I have also read other posts where some people faced the same problem, but I am a real noobie when it comes to computers, for example what is a hijack list? Can u plz help me step by step. Plz..
Spyaxe toolbar popup
Started by
Computer_Noob
, Nov 19 2005 03:27 AM
#1
Posted 19 November 2005 - 03:27 AM
I have also read other posts where some people faced the same problem, but I am a real noobie when it comes to computers, for example what is a hijack list? Can u plz help me step by step. Plz..
#3
Posted 24 November 2005 - 12:09 AM
Hey OwNt. Thnk you, for your help. So far im just doing step 2, but the results hav been really great, I never knew I had so much malware on my comp . As soon as I finish I will reply back. Thnks again
#4
Posted 27 November 2005 - 03:28 AM
K here it is:
Logfile of HijackThis v1.99.1
Scan saved at 8:27:00 PM, on 11/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\WINDOWS\System32\carpserv.exe
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\Program Files\SpyAxe\spyaxe.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\SpyAxe\spyaxe.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Unwired\UwSCT.exe
D:\WINDOWS\System32\conime.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\FlashGet\flashget.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis.exe
O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - D:\WINDOWS\System32\hpB763.tmp (file missing)
O2 - BHO: D:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B712} - D:\WINDOWS\adsldpbd.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [JVM0.12] D:\WINDOWS\System32\eublhdr.exe
O4 - HKLM\..\Run: [tibs3] D:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [Msn Configuration Loader] msngms.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [sp] rundll32 D:\WINDOWS\TEMP\se.dll,DllInstall
O4 - HKLM\..\Run: [SpyAxe] D:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Msn Configuration Loader] msngms.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Msn Configuration Loader] msngms.exe
O4 - Global Startup: Launchpad.lnk = D:\Program Files\Unwired\UwSCT.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O12 - Plugin for .mid: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: gs - D:\WINDOWS\adsldpbd.dll
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: st3 - D:\WINDOWS\system32\st3.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - D:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 8:27:00 PM, on 11/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\WINDOWS\System32\carpserv.exe
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\Program Files\SpyAxe\spyaxe.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\SpyAxe\spyaxe.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Unwired\UwSCT.exe
D:\WINDOWS\System32\conime.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\FlashGet\flashget.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis.exe
O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - D:\WINDOWS\System32\hpB763.tmp (file missing)
O2 - BHO: D:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B712} - D:\WINDOWS\adsldpbd.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [JVM0.12] D:\WINDOWS\System32\eublhdr.exe
O4 - HKLM\..\Run: [tibs3] D:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [Msn Configuration Loader] msngms.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [sp] rundll32 D:\WINDOWS\TEMP\se.dll,DllInstall
O4 - HKLM\..\Run: [SpyAxe] D:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Msn Configuration Loader] msngms.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Msn Configuration Loader] msngms.exe
O4 - Global Startup: Launchpad.lnk = D:\Program Files\Unwired\UwSCT.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O12 - Plugin for .mid: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: gs - D:\WINDOWS\adsldpbd.dll
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: st3 - D:\WINDOWS\system32\st3.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - D:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe (file missing)
#5
Posted 27 November 2005 - 05:08 AM
Hi Computer_Noob...
You need to start a topic in theMalware Forum and post an HJT log there...
Be patient, the Malware Forum is a very busy place and a two or three day wait is not unusual. DO NOT REPLY TO OR BUMP YOUR OWN LOG. If it shows a reply it may be overlooked as one that is being worked on.
If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.
wannabe1
You need to start a topic in theMalware Forum and post an HJT log there...
Be patient, the Malware Forum is a very busy place and a two or three day wait is not unusual. DO NOT REPLY TO OR BUMP YOUR OWN LOG. If it shows a reply it may be overlooked as one that is being worked on.
If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.
wannabe1
#6
Posted 07 December 2005 - 05:36 PM
IM still having problems. HELP!
#7
Posted 08 December 2005 - 12:20 PM
Computer_Noob...
Go HERE and download Service Pack 2 for Windows XP, choose the option to "Save it to Disk". Once downloaded, copy the file to a CD-R. Place it in the CD-ROM drive of the computer to be updated, navigate to the file and double click on it.
This should install the latest Service Pack to your machine...you can then finish up in the Malware Forum.
wannabe1
Go HERE and download Service Pack 2 for Windows XP, choose the option to "Save it to Disk". Once downloaded, copy the file to a CD-R. Place it in the CD-ROM drive of the computer to be updated, navigate to the file and double click on it.
This should install the latest Service Pack to your machine...you can then finish up in the Malware Forum.
wannabe1
Edited by wannabe1, 08 December 2005 - 12:27 PM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users