Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - samui

Pages: [1]
1
Tech Clinic / can't shift this Spy Axe thing, anyone facy a crack at it
« on: January 18, 2006, 11:07:35 PM »
It's all good,all back to normal and running fine

Thanks, all your help is much appreciated

2
Tech Clinic / can't shift this Spy Axe thing, anyone facy a crack at it
« on: January 13, 2006, 03:56:47 AM »
Got the computer from Bangkok loaded with xp pro 2002 service pak 2.

how can i tell if it's the UK or US version ?

3
Tech Clinic / can't shift this Spy Axe thing, anyone facy a crack at it
« on: January 10, 2006, 07:01:28 AM »
Hi,

here are the 2 docs.

Is it just a matter of downloading the missing theme ?







Volume in drive C is DISK1_VOL1
 Volume Serial Number is 8E88-AE82

 Directory of C:\WINDOWS\Resources\Themes

15/12/2004  13:19    <DIR>          .
15/12/2004  13:19    <DIR>          ..
15/12/2004  13:19    <DIR>          Luna
29/08/2002  16:00             3,025 Windows Classic.theme
29/08/2002  16:00             1,222 Luna.theme
               2 File(s)          4,247 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna

15/12/2004  13:19    <DIR>          .
15/12/2004  13:19    <DIR>          ..
15/12/2004  13:19    <DIR>          Shell
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell

15/12/2004  13:19    <DIR>          .
15/12/2004  13:19    <DIR>          ..
15/12/2004  13:19    <DIR>          NormalColor
15/12/2004  13:19    <DIR>          Metallic
15/12/2004  13:19    <DIR>          Homestead
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor

15/12/2004  13:19    <DIR>          .
15/12/2004  13:19    <DIR>          ..
29/08/2002  16:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic

15/12/2004  13:19    <DIR>          .
15/12/2004  13:19    <DIR>          ..
29/08/2002  16:00           362,496 shellstyle.dll
               1 File(s)        362,496 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead

15/12/2004  13:19    <DIR>          .
15/12/2004  13:19    <DIR>          ..
29/08/2002  16:00           362,496 shellstyle.dll
               1 File(s)        362,496 bytes

     Total Files Listed:
               5 File(s)      1,090,711 bytes
              17 Dir(s)  73,124,970,496 bytes free

---------------------------------------------------------------------------------------------------------------
Volume in drive C is DISK1_VOL1
 Volume Serial Number is 8E88-AE82

4
Tech Clinic / can't shift this Spy Axe thing, anyone facy a crack at it
« on: January 04, 2006, 07:14:57 AM »
Hi,

searched the file and can't see it anywhere, all is running fine except i no longer have the option to select
xp apperarance for windows and buttons, only the classic style. No worries. just glad to be rid of that spyaxe thing.

Thanks again and all the best for the newyear

5
Tech Clinic / can't shift this Spy Axe thing, anyone facy a crack at it
« on: December 24, 2005, 06:23:14 AM »
It's gone !!!! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

thanks for hanging in there and bearing with me.

A thousand thanks and a merry christmas to you and yours.

PS
I live on Koh samui Island in the gulf of Thailand, the power company was repairing one of the submarine cables from the mainland, hense all the power outs.


---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         5:53:19 PM, 24-12-05
 + Report-Checksum:      38A48AD7

 + Scan result:

   No infected objects found.


::Report End


   smitRem © log file
     version 2.8

     by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: 24-12-05
The current time is: 12:19:33.79

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 checking for ShudderLTD key

ShudderLTD key not present!

 checking for PSGuard.com key


PSGuard.com key not present!




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SpyAxeFix © by noahdfear

spyaxe directory present

spyaxe uninstaller present

Starting spyaxe uninstaller

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Existing Pre-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~

Online Security Guide.url


 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~

ioctrl.dll


 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~


 ~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 744 'explorer.exe'
Killing PID 744 'explorer.exe'

Starting registry repairs

Deleting files


   Remaining Post-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~

Online Security Guide.url


 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~



 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~



 ~~~ Miscellaneous Files/folders ~~~




 ~~~ Wininet.dll ~~~

 CLEAN! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
-------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:10:26 PM, on 24-12-05
Platform: Windows XP SP2, v.2082 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2082)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\hijackthis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: IDW Logging Tool.lnk = C:\WINDOWS\system32\idwlog.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F086432-5E3A-4E72-A741-D190D1232185}: NameServer = 203.147.0.3
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

6
Tech Clinic / can't shift this Spy Axe thing, anyone facy a crack at it
« on: December 19, 2005, 11:12:40 PM »
Hi

My power situation is getting worse and the power company said it wont be resolved untill the 23rd dec.

will follow your instructions as soon a possible, thanks for bearing with me.

