Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desktop Hijacked by Spyware Sheriff


  • Please log in to reply

#1
ashishgupta04

ashishgupta04

    New Member

  • Member
  • Pip
  • 1 posts
I cannot change my Desktop. It says "System Stopped...system has been stopped due to serious malfunction..."
I check my startup programs and there were a bunch of prgorams installed like spyware sheriff, winstall, country selection etc
There is still one suspicious program in the startup "c:\WINNT\isrvs\ffisearch.exe"
Every time i run i boot my computer i get a icon of "Sex" on my desktop..........please help me as i have spent hours running various anti spyware :tazz:

My Hijack This log is:
Logfile of HijackThis v1.99.1
Scan saved at 11:39:29 AM, on 6/29/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\Program Files\Connected\CBlaunch.exe
C:\WINNT\System32\cpqalert.exe
C:\WINNT\WNTMM.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\pctspk.exe
C:\DmiNT40\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cpqdmi.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\BHOZapper\BHOZapper.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\regsvr32.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\WINNT\Profiles\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program

Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000093.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} -

C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login -

{2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program

Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINNT\system32\Shdocvw.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.addictivetechnologies.com (HKLM)
O15 - Trusted Zone: *.addictivetechnologies.net (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.c4tdownload.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.f1organizer.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.megapornix.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.overpro.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be

Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be

Internet Zone (HKLM)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload

Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {CA8A9780-280D-11CF-A24D-444553540000} (Acrobat Control for

ActiveX) - http://www.adobe.com.../ocxreader.html
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} -

C:\WINNT\isrvs\mfiltis.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner -

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner -

C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file

missing)
O23 - Service: Connected RegCap (CBRegCap) - Connected Corporation -

C:\Program Files\Connected\CBRegCap.EXE
O23 - Service: Connected Launcher (ConnectedLauncher) - Connected Corporation

- C:\Program Files\Connected\CBlaunch.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation

- C:\WINNT\System32\cpqalert.exe
O23 - Service: CPQDMI - Compaq Computer Corporation -

C:\WINNT\System32\cpqdmi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -

VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DRMU - Unknown owner - C:\WINNT\WNTMM.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: W2K PCtel speaker phone (pctspk) - PCtel, Inc. -

C:\WINNT\System32\pctspk.exe
O23 - Service: Win32sl - Intel - C:\DmiNT40\Win32\bin\Win32sl.exe
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP