\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Ohjelmatiedostot\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Ohjelmatiedostot\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINTOOSA\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ASUSTweakEnable] C:\Ohjelmatiedostot\ASUS\Tweaking Utilities\atstart.exe
O4 - HKLM\..\Run: [ASUSKey] V38SHELL.EXE
O4 - HKLM\..\Run: [THGuard] "C:\OHJELMATIEDOSTOT\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINTOOSA\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\Ohjelmatiedostot\F-Secure\Common\FSMA32.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINTOOSA\SYSTEM\KB891711\KB891711.EXE
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Ohjelmatiedostot\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINTOOSA\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINTOOSA\SYSTEM\MSJAVA.DLL
O16 - DPF: {2DAE59A1-B355-4653-8D33-33A3A8F8C078} (MaxisVacationTeleX Control) - http://thesims.ea.co...cationTeleX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communitie...t/msnchat45.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuche...ivex/web591.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.ipswitch....tp_le/setup.exe
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4063B398-3FC7-433E-B23B-0460CE7EDC27} (MaxisMakinMagicTeleX Control) - http://thesims.ea.co...nMagicTeleX.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://irc.everywher...va/cfs40320.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab


Thank you
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi C. Welcome to GTG. Are you still having trouble or did you get this resolved?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP