Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

please, please help me with spy axe

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby cowriles3 » December 13th, 2005, 1:48 pm

Well i'm not having any luck with that trendmiro.. it said it detected "MS04-27" and MS04-028" and that its "transferring more info about this vulnerability." I left it alone for like 6 hours and the page just seemed to freeze on that page (step 2).. just thought i'd let you know..

Thanks
cowriles3
Regular Member
 
Posts: 23
Joined: December 5th, 2005, 3:03 pm
Advertisement
Register to Remove

Unread postby AndyAtHull » December 13th, 2005, 3:24 pm

Don't worry about "MS04-27" and MS04-028". Trend Micro is detecting this because Microsoft Office, Microsoft FrontPage, Microsoft Publisher, or Microsoft Works Suite needs updating on the Microsoft site

Check for updates here - http://office.microsoft.com/en-us/default.aspx

Make sure you have your Office installation disk ready as it may need it to install some updates. Depending on what updates you require

Don't worry you are nearly clean. My reply back to you is currently getting reviewed by my teachers here. Stop Trend Micro all together. Basiclly it's just tidying up bits and pieces. :D

I will get back to you as soon as possible.
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby AndyAtHull » December 13th, 2005, 6:44 pm

Hi cowriles3, If you didn't read my previous post. This is what it said

Don't worry about "MS04-27" and MS04-028". Trend Micro is detecting this because Microsoft Office, Microsoft FrontPage, Microsoft Publisher, or Microsoft Works Suite needs updating on the Microsoft site

Check for updates here - http://office.microsoft.com/en-us/default.aspx

Make sure you have your Office installation disk ready as it may need it to install some updates. Depending on what updates you require

Don't worry you are nearly clean.


----------

Your log looks clean :D

Just need to delete a few files Trend Micro did not delete itself before I can give you the all clear.

----------

Reveal Hidden Files

  1. Click Start.
  2. Open My Computer.
  3. SelectTools menu
  4. Click Folder Options.
  5. Select the View Tab.
  6. Select Show hidden files and foldersin the Hidden files and folders section.
  7. Uncheck Hide protected operating system files (recommended) option.
  8. Uncheck the Hide file extensions for known file types option.
  9. Click Yes.
  10. Click OK.

----------

Click on My computer. Navigate to the folder shown in BOLD. Then delete the file in RED


* C:\Documents and Settings\All Users\Desktop\Online Security Center.url <-- For this one just look on your desktop and delete the red file.

* C:\Documents and Settings\CPR & CDT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-1a53859e-30a52231.zip[Dummy.class]

* C:\Documents and Settings\CPR & CDT\Local Settings\Temporary Internet Files\Content.IE5\N7P55L9M\sec1-adls[1].htm

If you have any problem deleting a file, right click the file and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the filename is in there, click End Process, then retry delete.
(Note the name and location of any file you cannot delete.)

If the folders cannot be found. Then do a search for the files in red. And delete.

----------

Click on My Computer and navigate to C:\Windows\Prefetch. In Prefetch delete ALL the files. But do not delete the folder itself.

----------

Download Ccleaner from HERE

1. Double click on the file to start the installation of the program.
2. Select your language and click OK, then next.
3. Read the license agreement and click I Agree.
4. Click next to use the default install location. Click Install then finish to complete installation.
5. Double click the CCleaner shortcut on the desktop to start the program.
6. On the "Windows" tab, under "Internet Explorer", uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
7. If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
8. Click on "Options" at the top of the window, then click on the "advanced" button.
9. Deselect "Only delete files in Windows Temp folders older than 48 hours". Click on "OK".
10.Click Run Cleaner to run the program.

Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.

After CCleaner has completed its process, click Exit.

----------
Restart your computer
----------

How is the running of your computer? Please let me know.

Post me a fresh HJT log in your reply so I can double check :)
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby cowriles3 » December 14th, 2005, 3:34 pm

Hey AndyHill,

I had a prob finding the last file to delete :C:\Documents and Settings\CPR & CDT\Local Settings\Temporary Internet Files\Content.IE5\N7P55L9M\sec1-adls[1].htm

When I did a search for it i used Content.IE5 and 6 other files came up when I clicked on the folder..
05E78TEZ
K5Y30X2V
KPA31CHQN
S91FG51V
DESKTOP.INI
INDEX.DAT

I searched under N7P55L9M and sec1-adls[1].htm and got nothing.. what do i do next?? move on or??

Thanks so much!
cowriles3
Regular Member
 
Posts: 23
Joined: December 5th, 2005, 3:03 pm

Unread postby AndyAtHull » December 14th, 2005, 3:53 pm

Did you show the Hidden Files? If you did, I would not worry about it.

Have you carried out the rest of the fix? Like cleaning out the Prefetch Folder and using Ccleaner? If not, please carry out those last few instructions and you are just about there.

Post a fresh HJT log in your next reply. :)
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby cowriles3 » December 14th, 2005, 7:01 pm

Here is the fresh HJT log.. My computer is still slower that it was before spyaxe appeared..

Logfile of HijackThis v1.99.1
Scan saved at 5:59:12 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1124921760\ee\AOLHostManager.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Documents and Settings\CPR & CDT\Desktop\security suite\ewidoctrl.exe
C:\Documents and Settings\CPR & CDT\Desktop\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1124921760\ee\AOLServiceHost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124921760\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\CPR & CDT\Desktop\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\CPR & CDT\Desktop\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
cowriles3
Regular Member
 
Posts: 23
Joined: December 5th, 2005, 3:03 pm

Unread postby AndyAtHull » December 14th, 2005, 7:10 pm

Your log looks clean. But however there may be applications we can uninstall to make your computer faster.

I would like to have an uninstall_list from HJT. Open up HijackThis. Click on Open Misc Tools section, then click on Open Uninstall manager. Then click on Save list to the right and save it to the desktop. It will save as uninstall_list.

Please post that uninstall_list in your next reply
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby cowriles3 » December 14th, 2005, 9:01 pm

Let me know what i can get rid of.. some of these i don't even use.. like th aol features..

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Explorer
AOL Instant Messenger
AOL Toolbar 2.0
Banctec Service Agreement
CCleaner (remove only)
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
ewido security suite
HijackThis 1.99.1
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Event Monitor
Modem Helper
Modem On Hold
Musicmatch for Windows Media Player
Panda ActiveScan
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy 1.4
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Viewpoint Media Player
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WordPerfect Office 12
cowriles3
Regular Member
 
Posts: 23
Joined: December 5th, 2005, 3:03 pm

Unread postby AndyAtHull » December 14th, 2005, 9:16 pm

If you wish to uninstall the AOL features, that is your choice. If you uninstall every feature. Make sure you delete the folder in Program Files.

Also uninstall WildTangent Web Driver. Click HERE for details. Make sure you delete its folder too C:\Porgram Files\WildTangent Web Driver.

Post me a fresh HJT log afterwards :D
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby cowriles3 » December 15th, 2005, 12:57 pm

how do i uninstall again?? i know stupid question to ask :lol:
cowriles3
Regular Member
 
Posts: 23
Joined: December 5th, 2005, 3:03 pm

Unread postby AndyAtHull » December 15th, 2005, 1:06 pm

No such thing as a stupid question here :D

Click on Start>Control Panel>Add/Remove>WildTangent Web Driver>Hightlight the application you are uninstalling and click Change/Remove. It will go through the process.

In your local drive C:\Program Files. Delete WildTangent Web Driver or WildTangent.

:D Then post me a fresh log
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby cowriles3 » December 15th, 2005, 2:26 pm

What do you suggest i remove to make my computer run a little faster

Logfile of HijackThis v1.99.1
Scan saved at 1:24:52 PM, on 12/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Documents and Settings\CPR & CDT\Desktop\security suite\ewidoctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Documents and Settings\CPR & CDT\Desktop\security suite\ewidoguard.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\AOL\1124921760\ee\AOLHostManager.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1124921760\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\macromed\flash\GetFlash.exe
C:\Program Files\Common Files\AOL\1124921760\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.java.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124921760\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\CPR & CDT\Desktop\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\CPR & CDT\Desktop\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
cowriles3
Regular Member
 
Posts: 23
Joined: December 5th, 2005, 3:03 pm

Unread postby AndyAtHull » December 15th, 2005, 2:43 pm

Your log looks clean. To make your system run faster you can do several things. You can get more memory installed on your computer. Also change McAfee as it can hog your resources. I see you have the full suite installed. Which is not a bad thing. As you have its Anti-Virus and Firewall. Most people don't even have a firewall. You can get for instance AVG as a anti-virus and use ZoneAlarm as a firewall. This will reduce the size all together. But if you do decide to get a different Anti-Virus. I would have one anti-virus installed on your computer as when you have two, it can interfer with each other.

Looking at the uninstall list. Everything was fine. Offcourse if you decide to uninstall AOL. It will make your system slightly faster. But faster does'nt mean better. It's a balance.

Quicktime is not needed per say. I see you have Real Player. Personnaly I stick with Windows Media Player. So again it is your choice wether to remove it. If you use Real Player then don't uninstall it.

Ewido can be moved. As your system was not badly infected. But I would recommend on keeping it as it is a great tool. As we used Panda ActiveScan as an online scan. It can be removed from Add/Remove. If you decide to use the online scan it will just be redownloaded again.

This is my post for when you are all clean - which you now are - or seem to be. Please adivise on any problems you may still have.:-

Hide System Files
1. Click Start.
2. Open My Computer.
3. SelectTools menu
4. Click Folder Options.
5. Select the View Tab.
6. Uncheck Show hidden files and foldersin the Hidden files and folders section.
7. Select Hide protected operating system files (recommended) option.
8. Check the Hide file extensions for known file types option.
9. Click Yes.
10. Click OK.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer


    Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Un-Check Turn off System Restore.
    Click Apply, and then click OK.

  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialise and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Click here for more information on -> Computer Safety On line - Anti-Virus

    I would recommend AVG or AVAST. As these are the more secure and better ones.
  4. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Click here for more information on -> Computer Safety On line - Software Firewalls

    I would recommend ZONEALARM as a firewall as it's easy to use. But for a more secure firewall, Kerio is the one.
  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    Set up system to ensure a regular update of the Operating System.

    Automatically:

    1. On the Desktop, right-click My Computer.
    2. Click Properties.
    3. Click on Automatic Updates
    4. Check the option of choice (I use Automatic (Recommended)). If you use dial-up I would recommend using the
      Notify Me option so that you can download when you can afford the time and bandwidth overheads.
    5. Select the Day/Time of choice
    6. Click Apply
    7. Click OK


    Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly
  7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here: Click here -->Instructions for - Spybot S & D and Ad-aware
  8. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Click here -->Instructions for - Spybot S & D and Ad-aware
  9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here: Click here -->Computer Safety on line - Anti-Malware
  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby cowriles3 » December 15th, 2005, 6:49 pm

ok, so i did one of the directions you just gave me in reverse.. before doing the "hide system files directions" i went to the "turn off system restore" so i did it backwards.. i'm an idot.. i probably screwed something up.. let me know if i did..

Thanks
cowriles3
Regular Member
 
Posts: 23
Joined: December 5th, 2005, 3:03 pm

Unread postby AndyAtHull » December 15th, 2005, 6:52 pm

No you didn't. If you are realy unsure about it. You can always turn system restore of and back on again. But make sure Syetm restore is turned on again.

It isn't a problem :D
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware