[/size]
Hey guys, i know you are used to reading the hijack logs, but i have some challenging questions i was hoping you could answer for me. (If i need to get redirected pls tell me, but I trust the hijackthislog guys).


[size="1"]
How do i remove ALL of ASK.com ToolBar. I am determined to remove every last bit of that corrupt crap.

How do I remove ALL of STOPZilla and related applications/scripts. (cant believe I downloaded that crap...)

How do I remove ALL of Limewire and related scripts. Im still finding random java scripts and logs even 1 year later.

How do I remove ALL traces of AOL related programs. Send my personal info to anyone you want will you?? GET F.... AOL.

What are XML FILES... Why do they make my comp crash or send me to virus pages(and why is itunes involved with such files)...

What is brndlog & why do i have a windows folder in my \user\application data\ folder.... It just seems randomly placed, and suspicious.

WTH is with naming the uninstall folders for service pack 3, spuninst... Is it me or is windows actually this randomly creepy and suspicious.

LASTLY, what is a strong siteguard/firewall program that ISN'T unbelieveably sketchy like STOPZilla.
[Is Stopzilla a corrupt firewall/spybot?? I mean, reason tells me it is... but just maybe im bein paranoid?? ]

ALSO: I noticed the abundance of sites similar to this one... and some that are unbelievably sketchy.
One place called computer-juice recommend to all its users of HJTlogs to do the following:



* Double-click on HJTInstall.
* Click on the Install button.
* It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe
* Upon install, HijackThis should open for you.
o Close HijackThis and rename it.
o Go to C:\Program Files\Trend Micro\HijackThis.exe
o Right click on HijackThis.exe and select Rename
o Type in sniper.exe and press Enter
o Right-click on sniper.exe and select Send To > Desktop (create shortcut)
* From the desktop open Hijackthis.
* If using Windows Vista, Right-click and Run As Administrator
* Click on Do a system scan and save a log file
* Hijackthis will scan and then a log will open in notepad.
* Copy and then paste the entire contents of the log in your post.
o Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Note: Although we have renamed Hijackthis to sniper, we will still refer to it as Hijackthis or HJT.




WHY are the saying this? and should i start doing this??

I'm going to move this post to general support for the time being, but will probably end up moving you back here when I've answered a few of your questions.

To start with remove all those above programmes using Add/Remove programmes in control panel. Once that's done we can scan with Ad-Aware and then ask the HJT guys to check your HJT log to make sure it's really all gone.

XML files are files that can contain a variety of information that programmes use to carry out there features, to display properly or a whole manner of other othings. If they are making your computer crash or directing you to spyware related webages that could indicate a malware attack, in which case I will send you back to HJT with some instructions.

brndlog is a system file - http://www.kephyr.com/filedb/index.php?viewtopic=brndlog.bak

As for the Windows folder could you tell me what OS you are running please (ok, please ignore that question, you must be on xp, will run over to my xp box and check shortly)? But it is likely that Windows is storing user-specific information there.

spuninst = Service Pack Uninstall - seems a logical name to me and not creepy at all.

As for firewalls: Windows has a built in firewall that is fine for blocking incoming attacks, but provides no outgoing programme control. IIRC this can be turned on in Control Panel (Classic View) > Windows Firewall in Windows XP (Or via the Windows Security Center). Alternatives, that provide among other things outgoing programme control include the Lavasoft Personal Firewall (http://www.lavasoft.com/products/lavasoft_...al_firewall.php) or, for a free solution, you could try ZoneAlarm Free (http://www.zonealarm.com/security/en-gb/fr...rm-firewall.htm) and click the ZoneAlarm Firewall button on the right hand side (see screenshot). For site protection I would recomend McAfee SiteAdvisor - free protection for both Internet Explorer and Firefox - http://www.siteadvisor.com/.

My first impressions of StopZilla are that it looks rather dodgy, but I'll look into it further and let you know.

This post is getting long so I'm gonna answer your questions about HJT in a reply to this

HijackThis is a programme that logs all running processes on your computer, certain areas of the registry and other things for security profesionals to analyse to help them diagnose your system.

I would imagine that they rename it sniper.exe so that any malware that tries to hide from HijackThis.exe can't see it.

It has to have administrator rights to ensure that all features work properly (e.g. on Vista to view processes from all users you have to accept a UAC prompt, but if it's already elevated to admin that's not a problem).

Now, I hope I've got all your questions answered. Any more, please ask.

Now, to make sure that all those programmes are truly gone:

I'm now going to ask you to download the latest version of Ad-Aware (http://www.download.com/Ad-Aware-2008/3000...cdlPid=10903602) and use the web update feature to make sure that the definitions are up to date. Please then scan your system with it.

Then follow the instructions here (http://www.lavasoftsupport.com/index.php?showtopic=13639) and post any symptoms of infection/other useful information and your HJT log file in the HijackThis forum for analyses.

Thank You very much for detailing these answers, but I still have a few more:

I am currently up to date and I have removed everything possible using free scans from malware, ad-aware, avg and avast. So, scanning will do nothing. I was just picking through the last tiny files of of ask.com trying to find a way to get rid of this ask toolbar (still on my mozilla page). I obviously uninstalled it and searched for various components, however it still remains, as do some limewire, aol, and stopzilla components. They are nothing large or dangerous but i would like to remove every last trace of them altogether. I was thinking perhaps someone has looked into these program's install paths and created a full uninstall for every last component of these programs. Perhaps not, i was just hoping though.

+In the very least:
-How can I perform a search for XML files ONLY (I am completely competent to remove these files on my own without damaging either vital processes or desired processes).
-How can I remove the ASK toolbar?? There has got to be a way, even if not all of its traces, just the freakin toolbar itself has GOT to go. (search with the fileASSASSIN under malwarebytes)??
-If you dont know thats fine, B/C I dont either:
Can I remove Ipodservice.exe and Applesupport.exe w/out derailing I-Tunes?? They are just spyware bots for I-Tunes that came with the install and I'd like them gone. They serve no purpose but to steal memory and send my ###### off to apple.inc (+ if u stop the processes in tskmngr, the just start all on their own again in 30 minutes).
-Why does mozilla not stop all popups... and what can I do (in terms of webpage certificates) to quickly remove the certificate holders "trust" (w/ mozilla) in order to prevent popups from such website suppliers? Is this even a viable solution (deleting the certificates of popup webpages)?
-What is a completely SAFE and absolutely TRUSTWORTHY registry edit program, that's free? If there are none that you can recommend without absolute confidence, I'd rather not download it. I've spent too long manually removing registry errors and leftover files...

Its not really even the violation of privacy itself that pisses me off, I dont care what they find on my computer. Its the fact that EVERY internet based company thinks its perfectly legitiment to search through all of our ###### in order to "push" their merchandise so that they might become rich off us, "consumer whores". GET F..... AOL. Its the fact that anyone can hack their sites and then steal our information. Its the fact that doing this has become a separate enterprise altogether, both legal and illegal.

I'll pass you onto the HJT team, who should be able to remove all these from HJT or their programme of choice.




On the Start Menu go to search and search for *.xml on your local drives (* is a wildcard and means it will search for anything with .xml in it). I would really not recomend going round deleting xml files willy nilly because YOU WILL BREAK SOMETHING.



Have you tried using its uninstall utility? Again HJT should be able to deal with this, I will let pass you over to the guys shortly.



I have no idea, I try and stay away from the likes of itunes. You should be able to stop them in services.msc (start>run> type services.msc) though and then just restart them if there's a problem.



The problem is there are times when webpages legitimately launch pop ups (if for instance you click a help link that opens in a new window so as not to loose the page you're on) and the browser has to try and determine which popups are good and which are not. When you talk about certifcate holders do you mean you are recieving https popups? I could be wrong, but iirc it's not possible to tell the browser not to trust a valid certificate.



By manually removing do you mean regedit? CCleaner (http://www.ccleaner.com/) as does Spybot S&D (although I think only when in Advanced Mode)(http://www.safer-networking.org/en/home/index.html)

EDIT: Spybot registry cleaner - turn on advanced mode > tools > "System Internals"

I'm now going to split your HJT log into a seperate thread and then move it to the HJT forum, will append the link here when I'm done.

EDIT: Logfile thread is here: http://www.lavasoftsupport.com/index.php?showtopic=22687. Please await the response of an analyst who will provide you with further instructions in that thread. Please follow their instructions until they have confirmed your system clean.