Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think Panda scan found a virus....help please,thankyou

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I think Panda scan found a virus....help please,thankyou

Unread postby bof:) » May 1st, 2007, 2:58 pm

Hi, pc running fine but I did a Pandsscan this afternoon and it found something. Could you let me know if its anything to worry about please.

Here's my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 19:41:20, on 01/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wiaacmgr.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resou ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O20 - AppInit_DLLs: PAVWAIT.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Here's my Pandascan log:


Incident Status Location

Spyware:spyware/clearsearch Not disinfected c:\windows\system32\IETie.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
Spyware:Cookie/Maxserving Not disinfected F:\WINDOWS\Application Data\Mozilla\Profiles\default\cx7g5vau.slt\cookies.txt[.maxserving.com/]
Adware:Adware/Superbar Not disinfected F:\Program Files\InstallShield Installation Information\{4BC0FD61-CD29-4761-A286-B69C16EE8F9A}\data1.cab[SuperBarInstall.exe]


Thankyou,

Mike
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK
Advertisement
Register to Remove

Unread postby Bob4 » May 5th, 2007, 8:01 am

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!
Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!





_________________________________
We need to disable windows defender.
A good program but may interfere with our fixes.

Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
After you uncheck this, click on the Save button
Close Windows Defender


________________________________

Go to
Start/control panel/add remove programs ;
And Uninstall

SuperBar



______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked



R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

_________________________________

Have you downloaded once before Smitfraud fix by S!ri ???

In your next reply I would like to see:
  • A new HJT log
  • Let me know you were able to remove supper bar.
  • Did you download smitfraud fix before?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby bof:) » May 5th, 2007, 1:21 pm

Hi Bob4,

Thankyou for your help.

I could not find SuperBar in add/remove programs.
Cannot remember downloading smithfraud to this pc.
Deleted R3 line as requested.

I did scan with A-squared whilst waiting and it found a few items. I've listed the log below the latest HJT log.

New HJT log as follows:

Logfile of HijackThis v1.99.1
Scan saved at 18:09:13, on 05/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resou ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O20 - AppInit_DLLs: PAVWAIT.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

A-squared log:

a-squared Free - Version 2.1

Scan settings:

Objects: Memory, Traces, Cookies, C:\, F:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 04/05/2007 19:30:40

C:\Program Files\intermute\spysubtract detected: Trace.Directory.SpySubtract
C:\WINDOWS\system32\ietie.dll detected: Trace.File.ClearSearch
C:\Program Files\intermute\spysubtract\cwsinstall.exe detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\install.log detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\spysubtract.log detected: Trace.File.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> app-access-scan detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> auto-backup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> check-network-integrity detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> clean-privacy-on-startup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ConfigDir detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ConnectionType detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> current-theme detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Days-remaining detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> db-message-on-startup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> debug-messages detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Email detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Evaluation detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> first-run detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> language detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Message detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> monitor-ms detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Oem detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> periodic-browser-settings-scan detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> periodic-process-scan detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ProductTag detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ProductVersion detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Pushcount detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> scan-quick-on-win-startup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> show-splash detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> sound-scheme detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Trial-days detected: Trace.Registry.SpySubtract
C:\Program Files\icqtoolbar detected: Trace.Directory.ICQToolbar
C:\Program Files\icqtoolbar\about.html detected: Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\basis.xml detected: Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\download.html detected: Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\logo_small.gif detected: Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\newversion.txt detected: Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\toolbaru.dll detected: Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\version.txt detected: Trace.File.ICQToolbar
C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe detected: Riskware.RiskTool.Win32.Processor.20
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe detected: Riskware.RiskTool.Win32.Reboot.f

Scanned

Files: 268740
Traces: 112605
Cookies: 1
Processes: 33

Found

Files: 2
Traces: 39
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 04/05/2007 21:27:04
Scan time: 01:56:24

C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Deleted Riskware.RiskTool.Win32.Reboot.f
C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe Deleted Riskware.RiskTool.Win32.Processor.20
C:\Program Files\icqtoolbar\about.html Deleted Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\basis.xml Deleted Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\download.html Deleted Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\logo_small.gif Deleted Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\newversion.txt Deleted Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\toolbaru.dll Deleted Trace.File.ICQToolbar
C:\Program Files\icqtoolbar\version.txt Deleted Trace.File.ICQToolbar
C:\Program Files\icqtoolbar Deleted Trace.Directory.ICQToolbar
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> app-access-scan Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> auto-backup Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> check-network-integrity Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> clean-privacy-on-startup Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ConfigDir Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ConnectionType Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> current-theme Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Days-remaining Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> db-message-on-startup Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> debug-messages Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Email Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Evaluation Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> first-run Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> language Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Message Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> monitor-ms Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Oem Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> periodic-browser-settings-scan Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> periodic-process-scan Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ProductTag Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ProductVersion Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Pushcount Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> scan-quick-on-win-startup Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> show-splash Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> sound-scheme Deleted Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Trial-days Deleted Trace.Registry.SpySubtract
C:\Program Files\intermute\spysubtract\cwsinstall.exe Deleted Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\install.log Deleted Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\spysubtract.log Deleted Trace.File.SpySubtract
C:\WINDOWS\system32\ietie.dll Deleted Trace.File.ClearSearch
C:\Program Files\intermute\spysubtract Deleted Trace.Directory.SpySubtract

Deleted

Files: 2
Traces: 39

Mike
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK

Unread postby Bob4 » May 5th, 2007, 1:35 pm

___________________________________
Reconfigure Windows XP to show hidden files::

Click Start. My Computer.
Select the Tools menu Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Navigate to and delete this file I have listed in bold.



F:\Program Files\InstallShield Installation Information\{4BC0FD61-CD29-4761-A286-B69C16EE8F9A}\data1.cab

Other than that you log looks good.

Let me know how you make out please.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby bof:) » May 5th, 2007, 3:06 pm

Hi Bob4, I've deleted the file you asked me to.

Do I have to get rid of Smithfraud fix?

Mike
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK

Unread postby Bob4 » May 5th, 2007, 3:28 pm

Looks to me as if A squared got it! ;)

Yes you can delete the smitfraud fix folder . It's updated often so there's no need to keep it around. It's always available if you need it on the net.

Find and delete

C:\Program Files\Mozilla Firefox\SmitfraudFix

Send 1 last HJT log please and let me know how things seem to be running.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby bof:) » May 5th, 2007, 3:52 pm

Hi Bob4, deleted smithfraud folder.

Here's latest HJT folder:

Logfile of HijackThis v1.99.1
Scan saved at 20:46:45, on 05/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\trash.exe (file missing) (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resou ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O20 - AppInit_DLLs: PAVWAIT.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

I also ran a Pandascan today which showed the following items:

Incident Status Location

Spyware:Cookie/Maxserving Not disinfected F:\WINDOWS\Application Data\Mozilla\Profiles\default\cx7g5vau.slt\cookies.txt[.maxserving.com/]
Adware:Adware/Superbar Not disinfected F:\Program Files\InstallShield Installation Information\{4BC0FD61-CD29-4761-A286-B69C16EE8F9A}\data1.cab[SuperBarInstall.exe

I know with your help I have got rid of the Superbar but is the Maxserving cookie anything to worry about ?

Mike
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK

Unread postby Bob4 » May 5th, 2007, 6:42 pm

maxserving.com...It's a tracking cookie. Not to big a concern.

In my all clean speech here I will have you use a few programs that will clean these out with no problems. They, from time to time show up again depening on your sufing habits. Pay attention to CCleaner, adaware and spybot search and destroy if you don't already have them.




Great news ! Image

Your log now appears to be clean.

Lets do a few things to tidy up.
Please do these in the order I suggest!


___________________________________
If we have set your computer to see all files and folders we must reprotect them.

UNDO SHOW ALL FILES
click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Deselect in the checkbox labeled Display the contents of system folders.
Deselect the checkbox labeled Show hidden files and folders.
Select the checkmark from the checkbox labeled Hide file extensions for known file types.
Replace the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK .
Now many important files are safe.


___________________________________
Download and install CCleaner from here.
If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.


Now open the program and click on Run Cleaner
( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).

You may opt out of cleaning cookies. If you clean them alls you will have to do is retype names and passwords for places you visit on the net 1 time.
If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla
I clean all my cookies out from time to time. It's not that big a deal if you remember passwords.


___________________________________
Please create a 'clean' System Restore Point:
The reason for doing this is in case you need system restore you don't put back all we just took out.
Right click My Computer
Then Propeties then system restore
Place a check mark by turn off system restore
Click APPLY
Windows will give you a warning click yes
REBOOT

Now go right back to the same place and unchecksystem restore
Click APPLYand OK





___________________________________
A few things to help with possible threats
SpywareBlaster

Install SpywareBlaster

SpywareBlaster will add a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs.
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.


______________________________
SiteHound

http://www.firetrust.com/firetrustsitehound.html

This tool bar will help protect you from.

Over 4,000 fake bank and credit sites.
Tens of thousands of pornographic
and adult sites.
The never ending fake phishing sites.
Malicious sites, which can infect you
with spyware and adware if you visit
them.
Sites to download software which
may infect your computer with
spyware, a virus or adware


___________________________________
Download and keep these updated and run weekly if you don't already have them.

Adaware
Tutorial

spybot seach & destroy
Tutorial




___________________________________
Download and Install a HOSTS File
A Hosts file is a plain text file which prevents your computer from connecting to malware and spyware sites by redirecting the connection request to 127.0.0.1, which is your local address. If you use a proxy server, or if you are on AOL, be sure to read the special instructions.
You can download the MVPS Hosts File and see a HOSTS file tutorial here :
This website also contains useful tips, and links to other resources and utilities.


___________________________________
Make your Internet Explorer more secure
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click on the Security tab
3. Click the Internet icon so it becomes highlighted.
4. Click on Default Level and click Ok
5. Click on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

6. Next press the Apply button and then the OK to exit the Internet Properties page.






Safe and Happy Surfing. :)
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby bof:) » May 6th, 2007, 12:26 pm

Hi Bob4, I've followed your instructions and reset and installed everything you said to.

I cannot get the Sitehound tool bar to install on Firefox though. When installing my Comodo firewall said Firefox wanted to act as a server, this I was told ages ago when using Zone Alarm it was not a good thing to do.

I denied letting Firefox acting as a server, I guess I'll have to look into Comodo and see how to unblock Firefox acting as a server.

I'm going to delete the Maxserving cookie by hand I think. Can I just check with you, do I need to delete its folder or can I just delete the cab file at the end of its pathway?

Thankyou very much again for all of your help.

A very happy Mike :D
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK

Unread postby Bob4 » May 6th, 2007, 7:39 pm

cab file should do it.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby bof:) » May 6th, 2007, 9:40 pm

Hi Bob4. Ok thankyou for all of your help.

The Sitehound tool bar was installed on Firefox after I rebooted pc.


Thankyou once again for all of your help.

I now have a clean PC :D

Mike
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK

Unread postby random/random » May 7th, 2007, 7:30 am

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware