« previous next »
Pages: [1]

Author Topic: got SPY AXE'd !!! ouch  (Read 1815 times)

Offline vectorman

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
got SPY AXE'd !!! ouch
« on: December 31, 2005, 01:55:59 PM »
nasty hijacker with the little yellow triangle & popup balloon "System Alert: Adware & Spyware"
MS AntiSpyware beta sees it and tries to remove, but it keeps reloading itself. Also blocks all search engine ie Google, Yahoo etc with apopup box.  Plus hijacks Homepage with bogus antispyware ad.  It seems to get worse over time..     http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> help...

here's my log file...

Logfile of HijackThis v1.99.1
Scan saved at 1:31:11 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a....1&bm=ho_search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a....1&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp4AB.tmp
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB002" /M "Stylus CX4600"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/cli...LDownloader.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSI...bnailFrame.html
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.solidworks.com/plugins/edrawing...cfm?Release=rel
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135823853718
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Software/PCSoftwar...1000/isetup.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
got SPY AXE'd !!! ouch
« Reply #1 on: December 31, 2005, 02:17:35 PM »
==Download and Install
Windows Cleanup! 4.0
Don't run this yet,

Download SmitRem.exe by Noahdfear and save the file to your desktop.
Don't run it yet

Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Save the rest of these instructions to a Notepad file saved to your desktop or Print them out for use in safe mode

I need you too disable Microsoft AntiSpyware realtime protections so it won't interfere at any time with the fixes we are going to do
Open Microsoft AntiSpyware.
Click on Options>>Settings
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

SpySubtract: If it has the same type of protections, can you disable able them too and then shut down SpySubtract

Afterwards
Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp4AB.tmp


After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
If the system restarts back to Normal mode you will have to do it again

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Double click on SmitRem.exe to extract it to it's own folder on the desktop.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish. Remain in safe mode

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Reboot back to Normal mode

NOTE: You will have to reset your background in Display properties
XP users using the XP theme may experience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.

Can you post back the following please

1. Post back a fresh hijackthis log
2. Post the whole contents of the Ewido report
3. Post the Whole log made from SmitRem located here C:\Smitfiles.txt
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline vectorman

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
got SPY AXE'd !!! ouch
« Reply #2 on: December 31, 2005, 09:58:05 PM »
It's another Festivus Miracle!!!
Looks like it's Kaput!  Thank you very much.

here's the new hijackthis log,  Ewido and SmitRem reports:

Logfile of HijackThis v1.99.1
Scan saved at 7:03:40 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
c:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a....1&bm=ho_search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a....1&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB002" /M "Stylus CX4600"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/cli...LDownloader.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSI...bnailFrame.html
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.solidworks.com/plugins/edrawing...cfm?Release=rel
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135823853718
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Software/PCSoftwar...1000/isetup.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

ÿþ- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
   e w i d o   a n t i - m a l w a r e   -   S c a n   r e p o r t
 
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 
 
   +   C r e a t e d   o n :             6 : 2 1 : 0 0   P M ,   1 2 / 3 1 / 2 0 0 5
 
   +   R e p o r t - C h e c k s u m :         7 0 E 1 D 0 3 F
 
 
 
   +   S c a n   r e s u l t :
 
 
 
     H K L M \ S O F T W A R E \ C l a s s e s \ I n t e r f a c e \ { 1 6 0 9 7 0 3 6 - 8 9 4 C - 4 C 0 0 - A 6 1 F - 9 3 C A 0 D 4 9 A 7 0 E }   - >   S p y w a r e . T O P i c k s   :   C l e a n e d   w i t h   b a c k u p
 
     H K L M \ S O F T W A R E \ C l a s s e s \ I n t e r f a c e \ { 2 E D 5 A F 9 8 - 9 2 5 8 - 4 5 B A - B 7 9 B - 0 6 6 2 5 C 9 2 F 6 6 2 }   - >   S p y w a r e . T O P i c k s   :   C l e a n e d   w i t h   b a c k u p
 
     H K L M \ S O F T W A R E \ C l a s s e s \ I n t e r f a c e \ { 7 0 0 D C 0 D D - F 4 0 9 - 4 2 E 0 - 9 D E 5 - 2 1 E E 1 A 2 B A 9 F D }   - >   S p y w a r e . T O P i c k s   :   C l e a n e d   w i t h   b a c k u p
 
     H K L M \ S O F T W A R E \ C l a s s e s \ I n t e r f a c e \ { C 9 1 E 8 9 2 6 - D 4 B E - 4 6 8 5 - 9 9 F 4 - 0 D 9 9 6 B 9 6 B A C 0 }   - >   S p y w a r e . P 2 P N e t w o r k i n g   :   C l e a n e d   w i t h   b a c k u p
 
     H K L M \ S O F T W A R E \ C l a s s e s \ I n t e r f a c e \ { F D 4 2 F 6 D 3 - 7 A B 1 - 4 7 0 C - 9 7 9 B - 7 9 9 6 E D C 9 9 0 9 9 }   - >   S p y w a r e . T O P i c k s   :   C l e a n e d   w i t h   b a c k u p
 
     H K L M \ S O F T W A R E \ C l a s s e s \ T y p e L i b \ { F 7 2 0 B 4 0 F - 3 A 3 8 - 4 B 2 2 - B 3 0 D - D C F 0 9 5 D 4 2 4 9 8 }   - >   S p y w a r e . P 2 P N e t w o r k i n g   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ D o c u m e n t s   a n d   S e t t i n g s \ B r a d \ A p p l i c a t i o n   D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ f i l e \ D u m m y . c l a s s - 2 b f c 9 e 1 0 - 6 c 1 8 2 8 d 6 . c l a s s   - >   T r o j a n . C l a s s L o a d e r . D u m m y . d   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ D o c u m e n t s   a n d   S e t t i n g s \ c u s t o m e r \ A p p l i c a t i o n   D a t a \ M o z i l l a \ P r o f i l e s \ d e f a u l t \ m 1 8 b p x 0 x . s l t \ C a c h e \ A B E 0 3 9 6 1 d 0 1   - >   S p y w a r e . B o o k e d S p a c e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ D o c u m e n t s   a n d   S e t t i n g s \ c u s t o m e r \ A p p l i c a t i o n   D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ f i l e \ C o u n t e r . c l a s s - 7 6 2 d 7 2 2 b - 7 6 0 4 1 9 f 7 . c l a s s   - >   D o w n l o a d e r . S m a l l . w v   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ i n s t a l l . c a b / w i n d e c 3 2 . d l l   - >   S p y w a r e . i L o o k u p   :   E r r o r   d u r i n g   c l e a n i n g
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ 1 A 9 0 D 4 C 0 - 4 2 6 B - 4 9 6 0 - 9 C F E - E B F A C 3 \ 7 3 2 8 3 3 8 4 - D 0 2 E - 4 5 5 9 - A 7 B 4 - 6 0 A A 5 E   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ 2 3 1 A D 2 1 7 - 5 8 E 7 - 4 8 2 8 - 9 C B E - D 5 3 C 4 E \ F 1 D 9 8 E 0 0 - 7 0 A E - 4 7 D 3 - 8 1 6 B - D 9 A 3 9 E   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ 2 7 5 B B 3 6 E - C D C B - 4 D 8 6 - B 9 E C - 9 E D 9 0 1 \ F 1 B 6 D 5 9 3 - D 8 D 1 - 4 6 3 2 - B 8 D 5 - E 6 E 3 0 D   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ 2 A 6 F 7 7 A 8 - B 6 9 4 - 4 D C 9 - B 4 A 5 - 8 C E 4 2 6 \ 8 B 1 4 4 8 D A - C E 8 A - 4 8 B 2 - 9 C 9 F - 3 3 7 7 E 6   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ 3 0 F A 6 6 9 D - 3 5 B E - 4 3 7 8 - B A 6 D - 8 0 6 9 6 6 \ C 4 0 6 2 9 D 7 - 0 3 B 9 - 4 9 D B - 9 9 2 C - D 0 3 6 5 9   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ 3 A 7 D 2 2 E A - 5 0 3 7 - 4 D 5 C - 8 9 1 3 - 6 B 3 5 B 2 \ D A 3 0 5 9 E A - 5 3 4 4 - 4 6 A B - B 3 A 8 - 1 7 6 6 D 5   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ 5 B A B 1 4 3 1 - 8 A 2 4 - 4 F C 5 - 8 C 8 E - F 4 B 9 B 6 \ 6 2 7 7 F 4 F 0 - 9 9 B 0 - 4 1 6 7 - B 2 0 3 - 2 4 2 C 9 A   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ 6 0 A 7 7 3 6 4 - 4 7 3 5 - 4 9 3 F - 9 A B A - 1 0 1 9 5 4 \ C 6 2 3 5 0 A 3 - 9 4 B D - 4 4 7 5 - 8 B 9 4 - D 6 C F 4 5   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ 7 2 C A A 1 F 6 - 1 2 9 1 - 4 8 5 4 - A B 4 1 - 4 7 0 2 D 3 \ B 7 D 0 1 D 8 7 - E F B D - 4 7 F 9 - A 5 7 7 - D B F A A 5   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ 7 4 B 8 9 7 F F - 7 3 D 2 - 4 A 2 6 - B 2 3 F - C C D 6 B 8 \ D E 9 9 F 4 D 9 - D 7 5 C - 4 7 A 8 - B 9 4 8 - B D B 0 6 0   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ 7 C B 9 E 1 6 4 - 7 7 B 2 - 4 A F C - A D E 1 - 3 D 9 D 9 4 \ 7 9 9 6 E 9 7 7 - E 5 E 9 - 4 B 8 A - 9 F 0 6 - 3 D D 3 6 C   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ 9 F 0 3 9 7 4 B - B 8 A E - 4 7 6 6 - A 6 6 0 - 5 2 8 F 5 D \ 8 4 7 9 9 C 0 A - 3 2 F E - 4 2 3 B - 9 6 5 5 - A 9 5 B D 9   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ A 1 6 C 3 6 E 7 - F 8 D E - 4 D 9 E - A 4 4 7 - B E 9 1 0 D \ B 8 5 D 0 1 9 4 - 1 1 A 0 - 4 F A D - A B 8 A - 9 0 F E 0 B   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ A 3 B E 5 D 4 6 - 5 2 D 3 - 4 3 1 6 - 8 2 C E - 8 0 4 A 1 3 \ 3 8 3 7 E 1 0 2 - 5 D F 5 - 4 C A A - 9 9 D C - 1 7 2 7 5 B   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ A 9 A C 8 3 7 F - 5 E A 4 - 4 3 E F - 9 5 4 B - 8 C A 6 A 8 \ 8 E 8 8 5 4 E F - D 0 3 9 - 4 6 3 2 - 9 0 4 F - E D 9 6 5 8   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ B F 5 C 4 F 9 9 - B C F 7 - 4 3 7 9 - B 4 6 5 - C 4 B 1 F B \ 6 1 C 0 B 2 C D - C E 1 7 - 4 6 2 8 - 8 0 2 3 - 9 8 6 D B D   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ D 7 5 9 C 1 6 A - F B 0 9 - 4 C E 3 - 8 C B 9 - 9 C 2 A A 3 \ 1 4 0 D 6 9 B 2 - 2 D 9 8 - 4 2 4 6 - 9 1 3 7 - C 5 9 8 1 F   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ E C 3 9 8 6 9 0 - 5 F 1 5 - 4 2 B A - 8 D A E - E 1 6 7 F 5 \ 0 5 1 1 0 B 4 B - D 5 6 0 - 4 3 B 2 - 9 A 2 6 - 3 0 2 4 B 0   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ F 5 4 3 E 8 0 F - 9 8 E 6 - 4 D F 2 - B D 2 E - E 7 E A 4 0 \ 3 C F E 2 E F E - 8 1 A 6 - 4 1 8 6 - 9 1 B C - D 3 3 D 2 5   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ F 7 F 1 E D 5 9 - 1 3 6 4 - 4 F 8 1 - B C 6 E - D 9 0 6 C 2 \ F C 9 F 1 A D 7 - 3 5 1 7 - 4 0 2 C - 8 A E 8 - 7 A 5 3 7 C   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ M i c r o s o f t   A n t i S p y w a r e \ Q u a r a n t i n e \ F C 4 2 9 A A 3 - 1 A 8 0 - 4 A 3 D - B 5 4 8 - 4 1 0 D 7 7 \ 8 6 0 E 2 0 2 2 - C 0 D F - 4 3 4 E - B 9 7 2 - 8 7 B 7 B A   - >   A d w a r e . S p y a x e   :   C l e a n e d   w i t h   b a c k u p
 
     C : \ P r o g r a m   F i l e s \ S u p p o r t ( 3 ) . c o m \ b a c k u p ( 2 ) \ f c \ f c z b b e x g . e x e \ 5 6 3 2 _ 5 a 5 e d a 8 9 1 _ / f c z b b e x g . e x e   - >   D o w n l o a d e r . S m a l l . k m   :   E r r o r   d u r i n g   c l e a n i n g
 
     C : \ P r o g r a m   F i l e s \ S u p p o r t ( 3 ) . c o m \ b a c k u p ( 2 ) \ k s \ k s l k m c a . e x e \ 5 6 3 2 _ 5 a 5 7 b 2 3 7 1 _ / k s l k m c a . e x e   - >   D o w n l o a d e r . S m a l l . k m   :   E r r o r   d u r i n g   c l e a n i n g
 
 
 
 
 
 : : R e p o r t   E n d



   smitRem © log file
     version 2.8

     by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Sat 12/31/2005
The current time is: 16:10:27.65

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 checking for ShudderLTD key

ShudderLTD key not present!

 checking for PSGuard.com key


PSGuard.com key not present!


 checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Existing Pre-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~

Security Troubleshooting.url


 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~

wbeconm.dll
1024 dir
msvol.tlb
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
hp***.tmp
logfiles


 ~~~ Icons in System32 ~~~

ot.ico


 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~


 ~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1600 'explorer.exe'

Starting registry repairs

Deleting files


   Remaining Post-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~



 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~



 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~



 ~~~ Miscellaneous Files/folders ~~~




 ~~~ Wininet.dll ~~~

 CLEAN! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
got SPY AXE'd !!! ouch
« Reply #3 on: January 01, 2006, 12:46:05 PM »
DON'T like the format of the Ewido log
Go to START>>RUN, copy and paste the following commands into the open field then hit OK

regsvr32 /u "C:\Windows\System\windec32.dll"

regsvr32 /u "C:\install.cab/windec32.dll"

Delete these files if found
C:\Windows\System\windec32.dll
C : \ i n s t a l l . c a b / w i n d e c 3 2 . d l l

These ones may be in SpySubtracts backup folder
 C : \ P r o g r a m F i l e s \ S u p p o r t ( 3 ) . c o m \ b a c k u p ( 2 ) \ f c \ f c z b b e x g . e x e \ 5 6 3 2 _ 5 a 5 e d a 8 9 1 _ / f c z b b e x g . e x e - > D o w n l o a d e r . S m a l l . k m : E r r o r d u r i n g c l e a n i n g

C : \ P r o g r a m F i l e s \ S u p p o r t ( 3 ) . c o m \ b a c k u p ( 2 ) \ k s \ k s l k m c a . e x e \ 5 6 3 2 _ 5 a 5 7 b 2 3 7 1 _ / k s l k m c a . e x e - > D o w n l o a d e r . S m a l l . k m : E r r o r d u r i n g c l e a n i n g

You can clear the backups if everything is running well

Let me know how the above goes
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline vectorman

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
got SPY AXE'd !!! ouch
« Reply #4 on: January 02, 2006, 10:44:08 AM »
guestolo:

you wrote...

DON'T like the format of the Ewido log
Go to START>>RUN, copy and paste the following commands into the open field then hit OK

regsvr32 /u "C:\Windows\System\windec32.dll"        
regsvr32 /u "C:\install.cab/windec32.dll"

I get the following error msg when I try to run the above commands:
Load Library("C:\Windows\System\windec32.dll"  failed -  The specified module could not be found."
Load Library("C:\install.cab/windec32.dll" failed -  The specified module could not be found."



Delete these files if found
C:\Windows\System\windec32.dll    ---    CANNOT FIND THIS FILE
C : \ i n s t a l l . c a b / w i n d e c 3 2 . d l l  ---  I DO FIND THIS FILE

I did not yet delete the C:\i n s t a l l . c a b / w i n d e c 3 2 . d l l
I wanted to post this info first.

I now have an issue with Office XP in that it will not start and I get a prompt that I need to insert the Office XP disc.  (which I cannot find right now, but know it's here somewhere)

Plus, I'm getting a Windows Automatic Update popup saying I need to install Windows Service Pack 3
I've looked a MS windows update page and Office XP update page and don't see where there is a Service Pack 3.

Could this be bogus?


Thanks
vectorman
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
got SPY AXE'd !!! ouch
« Reply #5 on: January 02, 2006, 02:10:18 PM »
Yes, go ahead and delete this
C : \ i n s t a l l . c a b / w i n d e c 3 2 . d l l

I assume that Microsoft is notifying you about Office update SP3
for Office 2000
http://www.microsoft.com/downloads/details...&DisplayLang=en
« Last Edit: January 02, 2006, 02:22:21 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »