Options
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride =
Thank you for the responses i have gotten, you guys helped me out alot! i promise this is my last question of the day LOL..
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
that one is the only one i am questionable of ^^^^
my log anyways: thanks in advance!
Logfile of HijackThis v1.98.0
Scan saved at 8:52:35 PM, on 7/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Voyetra\AudioSurgeon 5\asurscsi.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\jon\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Scan Spyware] "C:\Program Files\ScanSpyware v3.7\Scanner.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
that one is the only one i am questionable of ^^^^
my log anyways: thanks in advance!
Logfile of HijackThis v1.98.0
Scan saved at 8:52:35 PM, on 7/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Voyetra\AudioSurgeon 5\asurscsi.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\jon\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Scan Spyware] "C:\Program Files\ScanSpyware v3.7\Scanner.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
0
Comments
Look at your hosts file, and see if it has THIS in it:
http://localhost 127.0.0.1
It normally, on a new install of XP or 2000 with no hijacks present, has this instead:
localhost 127.0.0.1
To find, tell the searcher to look in hidden and system directories, then tell it to look for:
hosts
If hosts has a normal entry only, there is one other place you might look, and this one normally has NOTHING without a leading # sign in it:
lmhosts.SAM
In my XP box, BOTH are in:
E:\Windows\system32\drivers\etc
NOTE, some word about the drive ID and editing, when I reauthed my XP Pro after one of my upgrades of components, C: got redirected to E: (this I left this way, this time around). So, on a virgin install XP box with no reauths, the drive letter should be C: and not E:. For 2000, change the 'Windows' in path to 'WinNT'. Since we have folks that upgrade components left and right, thought I would add about the drive letter, and since we have 2000 using folks I thought I would give the VERY simple substitution rule for them also.
IF you do not permanently MIME-associate the lmhosts.SAM file to Notepad, then you can in fact edit it with Notepad, ditto for the hosts file. So to look at and edit it without MIME-associating it, right click search result or file in My Computer, choose open with, choose notepad, and UNCHECK the part below list that talks about using this program for all files of same type. Then you will not get Notepad opening to edit this kind of file when you do not want to do that. Too easy to open wrong file, look and fix wrong file, and mash that wrong file, I leave the Open With route to edit forced to make me or others think before acting.
HTH for the specific question and others with same general question about hosts and\or lmhosts.
Admin and mod and other reader courtesy setup annotation: IF your box is on a LAN, or on DSL, or Dialup, I would like to see any entries (or an explanation as to if they are LAN or WAN related) you folks have in Lmhosts if anyone is willing, in a thread called lmhosts plus anything else you choose-- which I have NOT started because I want input but free-will input. This can give us default entries knowledge for that kind of connect in re how it relates to lmhosts also. My XP box is behind a masquing plus SPI enabled plus port-block hardened router that my ISP knows is secure and masquing, and my ISP knows why that is so-- they have in my customer support record that this is ok, because it works with how they manage IPs and my modem, which they can remote manage fine. So, to my box here, the router is DHCP feeder, DNS primary entry, and Gateway. Modem is the router's WAN gate in effect, but Modem IP is not used in setup. I'm docing this for the chance it matters later when someone else with a different LAN<->WAN setup speaks up.