Cable Forum - View Single Post - Help...Trying to get XPhome to connect via my NTLcable

John1 · 07-07-2005, 00:29

I've run it through the unofficial 'HiJack Checker'
http://hijackthis.de/index.php?langselect=english
and its picked out these items for further scrutiny:

C:\WINDOWS\system32\ZONELABS\minilog.exe
I am inclined to trust this one

C:\windows\system32\sncntr.exe
running process. (sncntr.exe)
Added as result of a Troj/Dluca-I trojan infection
This is a nasty process!
You should fix it and try to delete it manually!

C:\windows\system32\dxvid.exe
running process. (dxvid.exe)
This is a unknown process.
PAUL picked this one out as possible spyware

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar
= res://C:\DOCUME~1\Steve\LOCALS~1\Temp\sp.dll/sp.html
This entry should be fixed by HijackThis!
This entry should be fixed by HijackThis!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar
= res://C:\DOCUME~1\Steve\LOCALS~1\Temp\sp.dll/sp.html
This entry should be fixed by HijackThis!
This entry should be fixed by HijackThis!

R3 - URLSearchHook: (no name) -
{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
Should be fixed.

O2 - BHO: (no name) - {32386F8C-E797-40A3-8ADD-82494C4B37EE} -
C:\WINDOWS\System32\ceeohh.dll
Unknown application
dunno what to do with this ...

O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
Added as result of a Troj/Dluca-I trojan infection
Hit rate: 99 % (result) Must be fixed!
no room for ambiguity there then!

O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm
Unknown
Hit rate: -1 % (result) Unknown application
PAUL picked this out ......

O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com/
This entry should be fixed if this address does not belong to your
PC-manufacturer or your 'Internet-Service-Provider (ISP)'.
This entry should be fixed if 'http://www.btopenworld.com/'
is not your PC-manufacturer or your 'Internet-Service-Provider (ISP)'.
......This is the ISP of the previous owner (i think)......

O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
This entry is possibly nasty. Should be fixed.
.........i better fix it then.....

O18 - Filter: text/html - {050470D4-7F59-4C26-8A8A-9586A8FEFC8E} -
C:\WINDOWS\System32\ceeohh.dll
Only a few Hijackers are listed here. The most popular are 'cn'
(CommonName) , 'ayb' (Lop.com) and 'relatedlinks' (Huntbar) .
They should be fixed.

O18 - Filter: text/plain - {050470D4-7F59-4C26-8A8A-9586A8FEFC8E} - C:\WINDOWS\System32\ceeohh.dll
Only a few Hijackers are listed here. The most popular are 'cn'
(CommonName) , 'ayb' (Lop.com) and 'relatedlinks' (Huntbar) .
They should be fixed.

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
Unknown
..........well i'll just have to guess then....

O23 - Service: TrueVector Basic Logging Client (minilog) -
Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\minilog.exe
Unknown service. (minilog.exe)
............think i will let this one by ..........

O23 - Service: RtKit - Unknown owner -
C:\WINDOWS\system32\RtKit\rtkit.exe (file missing)
These entries shows all services which are not from Microsoft.
Often malware is starting as a systemservice and it's not easy
to detect it. Unknown service. (rtkit.exe (file missing))
Unnecessary (deactivated) entry that can be fixed.
........... i think this will get the chop ...........

************

Well its a start.
I will set to with that,
after running Adaware, Spybot and SpywareBlaster.

Be back later, and let you know how i get on !

Cheers, John

07-07-2005, 00:29	#56
John1 Inactive Join Date: May 2004 Location: London (area) Posts: 196	Re: Help...Trying to get XPhome to connect via my NTLcable I've run it through the unofficial 'HiJack Checker' http://hijackthis.de/index.php?langselect=english and its picked out these items for further scrutiny: C:\WINDOWS\system32\ZONELABS\minilog.exe I am inclined to trust this one C:\windows\system32\sncntr.exe running process. (sncntr.exe) Added as result of a Troj/Dluca-I trojan infection This is a nasty process! You should fix it and try to delete it manually! C:\windows\system32\dxvid.exe running process. (dxvid.exe) This is a unknown process. PAUL picked this one out as possible spyware R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Steve\LOCALS~1\Temp\sp.dll/sp.html This entry should be fixed by HijackThis! This entry should be fixed by HijackThis! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Steve\LOCALS~1\Temp\sp.dll/sp.html This entry should be fixed by HijackThis! This entry should be fixed by HijackThis! R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file) Should be fixed. O2 - BHO: (no name) - {32386F8C-E797-40A3-8ADD-82494C4B37EE} - C:\WINDOWS\System32\ceeohh.dll Unknown application dunno what to do with this ... O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm Added as result of a Troj/Dluca-I trojan infection Hit rate: 99 % (result) Must be fixed! no room for ambiguity there then! O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm Unknown Hit rate: -1 % (result) Unknown application PAUL picked this out ...... O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com/ This entry should be fixed if this address does not belong to your PC-manufacturer or your 'Internet-Service-Provider (ISP)'. This entry should be fixed if 'http://www.btopenworld.com/' is not your PC-manufacturer or your 'Internet-Service-Provider (ISP)'. ......This is the ISP of the previous owner (i think)...... O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe This entry is possibly nasty. Should be fixed. .........i better fix it then..... O18 - Filter: text/html - {050470D4-7F59-4C26-8A8A-9586A8FEFC8E} - C:\WINDOWS\System32\ceeohh.dll Only a few Hijackers are listed here. The most popular are 'cn' (CommonName) , 'ayb' (Lop.com) and 'relatedlinks' (Huntbar) . They should be fixed. O18 - Filter: text/plain - {050470D4-7F59-4C26-8A8A-9586A8FEFC8E} - C:\WINDOWS\System32\ceeohh.dll Only a few Hijackers are listed here. The most popular are 'cn' (CommonName) , 'ayb' (Lop.com) and 'relatedlinks' (Huntbar) . They should be fixed. O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll Unknown ..........well i'll just have to guess then.... O23 - Service: TrueVector Basic Logging Client (minilog) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\minilog.exe Unknown service. (minilog.exe) ............think i will let this one by .......... O23 - Service: RtKit - Unknown owner - C:\WINDOWS\system32\RtKit\rtkit.exe (file missing) These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (rtkit.exe (file missing)) Unnecessary (deactivated) entry that can be fixed. ........... i think this will get the chop ........... ************ Well its a start. I will set to with that, after running Adaware, Spybot and SpywareBlaster. Be back later, and let you know how i get on ! Cheers, John