1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

193.224.189.2? Weird random login page?

Discussion in 'Windows - Software discussion' started by xRaidenx, Jan 5, 2008.

  1. xRaidenx

    xRaidenx Member

    Joined:
    May 6, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    I'm getting this weird random login page and i want to make sure it isnt an embedded virus/backdoor or something cause i just installed windows XP BLACK and i've heard that there are people that put shit into that allo them to take control of your computer if someone could tell me it this is a threat then that would help. Also below i posted my hijackthis log profile!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:48:49 AM, on 1/5/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    G:\WINDOWS\System32\smss.exe
    G:\WINDOWS\system32\winlogon.exe
    G:\WINDOWS\system32\services.exe
    G:\WINDOWS\system32\lsass.exe
    G:\WINDOWS\system32\svchost.exe
    G:\WINDOWS\System32\svchost.exe
    G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    G:\WINDOWS\Explorer.EXE
    G:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    G:\WINDOWS\system32\spoolsv.exe
    G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    G:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    G:\WINDOWS\system32\nvsvc32.exe
    G:\WINDOWS\system32\PSIService.exe
    G:\Program Files\Viewpoint\Common\ViewpointService.exe
    G:\WINDOWS\system32\wscntfy.exe
    G:\WINDOWS\system32\RUNDLL32.EXE
    G:\Program Files\Common Files\Symantec Shared\ccApp.exe
    G:\Program Files\iTunes\iTunesHelper.exe
    G:\Program Files\AIM6\aim6.exe
    G:\WINDOWS\system32\ctfmon.exe
    G:\Program Files\Messenger\msmsgs.exe
    G:\Program Files\DAEMON Tools Lite\daemon.exe
    G:\Program Files\Common Files\AOL\Loader\aolload.exe
    G:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    G:\Program Files\AIM6\aolsoftware.exe
    G:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    G:\Program Files\Mozilla Firefox\firefox.exe
    G:\Program Files\iPod\bin\iPodService.exe
    G:\WINDOWS\system32\svchost.exe
    G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE
    G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://blackxptoolbar.myforumtoolbar.com/SetupFinish
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.224.189.2:8080
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - G:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    R3 - URLSearchHook: BlackXP Toolbar - {236bd960-2fab-4645-9bc1-dae85904734e} - G:\Program Files\BlackXP\tbBla1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - G:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: BlackXP Toolbar - {236bd960-2fab-4645-9bc1-dae85904734e} - G:\Program Files\BlackXP\tbBla1.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - G:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: BlackXP Toolbar - {236bd960-2fab-4645-9bc1-dae85904734e} - G:\Program Files\BlackXP\tbBla1.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - G:\Program Files\Styler\TB\StylerTB.dll
    O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - G:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - G:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] "G:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cfgwiz.exe" /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [osCheck] "G:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [MSConfig] G:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [Aim6] "G:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "G:\Program Files\DAEMON Tools Lite\daemon.exe"
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "G:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "G:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: HolidaysStar_by adni18.exe
    O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
    O8 - Extra context menu item: &AOL Toolbar Search - g:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - G:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - G:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - G:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - G:\WINDOWS\system32\PSIService.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - G:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - G:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - G:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 10249 bytes
     
    xRaidenx, Jan 5, 2008
    #1
  2. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Reboot into safe mode. Run HJK. Place check marks next to all the items listed below. click, Fix Checked. Reboot.

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

    O4 - Global Startup: HolidaysStar_by adni18.exe

     
    Last edited: Feb 20, 2008
    QuikDraw, Jan 5, 2008
    #2

Share This Page