TheTechGuide Forum

General Category => Tech Clinic => Topic started by: shaggyadam on July 08, 2005, 09:35:12 AM

Title: spysherrif.
Post by: shaggyadam on July 08, 2005, 09:35:12 AM

here is my log. sorry if its in wrong place im new to forums. many thanks
shaggygarbo@Email Removed


Logfile of HijackThis v1.99.1
Scan saved at 15:22:49, on 08/07/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\CTSvcCDA.EXE
F:\WINDOWS\stchost.exe
F:\WINDOWS\Explorer.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
F:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
F:\WINDOWS\System32\service.exe
F:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe
F:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
F:\WINDOWS\System32\carpserv.exe
F:\WINDOWS\System32\ctfmon.exe
F:\WINDOWS\System32\devldr32.exe
F:\Program Files\Logitech\MouseWare\system\em_exec.exe
F:\Program Files\lotus\wordpro\ltsstart.exe
F:\Program Files\BT Broadband Help\bin\mpbtn.exe
C:\Program Files\SpySheriff\SpySheriff.exe
f:\program files\internet explorer\iexplore.exe
F:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/ (http://\"http://uk.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - F:\WINDOWS\System32\ztoolb003.dll
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DSLSTATEXE] F:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] F:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Registry Value Name] service.exe
O4 - HKLM\..\Run: [Motive SmartBridge] F:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [eSafe Protect] "F:\Program Files\eSafe\Protect\ESPWatch.exe" /delay=5
O4 - HKLM\..\Run: [Creative Launcher] F:\Program Files\Creative\Launcher\CTLauncher.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AudioHQ] F:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\RunServices: [Registry Value Name] service.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Global Startup: BT Broadband Basic Help.lnk = F:\Program Files\BT Broadband Help\bin\matcli.exe
O4 - Global Startup: Lotus QuickStart.lnk = F:\Program Files\lotus\wordpro\ltsstart.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://F:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:oo.mht!http://195.225.177.33//vx//targ.chm::/win32.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF3FB79A-06B8-4186-B297-859EDEAAAB3E}: NameServer = 194.72.9.39 194.74.65.87
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - F:\WINDOWS\system32\netek32.exe (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - F:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: stchost.exe (moto) - Unknown owner - F:\WINDOWS\stchost.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - F:\WINDOWS\svchost.exe (file missing)