SurfinGenie
Premium
join:2005-03-17
Huntington Beach, CA
| reply to Phoenix__1
Re: Hijack-This Question
Here's your HJThis log unzipped:
Logfile of HijackThis v1.99.1
Scan saved at 09:18:33 PM, on 04/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Fast.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
D:\WINDOWS\system32\taskswitch.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
D:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
d:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\Program Files\Verizon Online\bin\mpbtn.exe
D:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\Program Files\Hijack-This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »cgi.verizon.net/bookmarks/bmredi···o_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »cgi.verizon.net/bookmarks/bmredi···=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »cgi.verizon.net/bookmarks/bmredi···o_search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »cgi.verizon.net/bookmarks/bmredi···=ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - D:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - D:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] D:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [BackgroundSwitcher] D:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] D:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [ATI Remote Control] D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: Verizon Online Support Center.lnk = D:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=···id=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - »download.mcafee.com/molbin/share···sctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···37887028
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - »download.mcafee.com/molbin/share···dmgr.cab
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - »download.mcafee.com/molbin/share···ysec.cab
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - d:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing) |
|
spooler0
Premium
join:2004-11-17 | Have you checked your host file for any added entries in it?
Do you use a hosts file? or do any of the added programs on your HJT list use one? |
|
Phoenix__1
join:2003-07-17
Holyoke, MA
| said by spooler0  :Have you checked your host file for any added entries in it? Do you use a hosts file? or do any of the added programs on your HJT list use one? YES, I do use a host file. Enclosed is a copy of my current host file and my old host file. I was going to merge the two (after I weed out the double post).
--
Want to know how to get a free mini mac? Send me a pm. |
|
Phoenix__1
join:2003-07-17
Holyoke, MA | I double checked and I "do not think" it is my host file. I'm not sure what that reg line does or is.
--
Want to know how to get a free mini mac? Send me a pm. |
|
spooler0
Premium
join:2004-11-17
| Take a look at IE>Tools>InternetOptions>Connections>LanSettings. See if you don't see it there.
Write down what you see so you can add it back if you delete it.
Mine in IE shows up in HJT logs when set to use the Local Proxy. It does not show up when not using the local proxy with IE.
It doesn't show up either way in the HJT logs when using Mozilla.
If in doubt, have HJT "fix" it. Let HJT save it as a backup. If all runs fine without it, check you IE settings again to see if it is still there. If a program you use no longer works without it, restore the backup from HJT. |
|
Phoenix__1
join:2003-07-17
Holyoke, MA
1 edit | said by spooler0 :Take a look at IE>Tools>InternetOptions>Connections>LanSettings. See if you don't see it there. Write down what you see so you can add it back if you delete it. Mine in IE shows up in HJT logs when set to use the Local Proxy. It does not show up when not using the local proxy with IE. It doesn't show up either way in the HJT logs when using Mozilla. If in doubt, have HJT "fix" it. Let HJT save it as a backup. If all runs fine without it, check you IE settings again to see if it is still there. If a program you use no longer works without it, restore the backup from HJT. I thought about that, so I already did check and there was nothing checked or added in lan settings. Think I'll remove it and then if things go wrong, restore it.
It's what I was thinking of doing, but didn't think it would hurt to ask and see if anyone else has seen this before. I use Firefox, not IE.
edit: Surprise! The setting was in fact in Firefox. I'm going to remove it and then see what happens. |
|
Phoenix__1
join:2003-07-17
Holyoke, MA
| said by Phoenix__1 :said by spooler0 :Take a look at IE>Tools>InternetOptions>Connections>LanSettings. See if you don't see it there. Write down what you see so you can add it back if you delete it. Mine in IE shows up in HJT logs when set to use the Local Proxy. It does not show up when not using the local proxy with IE. It doesn't show up either way in the HJT logs when using Mozilla. If in doubt, have HJT "fix" it. Let HJT save it as a backup. If all runs fine without it, check you IE settings again to see if it is still there. If a program you use no longer works without it, restore the backup from HJT. I thought about that, so I already did check and there was nothing checked or added in lan settings. Think I'll remove it and then if things go wrong, restore it. It's what I was thinking of doing, but didn't think it would hurt to ask and see if anyone else has seen this before. I use Firefox, not IE. edit: Surprise! The setting was in fact in Firefox. I'm going to remove it and then see what happens. Deleted the setting out of Firefox & also using Hijackthis, then rebooted. It didn't come back and everything is running fine.  Still going to probe my system to find how it got there though. :/
--
Want to know how to get a free mini mac? Send me a pm. |
|
