Internet Explorer acting very weird - Won't allow Update - Very Slowto Load

Discussion in 'Spyware' started by blubbert, Jun 29, 2008.

  1. blubbert

    blubbert Guest

    I have been working on a friends computer off and on for several days
    now. I think I got most of his problems fixed but can seem to get
    this part fixed.

    I have run Spybot over and over and have final fixed all the issues
    that it found. However, I still can't fix this one.

    Whenever Internet Explorer run it takes forever to go to a particular
    site. It will sometime go to a popup window. It will sometimes say
    page cannot be found.

    I have deleted all the temporary files that I know where to delete.

    I have run a full McAfee Scan which was completely clean.

    I have even uninstalled IE7 and went back to 6. Same problems.

    I just am out of answers, and don't know where to go next.

    Thanks so much for your help ahead of time.

    Brandon



    Here is the HiJack this Log.

    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:20:48 AM, on
    6/29/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin
    \AppleMobileDeviceService.exe
    C:\Program Files\Common
    Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Common Files\New
    Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Comcast\Desktop
    Doctor\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps
    \apdproxy.exe C:\Program Files\Common Files\Real\Update_OB
    \realsched.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe c:
    \PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
    C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Comcast\Desktop
    Doctor\bin\sprtcmd.exe
    C:\WINDOWS\zHotkey.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Spybot - Search &
    Destroy\TeaTimer.exe
    C:\Program
    Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:
    \Program Files\iPod\bin\iPodService.exe c:\PROGRA~1\mcafee\msc
    \mcshell.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet
    Explorer\Main,Start Page =
    http://us.mcafee.com/root/campaign.asp?cid=25642
    R0 - HKLM\Software\Microsoft\Internet
    Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:
    \Program Files\Outlook Express\msimn.exe"
    R1 -
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = 127.0.0.1
    O3 - Toolbar: &Google -
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google
    \googletoolbar12.dll
    O3 - Toolbar: Comcast Toolbar -
    {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:
    \PROGRA~1\COMCAS~1\COMCAS~1.DLL
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK
    \LogOnHook.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe
    \Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real
    \Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%
    \system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader
    \shwiconem.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java
    \jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD
    \PDVDServ.exe"
    O4 - HKLM\..\Run: [Recguard]
    %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
    \qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KPDrv4XP]
    C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
    O4 - HKLM\..\Run: [KEMailKb]
    C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes
    \iTunesHelper.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool
    \drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor
    \bin\sprtcmd.exe" /P
    ddoctorv2
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
    Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe
    \Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [88bb182d] rundll32.exe "C:\WINDOWS
    \system32\nhijpshy.dll",b
    O4 - HKLM\..\Run: [BM8b882bb1] Rundll32.exe "C:\WINDOWS
    \system32\uvpycoqv.dll",s
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
    & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] 1
    O4 - HKCU\..\Run: [swg] C:\Program
    Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW
    \Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [DelayShred]
    c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner
    \LOCALS~1\TEMPOR~1\Content.IE5\7BQ66IMX\HCTP_1~1.SH!
    C:\DOCUME~1\Owner\Cookies\OW3E75~1.SH!
    C:\DOCUME~1\Owner\Cookies\OW99DC~1.SH!
    C:\DOCUME~1\Owner\Cookies\OW4A71~1.SH!
    C:\DOCUME~1\Owner\Cookies\OW89D2~1.SH!
    C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\APP_1_~1.SH!
    C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\NO_CON~1.SH!
    C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DW_PAS~1.SH!
    C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DC_1_~1.SH!
    C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DW_PAS~2.SH!
    C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\VVK0J4DX\INDEX_~1.SH!
    C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\VVK0J4DX\DW_PAS~1.SH!
    C:\DOCUME~1\Owner\Cookies\OWC390~1.SH!
    C:\DOCUME~1\Owner\Cookies\OW42B7~1.SH!
    C:\DOCUME~1\Owner\Cookies\OWF015~1.SH!
    C:\DOCUME~1\Owner\Cookies\OW189C~1.SH!
    C:\DOCUME~1\Owner\Cookies\OW4A6B~1.SH!
    C:\DOCUME~1\Owner\Cookies\OW0692~1.SH!
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google
    \GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google
    \GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (User 'Default user')
    O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST
    Music Manager\MEMonitor.exe
    O9 - Extra button: (no name) -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java
    \jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
    AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Yahoo! Login -
    {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common
    \ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-
    BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra button: Travelaxe -
    {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe
    \Travelaxe.exe
    O9 - Extra button: Messenger -
    {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!
    \Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-
    AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: Research -
    {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:
    \PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com -
    {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming
    \PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com -
    {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming
    \PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Real.com -
    {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS
    \system32\Shdocvw.dll
    O9 - Extra button: (no name) -
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:
    \PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
    - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) -
    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic
    \xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
    d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic
    \xpnetdiag.exe
    O9 - Extra button: Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger
    \msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
    BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Poker.com -
    {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com
    \Poker.exe (HKCU)
    O16 - DPF: Yahoo! Chat -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Euchre -
    http://download.games.yahoo.com/games/clients/y/et1_x.cab
    O16 - DPF: Yahoo! Games Voice Chat -
    http://presence.games.yahoo.com/yog/y/va1_x.cab
    O16 - DPF: Yahoo! Poker -
    http://download.games.yahoo.com/games/clients/y/pt3_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
    (ewidoOnlineScan Control) -
    http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} -
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
    (Java Plug-in 1.6.0_05) -
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
    (Shockwave Flash Object) -
    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
    (McFreeScan Class) -
    http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5307/mcfscan.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files
    \Common Files\Apple\Mobile Device Support\bin
    \AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS
    \system32\Ati2evxx.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:
    \PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google
    - C:\Program Files\Google\Common\Google
    Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT)
    - Macrovision Corporation - C:\Program Files\Common Files\InstallShield
    \Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin
    \iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program
    Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:
    \PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:
    \PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:
    \PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:
    \PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:
    \PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:
    \PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service
    (McRedirector) - McAfee, Inc. -
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:
    \PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:
    \PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service
    (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:
    \PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program
    Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: SupportSoft Sprocket Service
    (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files
    \Comcast\Desktop Doctor\bin\sprtsvc.exe
     
