Ried

Hi Dave,

No worries about AVG A-S. We recommend that you Quarantine what it finds in the unlikely event it removes somthing legit. It can then be moved back, should that occur. Any cookies it finds will automatically be deleted, for everything else it finds, try to remember to Quarantine them first.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)

MaxSpeed

*Let me know if you had trouble uninstalling this.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)

Did you set these yourself? Given the symptoms you've described, I'd like you to clear them:

O15 - Trusted Zone: http://akamai.net (HKCU)
O15 - Trusted Zone: http://live.com (HKCU)
O15 - Trusted Zone: http://netlibrary.com (HKCU)
O15 - Trusted Zone: http://start.com (HKCU)

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Please ensure Hidden files and folders are viewable:

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Files and Folders

C:\!Submit
c:\program files\STC
c:\windows\didduid.ini
c:\windows\inf\polall1r.inf
c:\windows\sepsd.bin

--------------------------------------------------------------------

Clear Sun Java cache: (v.1.5)

Click on Start->Settings->Control Panel->Java Plug-in (If you do not see the icon, look to your left and click 'Switch to Classic View'. Click the Settings button under Internet Explorer near the bottom, and click on Delete Files and click OK and OK.


See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

• Under Temporary Internet Files, click the Delete Files button.
• There are three options in the window to clear the cache - Leave ALL 3 Checked
  • Downloaded Applets
    Downloaded Applications
    Other Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Java Control Panel.

--------------------------------------------------------------------

Please empty your Outlook Express Sent Items folder. To do so:

• Open Outlook Express
• Right click on Sent Items
• Select 'Empty Sent Items folder'.
• Click 'Yes' at the next popup box to succesfully empty the Sent Items folder.

If there are Sent items you'd like to keep, then look for and delete these:

Files from http://forums.spywareinfo.com\drm.zip[drm.dll]
Files from http://forums.spywareinfo.com\enth.zip[enth.exe]
Files from http://forums.spywareinfo.com\esyn.zip[esyn.dll]
Files from http://forums.spywareinfo.com\n489jdP.zip[n489jdP.exe]
Files from http://forums.spywareinfo.com\s2aP6Ra8.zip[s2aP6Ra8.exe]
HJT forum files\drm.zip[drm.dll]
HJT forum files\enth.zip[enth.exe]
HJT forum files\esyn.zip[esyn.dll]
HJT forum files\n489jdP.zip[n489jdP.exe]
HJT forum files\s2aP6Ra8.zip[s2aP6Ra8.exe]

Did someone previously get assistance from another forum in cleaning this system?

-------------------------------------------------------------

Perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note for Internet Explorer 7 users**

If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

How is your system behaving?