Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Sloan

Pages: [1]
1
Tech Clinic / Spyaxe Problem!!
« on: January 11, 2006, 05:38:40 AM »
Wonderful, appreciate all the help and tips youve given me.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

2
Tech Clinic / Spyaxe Problem!!
« on: January 10, 2006, 04:40:17 AM »
---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         09:24:55, 10/01/2006
 + Report-Checksum:      99E0A0F0

 + Scan result:

   C:\WINDOWS\system32\mstmp.html -> Downloader.Psyme.bd : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 09:32:14, on 10/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1134775075\ee\AOLHostManager.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\AOL\1134775075\ee\AOLServiceHost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\common files\aol\1134775075\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1134775075\ee\AOLServiceHost.exe
C:\Documents and Settings\Sloan\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O5 "LPT1:" /M "Stylus C66"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P32 "EPSON Stylus C66 Series (Copy 1)" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134775075\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.Email Removed.uk/computercheckup/qdiagcc.cab\' target=\'_blank\' rel=\'nofollow\'>http://aolcc.aolsvc.Email Removed.uk/computercheckup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe





 Volume in drive C has no label.
 Volume Serial Number is 44C8-CEC2

 Directory of C:\WINDOWS\tasks

10/01/2006  08:50    <DIR>          .
10/01/2006  08:50    <DIR>          ..
31/03/2003  12:00                65 desktop.ini
10/01/2006  09:30                 6 SA.DAT
               2 File(s)             71 bytes

 Directory of C:\Documents and Settings\Sloan\Desktop




   smitRem © log file
     version 2.8

     by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: 10/01/2006
The current time is:  8:59:08.85

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 checking for ShudderLTD key

ShudderLTD key not present!

 checking for PSGuard.com key


PSGuard.com key not present!


 checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Existing Pre-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~



 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~



 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~


 ~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 604 'explorer.exe'
Killing PID 604 'explorer.exe'

Starting registry repairs

Deleting files


   Remaining Post-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~



 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~



 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~



 ~~~ Miscellaneous Files/folders ~~~




 ~~~ Wininet.dll ~~~

 CLEAN! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />


Heres the reports you asked for, hopefully my system is malware free. Once again thanks for the help  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

3
Tech Clinic / Spyaxe Problem!!
« on: January 09, 2006, 02:05:06 AM »
Volume in drive C has no label.
 Volume Serial Number is 44C8-CEC2

 Directory of C:\WINDOWS\tasks

28/12/2005  08:43    <DIR>          .
28/12/2005  08:43    <DIR>          ..
09/01/2006  06:00               264 B1745CEC960FDABC.job
31/03/2003  12:00                65 desktop.ini
09/01/2006  06:02                 6 SA.DAT
               3 File(s)            335 bytes

 Directory of C:\Documents and Settings\Sloan\Desktop

Hi thanks for the help. I recently recieved an update a few days ago for Ad-Aware SE Personal, before this update ad aware was unable to find spyaxe but after i received the update i ran a full system scan and ad aware found spyaxe along with alot of other spy,malware infections so i deleted all of them. I restarted my computer and spyaxe was gone but iam just wondering if its completley removed.

Iam not even sure how i got spyaxe, but its definately the worst infection ive ever had and the most annoying!

4
Tech Clinic / Spyaxe Problem!!
« on: January 07, 2006, 07:42:03 AM »
My laptop was infected with spyaxe for the past week, only recently the pop up in the system tray has dissapeared so im thinkin it may be gone. Just incase its not, heres a hijackthis log and if someone could get back to me that would be great.

I think ad-aware has an update which finds and deletes spyaxe, but im not 100% convinced it deletes everything to do with spyaxe.

