|
WE HAVE MOVED. Please see our NEW Computer Forums |
11-8-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !! See you there, Larry my log..Go to the Tech-Forums Discussion Home PagePosted by: rythemposition Logfile of HijackThis v1.99.0 Scan saved at 7:17:19 PM, on 3/15/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AIM\aim.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\rundll32.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Thomas\LOCALS~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Thomas\LOCALS~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {B9FEFADB-B5E0-4A04-BD5C-64264185619B} - C:\WINDOWS\System32\meogg.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Thomas\LOCALS~1\Temp\se.dll,DllInstall O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url] O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - [url]http://www.creative.com/su/ocx/12119/CTSUEng.cab[/url] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095814659909[/url] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url] O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll[/url] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url] O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - [url]http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab[/url] O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - [url]http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319[/url] O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [url]http://www.creative.com/su/ocx/12119/CTPID.cab[/url] O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - [url]http://cdn.digitalcity.com/_media/dalaillama/ampx.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED8F6A0-F952-4EAA-BB82-6345941FED4C}: NameServer = 205.152.144.23 205.152.132.23 O18 - Filter: text/html - {D2AE4CE5-A1C1-4EAE-88D7-7CE4C0C4CB80} - C:\WINDOWS\System32\meogg.dll O18 - Filter: text/plain - {D2AE4CE5-A1C1-4EAE-88D7-7CE4C0C4CB80} - C:\WINDOWS\System32\meogg.dll O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Posted by: shuaibao I put some stuff you should take notice in red.... [QUOTE][i]Originally posted by rythemposition [/i] [B]Logfile of HijackThis v1.99.0 Scan saved at 7:17:19 PM, on 3/15/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AIM\aim.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\rundll32.exe C:\HJT\HijackThis.exe [COLOR=darkred] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Thomas\LOCALS~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Thomas\LOCALS~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank [/COLOR] O2 - BHO: (no name) - {B9FEFADB-B5E0-4A04-BD5C-64264185619B} - C:\WINDOWS\System32\meogg.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Thomas\LOCALS~1\Temp\se.dll,DllInstall O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url] O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - [url]http://www.creative.com/su/ocx/12119/CTSUEng.cab[/url] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095814659909[/url] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url] O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll[/url] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url] O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - [url]http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab[/url] O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - [url]http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319[/url] O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [url]http://www.creative.com/su/ocx/12119/CTPID.cab[/url] O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - [url]http://cdn.digitalcity.com/_media/dalaillama/ampx.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED8F6A0-F952-4EAA-BB82-6345941FED4C}: NameServer = 205.152.144.23 205.152.132.23 O18 - Filter: text/html - {D2AE4CE5-A1C1-4EAE-88D7-7CE4C0C4CB80} - C:\WINDOWS\System32\meogg.dll O18 - Filter: text/plain - {D2AE4CE5-A1C1-4EAE-88D7-7CE4C0C4CB80} - C:\WINDOWS\System32\meogg.dll O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe [/B][/QUOTE] Get rid of searchassistant.... use google to search for counterspy in my sig. Posted by: rythemposition thanks Posted by: shuaibao No problem. Don't delte it though, but scan using a spyware scanner. Posted by: Warez Monster Remove entries at your own risk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Thomas\LOCALS~1\Temp\se.dll/sp.html Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about :blank Possibly nasty This page could possibly be nasty. If you do not know the entry 'about :blank', delete it. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Thomas\LOCALS~1\Temp\se.dll/sp.html Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :blank Possibly nasty This page could possibly be nasty. If you do not know the entry 'about :blank', delete it. R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank Possibly nasty This page could possibly be nasty. If you do not know the entry 'about :blank', delete it. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank Possibly nasty This page could possibly be nasty. If you do not know the entry 'about :blank', delete it. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank Nasty This entry should be fixed by HijackThis! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank This entry should be fixed by HijackThis! O2 - BHO: (no name) - {B9FEFADB-B5E0-4A04-BD5C-64264185619B} - C:\WINDOWS\System32\meogg.dll Unknown application. O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Thomas\LOCALS~1\Temp\se.dll,DllInstall Unknown application. O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/...all/xscan53.cab[/url] This entry is possibly nasty. Should be fixed O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - [url]http://cdn.digitalcity.com/_media/dalaillama/ampx.cab[/url] Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not. O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED8F6A0-F952-4EAA-BB82-6345941FED4C}: NameServer = 205.152.144.23 205.152.132.23 Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain '205.152.144.23 205.152.132.23'? If not, fix this entry. O18 - Filter: text/html - {D2AE4CE5-A1C1-4EAE-88D7-7CE4C0C4CB80} - C:\WINDOWS\System32\meogg.dll Possibly nasty Only a few Hijackers are listed here. The most popular are 'cn' (CommonName) , 'ayb' (Lop.com) and 'relatedlinks' (Huntbar) . They should be fixed. O18 - Filter: text/plain - {D2AE4CE5-A1C1-4EAE-88D7-7CE4C0C4CB80} - C:\WINDOWS\System32\meogg.dll Check if you know this site and fix it if you do not. Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site |