I NEED HELP v. SPY SHERIFF and SIXA

Discussion in 'OT Technology' started by jason32145, Jun 18, 2005.

  1. jason32145

    jason32145 When Hell Is Full The Dead Walk the Earth

    Joined:
    Aug 16, 2004
    Messages:
    1,261
    Likes Received:
    0
    Location:
    NJ
    this spy sheriff program keeps comin up and this SIXA connection just keeps appearing here is my hijack this report:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:16:52 PM, on 6/18/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2

    (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\QuickTime\qttask.exe
    D:\Program Files\Adobe\Adobe Version

    Cue\ControlPanel\VersionCueTray.exe
    C:\Program

    Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\Roxio\Easy Media Creator 7\Drag

    to Disc\DrgToDsc.exe
    C:\WINDOWS\SM1BG.EXE
    C:\Program Files\MSN

    Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
    C:\windows\system32\oxtqki.exe
    C:\WINDOWS\system32\Itontz.exe
    C:\Program Files\Information Update\iu.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Adobe\Adobe Acrobat

    6.0\Distillr\acrotray.exe
    C:\Program Files\Sony\USBSircs\usbsircs.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\windows\system32\calc.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Common

    Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common

    Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Tablet.exe
    C:\Program Files\Sony\VAIO Media Music

    Server\SSSvr.exe
    C:\Program Files\Sony\Photo

    Server\appsrv\PhotoAppSrv.exe
    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    D:\Program Files\AIM\aim.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\FUNKAD~1\LOCALS~1\Temp\Rar$EX00.109\

    HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet

    Explorer\Main,Search Bar =

    http://g.msn.com/0SEENUS/SAOS01
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL =

    http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet

    Explorer\Search,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\SearchURL,(Default) = about:blank
    R3 - URLSearchHook: (no name) -

    _{4FC95EDD-4796-4966-9049-29649C80111D} - (no

    file)
    R3 - URLSearchHook: (no name) -

    _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no

    file)
    F2 - REG:system.ini: Shell=Explorer.exe

    C:\WINDOWS\system32\fservice.exe
    O2 - BHO: (no name) -

    {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no

    file)
    O2 - BHO: (no name) -

    {000020DD-C72E-4113-AF77-DD56626C6C42} - (no

    file)
    O2 - BHO: AcroIEHlprObj Class -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    D:\Program Files\Adobe\Adobe Acrobat

    6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) -

    {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -

    C:\Program Files\Microsoft

    Money\System\mnyside.dll
    O2 - BHO: IncrediFindBHO Class -

    {4FC95EDD-4796-4966-9049-29649C80111D} - (no

    file)
    O2 - BHO: (no name) -

    {53707962-6F74-2D53-2644-206D7942484F} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) -

    {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no

    file)
    O2 - BHO: ST -

    {9394EDE7-C8B5-483E-8773-474BF36AF6E4} -

    C:\Program Files\MSN

    Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: AcroIEToolbarHelper Class -

    {AE7CD045-E861-484f-8273-0445EE161910} -

    D:\Program Files\Adobe\Adobe Acrobat

    6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: MSNToolBandBHO -

    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

    C:\Program Files\MSN Apps\MSN

    Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: (no name) -

    {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no

    file)
    O3 - Toolbar: Adobe PDF -

    {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

    D:\Program Files\Adobe\Adobe Acrobat

    6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: MSN -

    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

    C:\Program Files\MSN Apps\MSN

    Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI

    Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IgfxTray]

    C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds]

    C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program

    files\support.com\client\bin\tgcmd.exe /server
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program

    Files\VERITAS Software\Update

    Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [VAIO Recovery]

    C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program

    Files\Adobe\Adobe Version

    Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched]

    C:\Program

    Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [KernelFaultCheck]

    %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Fix-It AV]

    C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program

    Files\Roxio\Easy Media Creator 7\Drag to

    Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
    O4 - HKLM\..\Run: [msnappau] "C:\Program

    Files\MSN

    Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [FRjFyWCC]

    C:\WINDOWS\ppaij.exe
    O4 - HKLM\..\Run: [oxtqki]

    c:\windows\system32\oxtqki.exe
    O4 - HKLM\..\Run: [version]

    C:\WINDOWS\system32\Inygkf.exe
    O4 - HKLM\..\Run: [secure]

    C:\WINDOWS\system32\Itontz.exe
    O4 - HKLM\..\Run: [Information Update]

    C:\Program Files\Information Update\iu.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

    C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunOnce: [NavHelper Uninstaller]

    "C:\DOCUME~1\FUNKAD~1\LOCALS~1\Temp\NE42\NHUnins

    taller.exe" silent
    O4 - HKCU\..\Run: [Windows Reg Services]

    C:\WINDOWS\System32\ffservice.exe
    O4 - HKCU\..\Run: [AIM] D:\Program

    Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Windows installer]

    C:\winstall.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Acrobat Assistant.lnk =

    D:\Program Files\Adobe\Adobe Acrobat

    6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk =

    C:\Program Files\Common

    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Remocon Driver.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk =

    C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Web Savings -

    file://C:\Program

    Files\WebSavingsfromEbates\System\Temp\ebatesweb

    savings_script0.htm
    O9 - Extra button: (no name) -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: SideFind -

    {10E42047-DEB9-4535-A118-B3F6EC39B807} -

    C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Messenger -

    {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

    C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

    {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

    C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Research -

    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM -

    {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

    D:\Program Files\AIM\aim.exe
    O9 - Extra button: MoneySide -

    {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -

    C:\Program Files\Microsoft

    Money\System\mnyside.dll
    O9 - Extra button: Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF:

    START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF:

    {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers

    Class) -

    http://messenger.zone.msn.com/binary/msgrchkr.ca

    b
    O16 - DPF:

    {14B87622-7E19-4EA8-93B3-97215F77A6BC}

    (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerSt

    atsPAClient.cab28578.cab
    O16 - DPF:

    {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -

    http://public.windupdates.com/get_file.php?bt=ie

    &p=4278c7150e4787224c6c38429e636adbc8137242b4e23

    789d3176a38b4c73bf0b37bb6a23551598edc95f4d4f7e6e

    6d36e88f21b6245c78360c897b077abda8c6a:4d9a1876e8

    cf7d4a024648f95a75768b
    O16 - DPF:

    {1C955F3B-5B32-4393-A05D-24B4970CD2A1} (Video

    Class) -

    http://streamp.babenet.com/cabs/videox.cab
    O16 - DPF:

    {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

    http://ak.imgfarm.com/images/nocache/funwebprodu

    cts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF:

    {27527D31-447B-11D5-A46E-0001023B4289}

    (CoGSManager Class) -

    http://gamingzone.ubisoft.com/dev/packages/GSMan

    ager.cab
    O16 - DPF:

    {2917297F-F02B-4B9D-81DF-494B6333150B}

    (Minesweeper Flags Class) -

    http://messenger.zone.msn.com/binary/MineSweeper

    .cab
    O16 - DPF:

    {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec

    AntiVirus scanner) -

    http://security.symantec.com/sscv6/SharedContent

    /vc/bin/AvSniff.cab
    O16 - DPF:

    {54C75FB0-6B8B-4278-BF7B-77036F15A69E} -

    http://akamai.downloadv3.com/binaries/P2EClient/

    EGAUTH_1041_EN_XP.cab
    O16 - DPF:

    {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec

    RuFSI Utility Class) -

    http://security.symantec.com/sscv6/SharedContent

    /common/bin/cabsa.cab
    O16 - DPF:

    {65E7DB1D-0101-4100-BD66-C5C78C917F93}

    (WTDMMPVersion Class) -

    http://install.wildtangent.com/bgn/partners/aoli

    m/install.cab
    O16 - DPF:

    {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl

    Class) -

    http://launch.gamespyarcade.com/software/launch/

    alaunch.cab
    O16 - DPF:

    {75D1F3B2-2A21-11D7-97B9-0010DC2A6243}

    (SecureLogin.SecureControl) -

    http://secure2.comned.com/signuptemplates/Active

    Security.cab
    O16 - DPF:

    {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}

    (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerSt

    atsClient.cab
    O16 - DPF:

    {A17E30C4-A9BA-11D4-8673-60DB54C10000}

    (YahooYMailTo Class) -

    http://us.dl1.yimg.com/download.yahoo.com/dl/ins

    talls/yse/ymmapi_416.dll
    O16 - DPF:

    {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -

    http://dload.ipbill.com/del/loader.cab
    O16 - DPF:

    {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook

    Class) -

    http://us.dl1.yimg.com/download.yahoo.com/dl/ins

    talls/suite/yautocomplete.cab
    O16 - DPF:

    {B942A249-D1E7-4C11-98AE-FCB76B08747F}

    (RealArcadeRdxIE Class) -

    http://games-dl.real.com/gameconsole/Bundler/CAB

    /RealArcadeRdxIE.cab
    O16 - DPF:

    {DFABA77C-F8BB-4AB9-BED7-7D48AE103E24} -

    http://www.myfreeicons.com/cabs/bs4-htgy.cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{0E70671F-4F08

    -47E9-BAD8-2B27E63CEFD7}: NameServer =

    151.198.0.38 151.197.0.38
    O17 -

    HKLM\System\CS1\Services\Tcpip\..\{0E70671F-4F08

    -47E9-BAD8-2B27E63CEFD7}: NameServer =

    151.198.0.38 151.197.0.38
    O20 - Winlogon Notify: igfxcui -

    C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Adobe LM Service - Unknown owner