7
Tech Clinic / can't shift this Spy Axe thing, anyone facy a crack at it
« on: December 18, 2005, 11:29:50 PM »
Thanks for your patience, finally got power back on long enough to run Panda.


Incident                      Status                        Location                                                                                                                                                                                                                                                        

Spyware:application/bestoffer Not desinfected               C:\WINDOWS\smdat32a.sys                                                                                                                                                                                                                                        
Adware:Adware/SpyAxe          Not desinfected               C:\WINDOWS\system32\ioctrl.dll                                                                                                                                                                                                                                  
Adware:Adware/P2PNetworking   Not desinfected               C:\WINDOWS\system32\P2P Networking v1262.cpl                                                                                                                                                                                                                    
................................................................................
......

Logfile of HijackThis v1.99.1
Scan saved at 11:19:35 AM, on 19-12-05
Platform: Windows XP SP2, v.2082 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2082)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\idwlog.exe
C:\Program Files\hijackthis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: IDW Logging Tool.lnk = C:\WINDOWS\system32\idwlog.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F086432-5E3A-4E72-A741-D190D1232185}: NameServer = 203.147.0.3
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

8
Hardware / wireless access point on home network
« on: December 18, 2005, 01:58:13 AM »
Hi

I've just installed a wireless access point to the hub of my WIN XP network but can't get my laptop to connect.

My network is set for fixed IP addresses and gets to the net through an ADSL modem router with the DHCP server disabled.

My laptop can find the network but will not connect.

Can any one help

Thanks

9
Tech Clinic / can't shift this Spy Axe thing, anyone facy a crack at it
« on: December 18, 2005, 01:12:30 AM »
Sorry about the delay in replies but I'm having power outs 3 /4 times a day.

So far i've tried in various combinations.

Smitrem
fixwareout
win32delfkil
cwsshredder
ad aware
norton
ewido
spysweeper

Ad aware and spy sweeper find spy axe and delete it but it just pops up again after a reboot.


Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, December 17, 2005 12:08:44 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R79 09.12.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


17-12-05 12:08:44 PM - Scan started. (Full System Scan)

 MRU List Object Recognized!
    Location:          : C:\Documents and Settings\Administrator\Application Data\microsoft\office\recent
    Description        : list of recently opened documents using microsoft office


 MRU List Object Recognized!
    Location:          : C:\Documents and Settings\Administrator\recent
    Description        : list of recently opened documents


 MRU List Object Recognized!
    Location:          : software\microsoft\directdraw\mostrecentapplication
    Description        : most recent application to use microsoft directdraw


 MRU List Object Recognized!
    Location:          : S-1-5-21-448539723-789336058-854245398-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description        : list of recent programs opened


 MRU List Object Recognized!
    Location:          : S-1-5-21-448539723-789336058-854245398-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description        : list of recently saved files, stored according to file extension


 MRU List Object Recognized!
    Location:          : S-1-5-21-448539723-789336058-854245398-500\software\microsoft\windows\currentversion\explorer\recentdocs
    Description        : list of recent documents opened


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
    FilePath           : \SystemRoot\System32\
    ProcessID          : 144
    ThreadCreationTime : 17-12-05 4:02:37 AM
    BasePriority       : Normal


#:2 [csrss.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 192
    ThreadCreationTime : 17-12-05 4:02:45 AM
    BasePriority       : Normal


#:3 [winlogon.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 216
    ThreadCreationTime : 17-12-05 4:02:47 AM
    BasePriority       : High


#:4 [services.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 260
    ThreadCreationTime : 17-12-05 4:02:51 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2082 (xpsp.040216-1810)
    ProductVersion     : 5.1.2600.2082
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Services and Controller app
    InternalName       : services.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : services.exe

#:5 [lsass.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 272
    ThreadCreationTime : 17-12-05 4:02:52 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2082 (xpsp.040216-1810)
    ProductVersion     : 5.1.2600.2082
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Shell (Export Version)
    InternalName       : lsass.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : lsass.exe

#:6 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 444
    ThreadCreationTime : 17-12-05 4:02:56 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2082 (xpsp.040216-1810)
    ProductVersion     : 5.1.2600.2082
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:7 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 496
    ThreadCreationTime : 17-12-05 4:02:58 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2082 (xpsp.040216-1810)
    ProductVersion     : 5.1.2600.2082
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:8 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 548
    ThreadCreationTime : 17-12-05 4:02:59 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2082 (xpsp.040216-1810)
    ProductVersion     : 5.1.2600.2082
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:9 [wrsssdk.exe]
    FilePath           : C:\Program Files\Webroot\Spy Sweeper\
    ProcessID          : 632
    ThreadCreationTime : 17-12-05 4:03:01 AM
    BasePriority       : Normal
    FileVersion        : 2,0,7,456
    ProductVersion     : 2, 0
    ProductName        : Spy Sweeper SDK
    CompanyName        : Webroot Software, Inc.
    FileDescription    : Spy Sweeper SDK
    LegalCopyright     : Copyright © 2002 - 2005, All Rights Reserved.
    LegalTrademarks    : Spy Sweeper is a trademark of Webroot Software, Inc.
    OriginalFilename   : SpySweeper.exe

#:10 [explorer.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 736
    ThreadCreationTime : 17-12-05 4:03:05 AM
    BasePriority       : Normal
    FileVersion        : 6.00.2900.2082 (xpsp.040216-1810)
    ProductVersion     : 6.00.2900.2082
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Explorer
    InternalName       : explorer
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : EXPLORER.EXE

#:11 [ad-aware.exe]
    FilePath           : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID          : 1476
    ThreadCreationTime : 17-12-05 5:07:14 AM
    BasePriority       : Normal
    FileVersion        : 6.2.0.236
    ProductVersion     : SE 106
    ProductName        : Lavasoft Ad-Aware SE
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-Aware SE Core application
    InternalName       : Ad-Aware.exe
    LegalCopyright     : Copyright © Lavasoft AB Sweden
    OriginalFilename   : Ad-Aware.exe
    Comments           : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
3 entries scanned.
New critical objects:0
Objects found so far: 6




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6

12:14:41 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:56.672
Objects scanned:74000
Objects identified:0
Objects ignored:0
New critical objects:0




