Tech Support Forum banner

HJT log and spy sherrif

849 Views 2 Replies 2 Participants Last post by  Deckard
Logfile of HijackThis v1.99.1
Scan saved at 12:18:56 PM, on 12/14/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
O2 - BHO: IexploreOmea - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINNT\system32\winbrume.dll
O2 - BHO: (no name) - {1C0206A5-4F6F-4FAD-BDCE-AD9A0C8463Ce} - C:\WINNT\System32\ljferomo.dll
O2 - BHO: (no name) - {87185E78-A61B-4DB3-965A-3235BBD7A622} - C:\WINNT\system32\win32hp.dll
O2 - BHO: (no name) - {921BD7DB-7E52-4294-B8C5-684434277B28} - C:\WINNT\System32\ljferomo.dll
O2 - BHO: SysMon Class - {D5EFDB0E-4F51-414F-B740-54A5C87A8957} - C:\DOCUME~1\FARMER~1\LOCALS~1\Temp\accute.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [0mcamcap] C:\WINNT\System32\0mcamcap.exe
O4 - HKLM\..\Run: [updwebmin] c:\winnt\system32\updwebmin.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [win32hp] C:\WINNT\System32\winalt32.exe
O4 - HKLM\..\Run: [7v3j] C:\WINNT\System32\z1385.exe gdtgh
O4 - HKLM\..\Run: [sysvx] C:\WINNT\sysvx_.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Nord] C:\WINNT\System32\nordsys.exe
O4 - HKLM\..\Run: [system spool] C:\WINNT\System32\syspools.exe
O4 - HKLM\..\Run: [mstss] C:\Program Files\Win32waex\mstss32wa.exe
O4 - HKLM\..\Run: [WINDOWS] C:\rnjn.exe
O4 - HKLM\..\Run: [qfyqakn.dll] C:\WINNT\System32\rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\qfyqakn.dll",xysmkvf
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINNT\System32\0mcamcap.exe
O4 - HKLM\..\RunServices: [updwebmin] c:\winnt\system32\updwebmin.exe
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\winnt\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINNT\System32\0mcamcap.exe
O4 - HKCU\..\Run: [Nord] C:\WINNT\System32\nordsys.exe
O4 - HKCU\..\Run: [taskdir] C:\WINNT\System32\taskdir.exe
O4 - HKCU\..\Run: [system spool] C:\WINNT\System32\syspools.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DF.tmp
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: rpcc - C:\WINNT\System32\rpcc.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O21 - SSODL: CDRecorder026 - {A3BC5E20-0235-1ABF-9CE1-00AA00512026} - C:\WINNT\System32\vohb32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINNT\System32\msasvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
See less See more
Not open for further replies.
1 - 3 of 3 Posts

i was reading the forum rules and i see that i was extremely vague in telling you guys my problem. i am on my bosses computer at work and he is complaining of "spy sherrif" completely taking over his computer, it is opening cmd boxes everywhere and not allowing ie to access any websites whatsoever. if you guys could help me it would be greatly appreciated!
Hello, and welcome to the HijackThis Help Forum.

Apologies for any delay in replying, but we have been rather busy lately.

Since it has been a few days since you first posted, please post a fresh HijackThis Log if you still need assistance.

Thank you.
1 - 3 of 3 Posts
Not open for further replies.