    blubbert, Jun 29, 2008
    #1
    1. Advertisements

  2. blubbert

    blubbert Guest

    Oh, and I forgot to add Firefox seems to be affected as well. Safari
    runs perfectly. Just another part of the mystery. Brandon
     
    blubbert, Jun 29, 2008
    #2
    1. Advertisements

  3. blubbert

    Ms. L MVP Guest

    Use my free Remove-it software, choose yes for all options when prompted.
    Download it here http://pcbutts1.com/downloads/tools/tools.htm
     
    Ms. L MVP, Jun 29, 2008
    #3
  4. From: <>

    | I have been working on a friends computer off and on for several days
    | now. I think I got most of his problems fixed but can seem to get
    | this part fixed.

    | I have run Spybot over and over and have final fixed all the issues
    | that it found. However, I still can't fix this one.

    | Whenever Internet Explorer run it takes forever to go to a particular
    | site. It will sometime go to a popup window. It will sometimes say
    | page cannot be found.

    | I have deleted all the temporary files that I know where to delete.

    | I have run a full McAfee Scan which was completely clean.

    | I have even uninstalled IE7 and went back to 6. Same problems.

    | I just am out of answers, and don't know where to go next.

    | Thanks so much for your help ahead of time.

    | Brandon



    < snip >

    Please don NOT post HJT logs to Usenet. They are not accepted. If you had bothered to
    ask first, you would have been told. this.

    You are definitely still infected!

    1. Download and execute HiJack This! (HJT)
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    2. Disable Notepad's word wrap:
    In Notepad.exe; Format --> uncheck; "Word wrap"

    3. Download/run Deckard's System Scanner:
    http://www.techsupportforum.com/sectools/Deckard/dss.exe

    4. Save the scan results (Main.txt and Extra.txt)

    5. And then post the contents of Main.txt and Extra.txt in your post in one of the below
    expert forums...


    { Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }

    Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner
    Logs.

    NOTE: Registration is REQUIRED in any of the below before posting a log

    Suggested primary:
    http://www.thespykiller.co.uk/index.php?board=3.0

    Suggested secondary:
    http://www.bleepingcomputer.com/forums/forum22.html
    http://castlecops.com/forum67.html
    http://www.malwarebytes.org/forums/index.php?showforum=7

    Suggested tertiary:
    http://www.dslreports.com/forum/cleanup
    http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
    http://www.atribune.org/forums/index.php?showforum=9
    http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
    http://gladiator-antivirus.com/forum/index.php?showforum=170
    http://forum.networktechs.com/forumdisplay.php?f=130
    http://forums.maddoktor2.com/index.php?showforum=17
    http://www.spywarewarrior.com/viewforum.php?f=5
    http://forums.spywareinfo.com/index.php?showforum=18
    http://forums.techguy.org/f54-s.html
    http://forums.tomcoyote.org/index.php?showforum=27
    http://forums.subratam.org/index.php?showforum=7
    http://www.5starsupport.com/ipboard/index.php?showforum=18
    http://aumha.net/viewforum.php?f=30
    http://makephpbb.com/phpbb/viewforum.php?f=2
    http://forums.techguy.org/54-security/
    http://forums.security-central.us/forumdisplay.php?f=13
     