SPY SWEEPER LOG
********
11:45 AM: |       Start of Session, Saturday, December 17, 2005       |
11:45 AM: Spy Sweeper started
11:45 AM: Sweep initiated using definitions version 584
11:46 AM: Starting Memory Sweep
11:49 AM: Memory Sweep Complete, Elapsed Time: 00:03:25
11:49 AM: Starting Registry Sweep
11:50 AM:   Found Adware: spyaxe
11:50 AM:   HKCR\clsid\{957bab51-81ff-8195-f273-d7e286ea702f}\  (43 subtraces) (ID = 1005712)
11:50 AM:   HKLM\software\classes\clsid\{957bab51-81ff-8195-f273-d7e286ea702f}\  (43 subtraces) (ID = 1006006)
11:50 AM: Registry Sweep Complete, Elapsed Time:00:00:56
11:50 AM: Starting Cookie Sweep
11:50 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:50 AM: Starting File Sweep
12:00 PM: File Sweep Complete, Elapsed Time: 00:10:22
12:00 PM: Full Sweep has completed.  Elapsed time 00:14:58
12:00 PM: Traces Found: 88
12:03 PM: Removal process initiated
12:03 PM:   Quarantining All Traces: spyaxe
12:03 PM: Removal process completed.  Elapsed time 00:00:03
12:04 PM: Deletion from quarantine initiated
12:04 PM: Processing: spyaxe
12:04 PM: Deletion from quarantine completed.  Elapsed time 00:00:00
********
8:39 PM: |       Start of Session, Wednesday, December 14, 2005       |
8:39 PM: Spy Sweeper started
8:39 PM: Sweep initiated using definitions version 584
8:39 PM: Starting Memory Sweep
8:46 PM: Memory Sweep Complete, Elapsed Time: 00:06:42
8:46 PM: Starting Registry Sweep
8:47 PM: Registry Sweep Complete, Elapsed Time:00:00:56
8:47 PM: Starting Cookie Sweep
8:47 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:47 PM: Starting File Sweep
8:57 PM: File Sweep Complete, Elapsed Time: 00:10:07
8:57 PM: Full Sweep has completed.  Elapsed time 00:15:02
8:57 PM: Traces Found: 0
5:19 PM: Processing Startup Alerts
5:19 PM:   Removed Startup entry: SpyAxe
11:45 AM: Program Version 4.5.7  (Build 656)  Using Spyware Definitions 584
11:45 AM: |       End of Session, Saturday, December 17, 2005       |
********
5:55 PM: |       Start of Session, Wednesday, December 14, 2005       |
5:55 PM: Spy Sweeper started
5:55 PM: Sweep initiated using definitions version 584
5:56 PM: Starting Memory Sweep
6:27 PM: Memory Sweep Complete, Elapsed Time: 00:30:51
6:27 PM: Starting Registry Sweep
6:27 PM:   Found Trojan Horse: antivirus gold
6:27 PM:   HKCR\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}\  (1 subtraces) (ID = 103594)
6:27 PM:   HKLM\software\classes\appid\{70f17c8c-1744-41b6-9d07-575db448dcc5}\  (1 subtraces) (ID = 103633)
6:30 PM:   Found Adware: spyaxe
6:30 PM:   HKCR\appid\spyaxe.exe\  (1 subtraces) (ID = 1005587)
6:30 PM:   HKCR\clsid\{957bab51-81ff-8195-f273-d7e286ea702f}\  (18 subtraces) (ID = 1005712)
6:30 PM:   HKCR\typelib\{2bb3bcbf-411a-4c67-8e69-f4bb301dc333}\  (9 subtraces) (ID = 1005758)
6:30 PM:   HKLM\software\classes\appid\spyaxe.exe\  (1 subtraces) (ID = 1005850)
6:30 PM:   HKLM\software\spyaxe\  (1 subtraces) (ID = 1005861)
6:30 PM:   HKLM\software\microsoft\windows\currentversion\run\ || spyaxe (ID = 1005881)
6:30 PM:   HKLM\software\microsoft\windows\currentversion\uninstall\spyaxe\  (7 subtraces) (ID = 1005882)
6:30 PM:   HKLM\software\microsoft\windows\currentversion\app paths\spyaxe.exe\  (1 subtraces) (ID = 1005890)
6:30 PM:   HKLM\software\classes\clsid\{957bab51-81ff-8195-f273-d7e286ea702f}\  (18 subtraces) (ID = 1006006)
6:30 PM:   HKLM\software\classes\typelib\{2bb3bcbf-411a-4c67-8e69-f4bb301dc333}\  (9 subtraces) (ID = 1006052)
6:33 PM: Registry Sweep Complete, Elapsed Time:00:06:00
6:33 PM: Starting Cookie Sweep
6:33 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:33 PM: Starting File Sweep
7:03 PM: File Sweep Complete, Elapsed Time: 00:29:59
7:03 PM: Full Sweep has completed.  Elapsed time 01:07:28
7:03 PM: Traces Found: 79
7:05 PM: Removal process initiated
7:06 PM:   Quarantining All Traces: antivirus gold
7:06 PM:   Quarantining All Traces: spyaxe
7:06 PM: Removal process completed.  Elapsed time 00:00:18
7:07 PM: Deletion from quarantine initiated
7:07 PM: Processing: antivirus gold
7:07 PM: Processing: spyaxe
7:07 PM: Deletion from quarantine completed.  Elapsed time 00:00:00
8:38 PM: Program Version 4.5.7  (Build 656)  Using Spyware Definitions 584
8:39 PM: |       End of Session, Wednesday, December 14, 2005       |
********
5:24 PM: |       Start of Session, Wednesday, December 14, 2005       |
5:24 PM: Spy Sweeper started
5:35 PM: Your spyware definitions have been updated.
5:45 PM: Your spyware definitions have been updated.
5:55 PM: |       End of Session, Wednesday, December 14, 2005       |

10
Tech Clinic / can't shift this Spy Axe thing, anyone facy a crack at it
« on: December 17, 2005, 05:32:35 AM »
excuse my Ridiculousness, kinda new to this stuff.



Logfile of HijackThis v1.99.1
Scan saved at 5:19:30 PM, on 17-12-05
Platform: Windows XP SP2, v.2082 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2082)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\hijackthis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: IDW Logging Tool.lnk = C:\WINDOWS\system32\idwlog.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F086432-5E3A-4E72-A741-D190D1232185}: NameServer = 203.147.0.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{E066AF0F-B647-46CA-BCBB-1B6BE9183DBC}: NameServer = 203.146.237.237 203.146.237.222
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Regards

11
Tech Clinic / can't shift this Spy Axe thing, anyone facy a crack at it
« on: December 16, 2005, 07:25:53 AM »
Hi

In between power outs i'm following the instuctions posted for RobertN.

Will post all the logs when finished.

Thanks for your time on this, it's much appreciated

12
Tech Clinic / can't shift this Spy Axe thing, anyone facy a crack at it
« on: December 15, 2005, 04:46:29 AM »
Hi,
I've tried the methods posted so far but still can't get spyaxe off my machine.
Any one fancy a crack at this ?
Many thanks

Pages: [1]