    - C:\Program Files\Common Files\Adobe Systems

    Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems -

    D:\Program Files\Adobe\Adobe Version

    Cue\service\VersionCue.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision -

    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: EpsonBidirectionalService -

    Unknown owner - C:\Program Files\Common

    Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2

    (EPSONStatusAgent2) - SEIKO EPSON CORPORATION -

    C:\Program Files\Common

    Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Fix-It Task Manager - V

    Communications, Inc. -

    C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
    O23 - Service: GEARSecurity - GEAR Software -

    C:\WINDOWS\system32\gearsec.exe
    O23 - Service: NVIDIA Display Driver Service

    (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sony SPTI Service (SPTISRV) -

    Sony Corporation -

    C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: TabletService - Wacom Technology,

    Corp. - C:\WINDOWS\System32\Tablet.exe
    O23 - Service: VAIO Media Music Server

    (VAIOMediaPlatform-MusicServer-AppServer) -

    Unknown owner - C:\Program Files\Sony\VAIO Media

    Music Server\SSSvr.exe"

    /Service=VAIOMediaPlatform-MusicServer-AppServer

    /DisplayName="VAIO Media Music Server (file

    missing)
    O23 - Service: VAIO Media Music Server (HTTP)

    (VAIOMediaPlatform-MusicServer-HTTP) - Unknown

    owner - C:\Program Files\Common Files\Sony

    Shared\VAIO Media Platform\sv_httpd.exe"

    /Service=VAIOMediaPlatform-MusicServer-HTTP

    /RegRoot="Software\Sony Corporation\VAIO Media

    Platform\2.0"

    /RegExt="Applications\MusicServer\HTTP (file

    missing)
    O23 - Service: VAIO Media Music Server (UPnP)

    (VAIOMediaPlatform-MusicServer-UPnP) - Sony

    Corporation - C:\Program Files\Common Files\Sony

    Shared\VAIO Media Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server

    (VAIOMediaPlatform-PhotoServer-AppServer) - Sony

    Corporation - C:\Program Files\Sony\Photo

    Server\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP)

    (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown

    owner - C:\Program Files\Common Files\Sony

    Shared\VAIO Media Platform\SV_Httpd.exe"

    /Service=VAIOMediaPlatform-PhotoServer-HTTP

    /RegRoot="Software\Sony Corporation\VAIO Media

    Platform\2.0"

    /RegExt="\Applications\PhotoServer\HTTP (file

    missing)
    O23 - Service: VAIO Media Photo Server (UPnP)

    (VAIOMediaPlatform-PhotoServer-UPnP) - Sony

    Corporation - C:\Program Files\Common Files\Sony

    Shared\VAIO Media Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server

    (VAIOMediaPlatform-VideoServer-AppServer) -

    Unknown owner - C:\Program Files\Sony\Giga

    Pocket\GPVSvr.exe"

    /Service=VAIOMediaPlatform-VideoServer-AppServer

    /DisplayName="VAIO Media Video Server (file

    missing)
    O23 - Service: VAIO Media Video Server (HTTP)

    (VAIOMediaPlatform-VideoServer-HTTP) - Unknown

    owner - C:\Program Files\Common Files\Sony

    Shared\VAIO Media Platform\SV_Httpd.exe"

    /Service=VAIOMediaPlatform-VideoServer-HTTP

    /RegRoot="SOFTWARE\Sony Corporation\VAIO Media

    Platform\2.0"

    /RegExt="\Applications\VideoServer\HTTP (file

    missing)
    O23 - Service: VAIO Media Video Server (UPnP)

    (VAIOMediaPlatform-VideoServer-UPnP) - Sony

    Corporation - C:\Program Files\Common Files\Sony

    Shared\VAIO Media Platform\UPnPFramework.exe
     
  2. jason32145

    jason32145 When Hell Is Full The Dead Walk the Earth

    Joined:
    Aug 16, 2004
    Messages:
    1,261
    Likes Received:
    0
    Location:
    NJ
    real answer anyone
     
  3. MrMan

    MrMan New Member

    Joined:
    Jul 13, 2004
    Messages:
    308
    Likes Received:
    0
    I would suggest downloading Microsoft Antispyware and scan for spyware.
     
  4. Flix1023

    Flix1023 New Member

    Joined:
    Oct 10, 2004
    Messages:
    431
    Likes Received:
    0
  5. jason32145

    jason32145 When Hell Is Full The Dead Walk the Earth

    Joined:
    Aug 16, 2004
    Messages:
    1,261
    Likes Received:
    0
    Location:
    NJ
    i got rid of the Spy Sheriff but now im workin on that SIXA connection, i used "AD-Aware SE Personal" it worked fuckin well
     

Share This Page