Hi,
I see you have the Macrogaming SweetIM installed. You must be aware that they collect info from your computer. Please read their EULA
here:
Quote:
Macrogaming reserves the right at all times to monitor user activity and communications on the Software and Service....
...............SweetIM for IE sends an anonymous unique ID to our servers. We need this information in order to understand the number of client software that has been distributed. When processing a search query, the Software sends a request to our servers. It includes the keyword query, IP address, default language setting, browser type, an anonymous unique ID. If the search query is being generated as the result of misspelling of a URL or if a search term is entered in to the browser address bar, we also receive the misspelled URL address or search term.
|
AskSBar is another program that I would not recommend. You can read further about it here:
http://www.benedelman.org/spyware/in...jeeves-banner/
If you wish to remove them, you can do so via Add or Remove Programs in Control Panel.
======================================
Scan with HijackThis again and put a checkmark against the following entries, if present. Check the ones in purple if you decided to remove AskSBar and SweetIMBar:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Close all browsers/windows other than HijackThis and click on "fix checked". Exit HijackThis.
=====================================
Restart your computer for the changes to take effect.
=====================================
You should not be getting redirected anymore. However, it would be a good idea to run an online scanner and make sure that nothing else is hiding around.
Please download
Ccleaner and save it to your desktop
.
Tutorial for CCleaner
Set Options in CCleaner and run Cleaning Scan. Open the CCleaner program.
( Do not use the
Registry block to clean anything with this program. It is for experts only and it is risky).
- Select Cleaner block and Windows tab
Check all items under Internet Explorer, except Auto Complete Form History; everything under Windows Explorer; and everything under System except Memory Dump and Windows Log Files. In the Advanced section, have a check only on Old PreFetch Data.
- Click on the Options block on the left. Select Advanced.
Uncheck "Only delete files in Windows Temp folders older than 48 hours".
- Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
- Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
- Reset Temp File Removal for Regular Use.
Click on the Options block on the left. Select the Advanced button. Check "Only delete files in Windows Temp folders older than 48 hours".
Please run Ccleaner with the above settings for each user account.
=======================================
Go to
Start>Control Panel>Add/Remove Programs and remove if Kaspersky online scanner is present prior to downloading the most up-to-date one.
Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from
http://www.kaspersky.com/virusscanner
Next Click on
Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click
Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
- Standard
- Scan Options:
- Scan Archives
- Scan Mail Bases
- Click OK
- Now under select a target to scan:
- Select My Computer
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop in txt format.
Copy and paste that information from Kapersky in your next post along with a fresh HijackThis log.
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans for no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Or use
Firefox with IE-Tab plugin