# Need Help Now



## Hello

Long story short, I was talking to this son of a bitch on AIM, we were aurging, he tried to send me a file transfer..I just tried to warn him..but it didnt allow warm. He tried again, and I once again did what I did before..he wanted to direct connect, so I did. He sent this file about 21kb. I right clicked open like an idiot. It said something..i forget...like..log off Aim to do something or I dunno. I signed off, and it says want to end this transfer? I clicked End..I never had that before..The kid told me to get rid of it to sign off..then on..I did..but then after I did few mins later he got my PW..he showed it to me..he was right..I am so pissed..he logged onto my AIM, and named shit on my comp...I ran my virus scanner and it picked it up as a High Allert and it was "Instant Access". < That's what it was called..


WTF?


----------



## Buzz1927

Download Hijackthis from here. Unzip it to its own folder, run and select "scan and save logfile". Post the log here.


----------



## Hello

Buzz1927 do you have AIM or MSN? I tried to PM it to you, but it's to long.


----------



## Praetor

> Post the log here.


----------



## Hello

*Here's The Log!*



Logfile of HijackThis v1.99.1
Scan saved at 3:29:53 PM, on 6/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Cursors\lsass.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM+\AIM+.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Ey\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ShowBarObj Class - {79A002FB-C126-462D-B4A7-81D6B42D1666} - C:\Program Files\ZUM\acrbat.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: VisuExplorer - {92E1B3F7-0546-421E-9835-904D25B7BA66} - C:\WINDOWS\system32\msiev32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.232.142.131/activex/AxisCamControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


----------



## Byteman

first download and run AIM Fix .  Then run through the steps in the sticky , you have spyware to kill as well as the virus.  After your done, scan and post another HijackThis log.


----------



## Hello

*Aim Log*


AIMFix version 1.2.052405.5

***Any viruses removed will be listed below***
Process aim.exe found
Process aim.exe killed


*2nd HighJackThis Log *

Logfile of HijackThis v1.99.1
Scan saved at 4:37:26 PM, on 6/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Cursors\lsass.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\WordPerfect Office 12\Programs\wpwin12.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\John Ey\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\\system32\userinit.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ShowBarObj Class - {79A002FB-C126-462D-B4A7-81D6B42D1666} - C:\Program Files\ZUM\acrbat.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: VisuExplorer - {92E1B3F7-0546-421E-9835-904D25B7BA66} - C:\WINDOWS\system32\msiev32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.232.142.131/activex/AxisCamControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


----------



## Drastik

Hello said:
			
		

> idiot.



Too right.




			
				Hello said:
			
		

> WTF?



Excatly, can someone say grammer?


----------



## Hello

Drastik said:
			
		

> Too right.
> 
> 
> 
> 
> Excatly, can someone say grammer?



Go **** off? Don't post if it's going to be useless. Faggot.


----------



## Buzz1927

Drastik, if you can't post anything useful, don't post at all.


----------



## Byteman

First off, check the following entries and have HJT fix them:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: ShowBarObj Class - {79A002FB-C126-462D-B4A7-81D6B42D1666} - C:\Program Files\ZUM\acrbat.dll
O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: VisuExplorer - {92E1B3F7-0546-421E-9835-904D25B7BA66} - C:\WINDOWS\system32\msiev32.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.232.142.131/activex/AxisCamControl.cab

Then, still in HJT, go to the misc tools section and click the "Delete File on Reboot" button. Browse to the followin files and select them individually. When it asks to reboot, say no and goto the next file until you got them all:

C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
C:\Program Files\ZUM\acrbat.dll
C:\WINDOWS\system32\winvbie.dll
C:\WINDOWS\system32\msiev32.dll

Then reboot to safemode (press F8 key while booting up), and delete the following whole folders!

C:\Program Files\MyWaySA
C:\Program Files\MyWay
C:\Program Files\ZUM

Reboot normal and let us know if things are back to normal


----------



## Hello

It has been normal ever since I scanned it with my virus scanner. I will see if anything else happens.


----------



## Drastik

Hello said:
			
		

> Go **** off? Don't post if it's going to be useless. Faggot.



Woah woah chill it was a joke


----------



## Knight

Sad how children these days use such foul language. Now you learned a lesson on the internet. What lesson is it you ask? Don't have such a short temper and start stuff with people (shown in the comment made to Drastik who was meerely trying to crack a joke ). I hope your computer problem is fixed though! Any more questions, just post


----------



## Praetor

Drastik you've been around long enough to know better. Regardless, the point's been made and Hello -- perhaps you can take yer own advice as per post #9. 

In any case, lets' get back on topic.


----------



## Byteman

agreed, but i think the topic is ended since he solved his problem, and apparently wants to keep his spyware.


----------



## Hello

Guy is still on here. IM'ed me yesterday with my new PW that I changed like 3 times, and mom's and sister's PW.


----------



## Buzz1927

Get Zonealarm firewall. This will ask anytime there is an attempted connection in or out of your pc.


----------



## Byteman

> Get Zonealarm firewall. This will ask anytime there is an attempted connection in or out of your pc.



for sure! and run the aimfix tool again as well.


----------



## Hello

Byteman, can you go over my log again? The stuff you say I should delete I will. And the first time he told me he hacked in, I ran my virus stuff, and it said about this Instant Access. Now its back on, with someone else. This bastard is really pissing me off. Really needing some help guys. He said "it's on for good".


----------



## Byteman

hold on here! I just notice (can't beleive i overlooked it). You're not running any antivirus software are you?  If not, download and update AVG, it's free:
http://free.grisoft.com/doc/2/lng/us/tpl/v5

Did a bit of research on the dialers, please go to the following links and follow their removal instructions and post back.   

Intant acces
http://securityresponse.symantec.com/avcenter/venc/data/dialer.instantaccess.html
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074268

Dapsol Dialer
http://securityresponse.symantec.com/avcenter/venc/data/dialer.dapsol.html


----------



## Buzz1927

> (can't beleive i overlooked it)


Neither can I (haven't been following this thread too closely)


----------



## Hello

Byteman said:
			
		

> hold on here! I just notice (can't beleive i overlooked it). You're not running any antivirus software are you?  If not, download and update AVG, it's free:
> http://free.grisoft.com/doc/2/lng/us/tpl/v5
> 
> Did a bit of research on the dialers, please go to the following links and follow their removal instructions and post back.
> 
> Intant acces
> http://securityresponse.symantec.com/avcenter/venc/data/dialer.instantaccess.html
> http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074268
> 
> Dapsol Dialer
> http://securityresponse.symantec.com/avcenter/venc/data/dialer.dapsol.html


I don't think I am. I just have that Spyware Doctor that I took a screenshot of. I used AVG on my old comp. I am doing all that stuff now as I type this. But can't I just get Spyware Doctor to remove it? Why do I have to follow that? Just wondering..


----------



## Hello

Downloaded and running AVG, but am going to need a translation on what they mean on how to remove it..(the dialers). But I dunno if he is dialing numbers, he just got my PW's for AIM...


----------



## Byteman

cuz obviously it's not doing it good enough or it wouldn't come back.  You may also want to try using Microsoft antispyware instead of spyware doctor, (it's much better).  In fact, it is entirely possible that MS antispyware may be able to handle the dialers, (Im not sure, haven't run into those dialers before). Your choice, whether to try the MS or the removal instructions first.


----------



## Hello

I will never know if I get it away..I can just tell if he IM's me or get's on my screenname. That's why I am not going to change PW afain, because he'll probably just get it again like before. Oh ok lol. I didn't see that it gave you instructions for each step. That site is good..right?


----------



## Hello

1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. Scanning for and deleting the files 
Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files." 
Run a full system scan. 
If any files are detected as Adware.InstantAccess, click Delete.

What's my systamatic program? And wow, I have heard of Norton AntiVirus, but I don't think I have it..? That souds *so* filimar.


----------



## Buzz1927

Edit- posted same time


----------



## Byteman

Use your updated AVG when it talks about symantec.


----------



## Hello

So when it talks about Norton AntiVirus, that's my AVG? I wanna see what Norton's Logo is, I know I had that before.


----------



## Hello

It say's it deleted the 4 that it found, then I go to Virus Vault, and there's 4 there...delete them again..?


----------



## Byteman

correct, AVG and Norton are both antivirus programs, but you'll have to pay $ for Norton.

Edit: once in the vault, they are harmless, delete them if you wish.


----------



## Hello

Byteman, have AIM? MSN?


----------



## Byteman

no.

Try and follow the removal instructions substituting Norton with AVG.  Also, you may want to install the Microsoft Antispyware, update it and have it run a full scan as well.


----------



## Hello

Byteman said:
			
		

> Also, you may want to install the Microsoft Antispyware, update it and have it run a full scan as well.


Link? Is it free? And I even bought that Spyware Doctor for a year..guess it was a waste of money.


----------



## Byteman

No, not a waste, it's generally a good idea to have a couple anti-spyware programs.  MS is free, download it here:
http://www.majorgeeks.com/Microsoft®_Windows_AntiSpyware_d4466.html


----------



## Hello

Ok. I went to that dialer site, it was a porn site...but I am still worried about that guy. I doubt hes the runner of that porn site? That probably wasn't even his spyware..

EDIT: Download Locations:
Author's Site Author's Site
USA MajorGeeks 4 - |USA - TX|
USA MajorGeeks 3 - |USA - TX|
USA MajorGeeks 2 - |USA - GA|
USA MajorGeeks 1 - |USA - FL|
Australia Planet Mirror - |Australia|

Which do you think?


----------



## Byteman

doesn't really matter which one, hopefully the one nearest where you live.  I have to sign off for a while... Anymore questions, maybe buzz1927 can help answer.


----------



## Buzz1927

Hello.
Have you now got a firewall set up?


----------



## Hello

Yes. Just the windows one though.


----------



## Buzz1927

No good. Install either Zonealarm or Kerio if you go for Kerio (my choice) select "Advanced" during install, it lets you decide what comes in or out of your machine.


----------



## Hello

Now thats for *firewall* right? I now have 1 anti-virus thing, 2 anti-spyware things, 1 firewall (basic windows one). So download Kerio?


----------



## Buzz1927

Yes, or Zonealarm, read what I said about Kerio asking permission, as Zonealarm will do,  only allow what you know and expect, should sort nthe problem.


----------



## Hello

Ok. Thanks. I will download that when I have some time.


----------



## Buzz1927

As a matter of urgency??


----------



## Hello

Lol, I was just saying that for something to say. It's downloaded, but wow. Every damn time you try to go somewhere the thing pops up 54468468 times asking for permission. Even though you can set it to like, remember that for IE, and Firefox etc, so it wont ask you again. But still, I may set to regular. What do you think?


----------



## Buzz1927

Yeah, it's a pain to begin with, but after a day a two, you won't even notice it. Just check everything before ok'ing it.
(Sounds like Zonealarm, try kerio)


----------



## Hello

It's actually Kerio. I un-installed Kerio, and am gonna re-install. So you think I should do Advanced again? Even though I un-installed it to do the other one lol.


----------



## Byteman

You've had some viruses (AVG/aimfix have picked up), and spyware (dialers at a minimum).  Your AIM password has been compromised as well.

I suggest you get your system clean by using you AVG to run a FULL system scan, and also the MS antispyware, (a full scan, there's a "scan options" link below the "run scan now" button, goto more option and run a full scan).  Disconnect your internet connection from the back of your computer when you run the scans  (make sure AVG and MS antispyware are updated first).

After that, plug you Internet connection back in, and get that firewall software setup.  And yes it will ask you stuff for a few days. During those days, just get online to normal sites and email, no porn/gambling/filesharing for a few days, until you get all setup and things are running nice & happy.

After your firewall is installed, you *MUST * change your AIM password, (you'll hopefully be free from malware at that point).  Use a strong password (letters and numbers and symbols as well, at least 6 or 8 characters long,  That will make it VERY difficult for him to crack it).


----------



## Hello

Byteman said:
			
		

> You've had some viruses (AVG/aimfix have picked up), and spyware (dialers at a minimum).  Your AIM password has been compromised as well.


How do you know this?


----------



## Byteman

Viruses:
 - AIMFix log in post #7
 - 4 viruses in post #31
Spyware:
 - Graphic in post #20
Hacked Password: That's been the main reason for this entire thread.


----------



## Hello

Byteman said:
			
		

> Viruses:
> - AIMFix log in post #7
> - 4 viruses in post #31
> Spyware:
> - Graphic in post #20
> Hacked Password: That's been the main reason for this entire thread.


..?


----------



## Byteman

What's the status on your problems? still there?

As for your last post, that was in response to your question


> How do you know this?


----------



## Hello

Byteman said:
			
		

> What's the status on your problems? still there?


See, I will never know. Only if he sign's onto my AIM. Or show's me my PW by him IM'ing me. Current status is going to DL Kerio, and do the Advanced version again, and check things before I check that box that lets them go through all the time. For like IE, Firefox, etc.


----------



## Byteman

Just remember to make your AIM password a strong one! (alpha,numeric,with symbols, 6-8 characters long)


----------



## jbrown456

hold on, isn't spyware doctor spyware remover one of those spyware apps that places spyware on your computer just to say that it is finding stuff?
Or am i wrong?


----------



## Byteman

you can look here for rogue spyware programs...


----------



## jbrown456

ok thank you byteman


----------



## sidthereal

by the sound of things, i think the problem should be solved, by MS anti spyware, AVG and any other anti virus and a good firewall for precaution.
all which have been mentioned here, so its kinda puzzling, tht the problem is still persistant.


----------