    David H. Lipman, Jun 29, 2008
    #4
  5. blubbert

    Dustin Cook Guest

    I don't think this is a good idea... Opening the included hosts. file
    shows this:

    # [Misc A - Z]
    127.0.0.1 www.it-mate.co.uk
    127.0.0.1 it-mate.co.uk
    127.0.0.1 mysteryfcm.co.uk
    127.0.0.1 www.internetinspiration.co.uk
    127.0.0.1 www.mvps.org
    127.0.0.1 bughunter.it-mate.co.uk
    127.0.0.1 www.bughunter.it-mate.co.uk
    127.0.0.1 www.siri.geekstogo.com
    127.0.0.1 siri.geekstogo.com
    127.0.0.1 siri.urz.free.fr
    127.0.0.1 www.siri.urz.free.fr
    127.0.0.1 noahdfear.geekstogo.com

    For those who do not know, this will block many reputable sites that can
    provide assistance way beyond that of the stolen script you're peddling.

    :S3
    IF EXIST "%SystemDrive%\ann.exe" echo "%SystemDrive%\ann.exe"
    IF EXIST "%SystemDrive%\ann.exe" echo "%SystemDrive%\ann.exe">>remove-
    it.txt
    IF NOT EXIST "%SystemDrive%\ann.exe" GOTO S4
    attrib -h -r -s "%SystemDrive%\ann.exe"

    As you can see, this several megabyte batch file (that's not even your
    work) does not have the ability to backup/quarantine anything prior to
    it's removal, based on filename and location alone. This script has no
    way of knowing if the files it's going to delete really should be
    deleted.


    It's best to avoid such lousy software.

    --
    Regards,
    Dustin Cook - http://bughunter.it-mate.co.uk
    BugHunter v2.2e AntiMalware Removal Utility
    For Windows users, I highly recommend:
    http://www.malwarebytes.org - MalwareBytes AntiMalware
     
    Dustin Cook, Jul 8, 2008
    #5
  6. blubbert

    Laura MS MVP Guest

    What are you on drugs again dustbin? Put the crack pipe down! Did you forget
    you already tried that approach with me. Here is how Remove-it works
    http://pcbutts1.com/downloads/spytech.htm and you wonder why you are in my
    hosts file.


    --
    Stalking is a Crime
    Stalking charges are serious and
    almost every state now has a strict stalking law.




     
    Laura MS MVP, Jul 8, 2008
    #6
  7. Admission noted that it is /your/ hosts file, pcbutthead.
    --
    Rhonda Lea Kirk Fries

    If a man is offered a fact which goes against his instincts, he will
    scrutinize it closely, and unless the evidence is overwhelming, he will
    refuse to believe it. If, on the other hand, he is offered something
    which affords a reason for acting in accordance to his instincts, he
    will accept it even on the slightest evidence. The origin of myths is
    explained in this way. - Bertrand Russell
     
    Rhonda Lea Kirk Fries, Jul 8, 2008
    #7
  8. blubbert

    Leythos Guest

    No ethical anti-malware person/company would block access to those sites
    that you block Access to Butts.
     
    Leythos, Jul 8, 2008
    #8
  9. From: "Leythos" <>



    | No ethical anti-malware person/company would block access to those sites
    | that you block Access to Butts.

    And that FlowChart is complete bullsh!t.

    Pure propaganda BS!
     
    David H. Lipman, Jul 8, 2008
    #9
  10. blubbert

    James Morrow Guest

    And you and your kind are on everybody else's HOSTS file, Laura Butts.
    You couldn't pass the MSVP test and now you fail the DNA test. XX xy or
    is it just XXX.
     
    James Morrow, Jul 9, 2008
    #10
  11. blubbert

    Laura MS MVP Guest

    I'm smarter then you and that pisses you off.


    --
    Stalking is a Crime
    Stalking charges are serious and
    almost every state now has a strict stalking law.
     
    Laura MS MVP, Jul 9, 2008
    #11
  12. blubbert

    Dustin Cook Guest

    As you seem to want to make an issue of a quick glance at the latest junk
    your peddling, Don't forget, Christopher, I called you at home and at work;
    I think it's painfully obvious that anything I may have tried was indeed,
    successful.

    The batch file isn't yours, as we've all basically said from the beginning.
    You willingly stole it, modified it (essentially cut/paste author with your
    name), and re-released it as your own.

    What legitimate reason do you have for blocking any of the sites I posted
    from your hosts file?


    --
    Regards,
    Dustin Cook - http://bughunter.it-mate.co.uk
    BugHunter v2.2e AntiMalware Removal Utility
    For Windows users, I highly recommend:
    http://www.malwarebytes.org - MalwareBytes AntiMalware
     
    Dustin Cook, Jul 10, 2008
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.