Jump to content


Photo

Just Curious


  • Please log in to reply
3 replies to this topic

#1 mydeadfriend

mydeadfriend

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 31 May 2004 - 11:34 AM

My friend directed me to the past forums site, and upon discovering they had been closed they tried to search for the new link. They gave me the post thread one for the other section and it wasn't brought to my attention that I was meant to post here. Unforunately, I cannot delete that topic so I must apologize for having two of the same threads. There was some confusion about.

Anymoose. Here is my Hijack This! log. I am just curious as to if I should delete anything. Both Ad-Aware and Spybot Search & Destroy were ran before taking this.

Logfile of HijackThis v1.97.7
Scan saved at 12:42:17 PM, on 5/31/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\System32\atwtusb.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\documents and settings\owner\local settings\temp\hQCDS.exe
C:\Program Files\AIM95\aim.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\javaw.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Furnarchy3\Furnarchy.exe
C:\Program Files\furcadia\furcadia.exe
C:\PROGRA~1\furcadia\fured.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe
C:\Program Files\WS_FTP Pro\wsftppro.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lime_Shop\Limeshop1.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\furcadia\furcadia.exe
C:\Program Files\furcadia\Fcde.exe
C:\Program Files\furcadia\furcadia.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Lime_Shop\Limeshop0.exe
C:\Program Files\Diet Kaza\DietKaza.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\furcadia\fured.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\furcadia\furcadia.exe
C:\WINDOWS\System32\olecnv32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.51/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.51/hp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.livejournal.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.51/hp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldnet.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.51/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://autosearch.cc/search.php?qq=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://default-homep.../start.cgi?hklm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Nutshell - {7BA7B95F-9B92-4132-8012-E19B585CAF21} - C:\Program Files\nutshell\nutshell.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [hQCDS.exe] C:\documents and settings\owner\local settings\temp\hQCDS.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Limeshop0] "C:\Program Files\Lime_Shop\Limeshop0.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [olecnv32] C:\WINDOWS\System32\olecnv32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online.lnk = C:\Program Files\Verizon Online\VOLSW\Verizon Online.exe
O4 - Global Startup: LimeWire 3.8.10.lnk = C:\Program Files\LimeWire\3.8.10\LimeWire.exe
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O9 - Extra button: Control Pad (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .pic: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: ChatSpace Full Java Client 2.1.0.95 - http://chat.justacha...va/cs4fs095.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...322/mcfscan.cab

Edited by mydeadfriend, 31 May 2004 - 11:42 AM.


#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 31 May 2004 - 11:43 AM

No problem, I will delete your other one (we could have moved it for you). :wave:

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 mydeadfriend

mydeadfriend

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 31 May 2004 - 11:48 AM

Thank you! ;D I'm aware it must be annoying to find those mixed in with the important threads, I didn't mean any trouble. I'm just a forum n00b. ;P

Edited by mydeadfriend, 31 May 2004 - 11:49 AM.


#4 mydeadfriend

mydeadfriend

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 04 June 2004 - 01:32 AM

Bump.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button