Logfile of HijackThis v1.99.1
Scan saved at 12:41:45, on 07/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\1134775075\ee\AOLHostManager.exe
C:\Program Files\SpywareGuard\sgmain.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\AOL\1134775075\ee\AOLServiceHost.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\program files\common files\aol\1134775075\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1134775075\ee\AOLServiceHost.exe
C:\Program Files\AOL 9.0\wEmail Removedexe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sloan\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.loddmlimymqj.com/P0X7QCer/NVkpI...joXUKDqVJcA.cgi
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {A102D4FE-0186-4B34-5018-64356CDE7FF3} - C:\DOCUME~1\Sloan\APPLIC~1\LOGO32\Dog Proc.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O5 "LPT1:" /M "Stylus C66"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P32 "EPSON Stylus C66 Series (Copy 1)" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134775075\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Proconethunknoun] C:\Documents and Settings\All Users\Application Data\Warn part proc one\Ref Trust.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [metalove] C:\DOCUME~1\Sloan\APPLIC~1\KNOBST~1\Bird 16 Cdrom.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.Email Removed.uk/computercheckup/qdiagcc.cab\' target=\'_blank\' rel=\'nofollow\'>http://aolcc.aolsvc.Email Removed.uk/computercheckup/qdiagcc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C567934-E724-4573-85B9-09C75155BC87}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

5
Tech Clinic / can't shift this Spy Axe thing, anyone facy a crack at it
« on: January 05, 2006, 08:25:54 AM »
Volume in drive C has no label.
 Volume Serial Number is 44C8-CEC2

 Directory of C:\WINDOWS\Resources\Themes

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
12/08/2005  23:38    <DIR>          Community
08/12/2001  01:38             1,089 Community.Theme
12/08/2005  23:38    <DIR>          Coughdrop
12/02/2002  20:43             1,086 CoughDrop.Theme
12/08/2005  19:48    <DIR>          Luna
31/03/2003  12:00             1,222 Luna.theme
12/08/2005  23:38    <DIR>          StyleXP
06/11/2001  19:00             1,085 StyleXP.Theme
31/03/2003  12:00             3,025 Windows Classic.theme
               5 File(s)          7,507 bytes

 Directory of C:\WINDOWS\Resources\Themes\Community

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
24/01/2002  00:20         8,216,720 Community.msstyles
12/08/2005  23:38    <DIR>          shell
               1 File(s)      8,216,720 bytes

 Directory of C:\WINDOWS\Resources\Themes\Community\shell

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
12/08/2005  23:38    <DIR>          AikonXP
12/08/2005  23:38    <DIR>          Cupric
12/08/2005  23:38    <DIR>          Eclipse
12/08/2005  23:38    <DIR>          normalcolor
12/08/2005  23:38    <DIR>          ThemeXP
12/08/2005  23:38    <DIR>          WindowNET
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\Community\shell\AikonXP

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\Community\shell\Cupric

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
20/12/2003  23:18           356,407 shellstyle.dll
               1 File(s)        356,407 bytes

 Directory of C:\WINDOWS\Resources\Themes\Community\shell\Eclipse

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
22/01/2002  19:38           920,064 shellstyle.dll
               1 File(s)        920,064 bytes

 Directory of C:\WINDOWS\Resources\Themes\Community\shell\normalcolor

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
20/12/2003  23:18           362,496 shellstyle.dll
               1 File(s)        362,496 bytes

 Directory of C:\WINDOWS\Resources\Themes\Community\shell\ThemeXP

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\Community\shell\WindowNET

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\Coughdrop

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
07/01/2002  22:13        10,166,416 CoughDrop.msstyles
12/08/2005  23:38    <DIR>          shell
               1 File(s)     10,166,416 bytes

 Directory of C:\WINDOWS\Resources\Themes\Coughdrop\shell

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
12/08/2005  23:38    <DIR>          Berry
12/08/2005  23:38    <DIR>          Cherry
12/08/2005  23:38    <DIR>          Cinnamon
12/08/2005  23:38    <DIR>          Grape
12/08/2005  23:38    <DIR>          Licorice
12/08/2005  23:38    <DIR>          Lime
12/08/2005  23:38    <DIR>          normalcolor
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\Coughdrop\shell\Berry

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\Coughdrop\shell\Cherry

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\Coughdrop\shell\Cinnamon

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\Coughdrop\shell\Grape

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\Coughdrop\shell\Licorice

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\Coughdrop\shell\Lime

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\Coughdrop\shell\normalcolor

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna

12/08/2005  19:48    <DIR>          .
12/08/2005  19:48    <DIR>          ..
31/03/2003  12:00         4,186,256 luna.msstyles
12/08/2005  19:41    <DIR>          Shell
               1 File(s)      4,186,256 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell

12/08/2005  19:41    <DIR>          .
12/08/2005  19:41    <DIR>          ..
12/08/2005  19:48    <DIR>          Homestead
12/08/2005  19:48    <DIR>          Metallic
12/08/2005  19:47    <DIR>          NormalColor
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead

12/08/2005  19:48    <DIR>          .
12/08/2005  19:48    <DIR>          ..
31/03/2003  12:00           362,496 shellstyle.dll
               1 File(s)        362,496 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic

12/08/2005  19:48    <DIR>          .
12/08/2005  19:48    <DIR>          ..
31/03/2003  12:00           362,496 shellstyle.dll
               1 File(s)        362,496 bytes

 Directory of C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor

12/08/2005  19:47    <DIR>          .
12/08/2005  19:47    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\StyleXP

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
12/08/2005  23:38    <DIR>          shell
20/12/2003  23:18         6,062,224 StyleXP.msstyles
               1 File(s)      6,062,224 bytes

 Directory of C:\WINDOWS\Resources\Themes\StyleXP\shell

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
12/08/2005  23:38    <DIR>          Kiwi
12/08/2005  23:38    <DIR>          Mulberry
12/08/2005  23:38    <DIR>          normalcolor
12/08/2005  23:38    <DIR>          Raspberry
12/08/2005  23:38    <DIR>          Spearmint
12/08/2005  23:38    <DIR>          Watermelon
               0 File(s)              0 bytes

 Directory of C:\WINDOWS\Resources\Themes\StyleXP\shell\Kiwi

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\StyleXP\shell\Mulberry

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\StyleXP\shell\normalcolor

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\StyleXP\shell\Raspberry

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\StyleXP\shell\Spearmint

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

 Directory of C:\WINDOWS\Resources\Themes\StyleXP\shell\Watermelon

12/08/2005  23:38    <DIR>          .
12/08/2005  23:38    <DIR>          ..
31/03/2003  12:00           361,472 shellstyle.dll
               1 File(s)        361,472 bytes

     Total Files Listed:
              31 File(s)     37,148,106 bytes
              92 Dir(s)   9,850,511,360 bytes free



Volume in drive C has no label.
 Volume Serial Number is 44C8-CEC2

 Directory of C:\WINDOWS\Resources\Themes\Luna

31/03/2003  12:00         4,186,256 luna.msstyles
               1 File(s)      4,186,256 bytes



Heres the 2 documents you wanted,thanks for helping, this things been driving me crazy!!

lol iam thinkin you were wanting samui to download that luna thing, since its all about themes. Ah Well

6
Tech Clinic / can't shift this Spy Axe thing, anyone facy a crack at it
« on: January 03, 2006, 08:08:22 PM »
Hi there, iam having the same problem, ive tried everything to get rid of this bastarding thing! Everything i was told on other sites never worked. This is basically my last hope or iam gonna have to reformat my HD.

guestolo if you can help me out, id be very thankful. Heres the hijackthis log, i didnt try fixing anything after i ran it.

Logfile of HijackThis v1.99.1
Scan saved at 01:02:44, on 04/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Common Files\AOL\1134775075\ee\AOLHostManager.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\AOL\1134775075\ee\AOLServiceHost.exe
c:\program files\common files\aol\1134775075\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1134775075\ee\AOLServiceHost.exe
C:\Program Files\AOL 9.0\wEmail Removedexe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sloan\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.loddmlimymqj.com/P0X7QCer/NVkpI...joXUKDqVJcA.cgi
O2 - BHO: (no name) - {A102D4FE-0186-4B34-5018-64356CDE7FF3} - C:\DOCUME~1\Sloan\APPLIC~1\LOGO32\Dog Proc.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O5 "LPT1:" /M "Stylus C66"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P32 "EPSON Stylus C66 Series (Copy 1)" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134775075\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Proconethunknoun] C:\Documents and Settings\All Users\Application Data\Warn part proc one\Ref Trust.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [metalove] C:\DOCUME~1\Sloan\APPLIC~1\KNOBST~1\Bird 16 Cdrom.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.Email Removed.uk/computercheckup/qdiagcc.cab\' target=\'_blank\' rel=\'nofollow\'>http://aolcc.aolsvc.Email Removed.uk/computercheckup/qdiagcc.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C567934-E724-4573-85B9-09C75155BC87}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Pages: [1]