Re: Hijack-This Question in Security

Re: Hijack-This Question in Security http://www.dslreports.com/forum/r13081022 en Wed, 02 Dec 2009 11:49:19 EDT Wed, 02 Dec 2009 11:49:19 EDT Re: Hijack-This Question http://www.dslreports.com/forum/remark,13083355 Phoenix__1 :

said by NetFixer

:

What you saw may be related to this post: firefox localhost:loopback with Outpost firewall.

--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

Either way, it's gone. I'm not worried about system cache. In fact removing it would make things more secure, if I understand correctly.
--
Want to know how to get a free mini mac? Send me a pm.]]> http://www.dslreports.com/forum/remark,13083355 Mon, 04 Apr 2005 09:30:13 EDT Re: Hijack-This Question http://www.dslreports.com/forum/remark,13083004 NetFixer : What you saw may be related to this post: firefox localhost:loopback with Outpost firewall.

--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.]]> http://www.dslreports.com/forum/remark,13083004 Mon, 04 Apr 2005 08:16:18 EDT Re: Hijack-This Question http://www.dslreports.com/forum/remark,13081307 Phoenix__1 :

said by Phoenix__1

said by spooler0

:

Take a look at IE>Tools>InternetOptions>Connections>LanSettings. See if you don't see it there.

Write down what you see so you can add it back if you delete it.

Mine in IE shows up in HJT logs when set to use the Local Proxy. It does not show up when not using the local proxy with IE.

It doesn't show up either way in the HJT logs when using Mozilla.

If in doubt, have HJT "fix" it. Let HJT save it as a backup. If all runs fine without it, check you IE settings again to see if it is still there. If a program you use no longer works without it, restore the backup from HJT.

I thought about that, so I already did check and there was nothing checked or added in lan settings. Think I'll remove it and then if things go wrong, restore it.

It's what I was thinking of doing, but didn't think it would hurt to ask and see if anyone else has seen this before. I use Firefox, not IE.

edit: Surprise! The setting was in fact in Firefox. I'm going to remove it and then see what happens.

Deleted the setting out of Firefox & also using Hijackthis, then rebooted. It didn't come back and everything is running fine. :) Still going to probe my system to find how it got there though. :/
--
Want to know how to get a free mini mac? Send me a pm.]]> http://www.dslreports.com/forum/remark,13081307 Sun, 03 Apr 2005 23:02:49 EDT Re: Hijack-This Question http://www.dslreports.com/forum/remark,13081229 Phoenix__1 :

said by spooler0

]]> http://www.dslreports.com/forum/remark,13081229 Sun, 03 Apr 2005 22:52:02 EDT Re: Hijack-This Question http://www.dslreports.com/forum/remark,13081117 spooler0 : Take a look at IE>Tools>InternetOptions>Connections>LanSettings. See if you don't see it there.

Write down what you see so you can add it back if you delete it.

Mine in IE shows up in HJT logs when set to use the Local Proxy. It does not show up when not using the local proxy with IE.

It doesn't show up either way in the HJT logs when using Mozilla.

If in doubt, have HJT "fix" it. Let HJT save it as a backup. If all runs fine without it, check you IE settings again to see if it is still there. If a program you use no longer works without it, restore the backup from HJT.]]> http://www.dslreports.com/forum/remark,13081117 Sun, 03 Apr 2005 22:37:28 EDT Re: Hijack-This Question http://www.dslreports.com/forum/remark,13081022 Phoenix__1 : I double checked and I "do not think" it is my host file. I'm not sure what that reg line does or is.
--
Want to know how to get a free mini mac? Send me a pm.]]> http://www.dslreports.com/forum/remark,13081022 Sun, 03 Apr 2005 22:25:34 EDT Re: Hijack-This Question http://www.dslreports.com/forum/remark,13080923 Phoenix__1 :

said by spooler0

:

Have you checked your host file for any added entries in it?

Do you use a hosts file? or do any of the added programs on your HJT list use one?

YES, I do use a host file. Enclosed is a copy of my current host file and my old host file. I was going to merge the two (after I weed out the double post).
--
Want to know how to get a free mini mac? Send me a pm.

host.zip 60,045 bytes

]]> http://www.dslreports.com/forum/remark,13080923 Sun, 03 Apr 2005 22:12:39 EDT Re: Hijack-This Question http://www.dslreports.com/forum/remark,13080850 spooler0 : Have you checked your host file for any added entries in it?

Do you use a hosts file? or do any of the added programs on your HJT list use one?]]> http://www.dslreports.com/forum/remark,13080850 Sun, 03 Apr 2005 22:04:46 EDT Re: Hijack-This Question http://www.dslreports.com/forum/remark,13080767 Phoenix__1 :

said by spooler0

:

how about unzipping your log file? After that, would you paste the log into your post as text and repost the question?

Prior to doing so, would you complete ALL the steps in:

»Security »I think my computer is infected or hijacked. What should I do?

I have done all those and found no problems... This was my only question. Does anyone here know what that line is? I did not feel like going through everything else, as I know the answer to everything else.
--
Want to know how to get a free mini mac? Send me a pm.]]> http://www.dslreports.com/forum/remark,13080767 Sun, 03 Apr 2005 21:55:53 EDT Re: Hijack-This Question http://www.dslreports.com/forum/remark,13080553 SurfinGenie : Here's your HJThis log unzipped:
Logfile of HijackThis v1.99.1
Scan saved at 09:18:33 PM, on 04/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Fast.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
D:\WINDOWS\system32\taskswitch.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
D:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\Verizon Online\bin\mpbtn.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\Program Files\Hijack-This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »cgi.verizon.net/bookmarks/bmredi···o_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »cgi.verizon.net/bookmarks/bmredi···=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »cgi.verizon.net/bookmarks/bmredi···o_search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »cgi.verizon.net/bookmarks/bmredi···=ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - D:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - D:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [BackgroundSwitcher] D:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] D:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: Verizon Online Support Center.lnk = D:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=···id=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - »download.mcafee.com/molbin/share···sctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···37887028
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - »download.mcafee.com/molbin/share···dmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - »download.mcafee.com/molbin/share···ysec.cab
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)]]> http://www.dslreports.com/forum/remark,13080553 Sun, 03 Apr 2005 21:28:17 EDT Re: Hijack-This Question http://www.dslreports.com/forum/remark,13080545 NunyaBidness : logfile outside zip file

Logfile of HijackThis v1.99.1
Scan saved at 09:18:33 PM, on 04/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Fast.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
D:\WINDOWS\system32\taskswitch.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
D:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\Verizon Online\bin\mpbtn.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\Program Files\Hijack-This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »cgi.verizon.net/bookmarks/bmredi···o_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »cgi.verizon.net/bookmarks/bmredi···=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »cgi.verizon.net/bookmarks/bmredi···o_search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »cgi.verizon.net/bookmarks/bmredi···=ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - D:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - D:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [BackgroundSwitcher] D:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] D:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: Verizon Online Support Center.lnk = D:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=···id=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - »download.mcafee.com/molbin/share···sctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···37887028
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - »download.mcafee.com/molbin/share···dmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - »download.mcafee.com/molbin/share···ysec.cab
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
Nunya Bidness ]]> http://www.dslreports.com/forum/remark,13080545 Sun, 03 Apr 2005 21:27:15 EDT Re: Hijack-This Question http://www.dslreports.com/forum/remark,13080542 spooler0 : how about unzipping your log file? After that, would you paste the log into your post as text and repost the question?

Prior to doing so, would you complete ALL the steps in:

»Security »I think my computer is infected or hijacked. What should I do?]]> http://www.dslreports.com/forum/remark,13080542 Sun, 03 Apr 2005 21:26:49 EDT Hijack-This Question http://www.dslreports.com/forum/remark,13080524 Phoenix__1 : I always from time too time, do a full system for any "bugs" that may have sneaked by. I also double check everything is working as it should and is updated (though almost everything runs on auto-update any ways).

So I cam over this one thing in my log & I could use some feedback.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

This is something I have never seen before and it is the only thing that seems to stand out. Anyone have any ideals about this? I'm also including the full log, for those who still want to see it all.
--
Want to know how to get a free mini mac? Send me a pm.

hijackthis.zip 2,432 bytes
(hijackthis.log)

]]> http://www.dslreports.com/forum/remark,13080524 Sun, 03 Apr 2005 21:24:34 EDT