spyaxe problem Hijackthis log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

petecaf

Thread Starter
Joined
May 18, 2004
Messages
47
how do I remove all these problems. I was never issued windows discs with my computer. Instead windows was kind enough to explain the system restore feature. I would rather reinstall windows on a fresh harddrive than keep fighting my spyware/virus issues. please help me out.



Logfile of HijackThis v1.99.1
Scan saved at 7:09:52 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SpyAxe\spyaxe.exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\Documents and Settings\rollo tomasi\Desktop\Antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qpvsd.dll/sp.html#77035%
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xyudh.dll/sp.html#77035%
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qpvsd.dll/sp.html#77035%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qpvsd.dll/sp.html#77035%
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qpvsd.dll/sp.html#77035%
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qpvsd.dll/sp.html#77035%
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qpvsd.dll/sp.html#77035%
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp5E0E.tmp
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [d3nk.exe] C:\WINDOWS\d3nk.exe
O4 - HKLM\..\Run: [F2.tmp] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\F2.tmp.exe
O4 - HKLM\..\Run: [F3.tmp] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\F3.tmp.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\per.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [F3.tmp.exe] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\F3.tmp.exe
O4 - HKLM\..\Run: [FA.tmp] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\FA.tmp.exe
O4 - HKLM\..\Run: [F2.tmp.exe] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\F2.tmp.exe
O4 - HKLM\..\Run: [FA.tmp.exe] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\FA.tmp.exe
O4 - HKLM\..\Run: [6.tmp] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\6.tmp.exe
O4 - HKLM\..\Run: [11.tmp] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\11.tmp.exe
O4 - HKLM\..\Run: [6.tmp.exe] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\6.tmp.exe
O4 - HKLM\..\Run: [11.tmp.exe] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\11.tmp.exe
O4 - HKLM\..\Run: [28.tmp] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\28.tmp.exe
O4 - HKLM\..\Run: [D.tmp] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\D.tmp.exe
O4 - HKLM\..\Run: [28.tmp.exe] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\28.tmp.exe
O4 - HKLM\..\Run: [D.tmp.exe] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\D.tmp.exe
O4 - HKLM\..\Run: [17.tmp] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\17.tmp.exe
O4 - HKLM\..\Run: [17.tmp.exe] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\17.tmp.exe
O4 - HKLM\..\Run: [24.tmp] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\24.tmp.exe
O4 - HKLM\..\Run: [24.tmp.exe] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\24.tmp.exe
O4 - HKLM\..\Run: [38.tmp] C:\DOCUME~1\ROLLOT~1\LOCALS~1\Temp\38.tmp.exe
O4 - HKLM\..\Run: [atlfp.exe] C:\WINDOWS\atlfp.exe
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKLM\..\RunOnce: [atlhq.exe] C:\WINDOWS\atlhq.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\appla32.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Click here to download smitRem.exe:

http://noahdfear.geekstogo.com/click counter/click.php?id=1

*Save the file to your desktop.
*It is a self extracting file.
*Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
*Do not do anything with it yet. You will run the RunThis.bat file later in safe mode


Download the trial version of Ewido Security Suite:

http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

*Launch ewido
*It will prompt you to update click the OK button and it will go to
the main screen
*On the left side of the main screen click update
*Click on Start and let it update.

*DO NOT run a scan yet. You will do that later in safe mode.

* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

* Restart your computer into safe mode now. Perform the following steps in safe mode:

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.

Wait for the tool to complete and disk cleanup to finish.

* Run Ewido:

*Click on scanner
*Click Complete System Scan and the scan will begin.
*During the scan it will prompt you to clean files, click OK
*When the scan is finished, look at the bottom of the screen and click the Save report button.
*Save the report to your desktop

* Go to Control Panel > Internet Options. Click on the Programs tab, then click the "Reset Web Settings" button. Click Apply then OK.

* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.

* Restart back into Windows normally now.

* Run ActiveScan online virus scan
http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.

- Save the results from the scan to the desktop!

Post a new HijackThis log along with the results from ActiveScan and Ewido.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top