http://www.geekstogo...der-t12235.html, which generated NO responses )
After many battles, using MAS, CWShredder, SpyBot, and AdAware, I have the log below. I can't seem to get rid of the crazywinnings trusted zone. Any help with that? Am I clean otherwise?
Thanks,
Jason
Logfile of HijackThis v1.99.1
Scan saved at 12:38:56 PM, on 4/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\PROGRA~1\Iomega\System32\AppServices.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Microsoft SQL Server\MSSQL$VSdotNET\Binn\sqlservr.exe
D:\WINDOWS\system32\NPLSecure.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Iomega\AutoDisk\ADService.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\Mixer.exe
D:\WINDOWS\System32\dpmw32.exe
D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
D:\Program Files\Microsoft Hardware\Mouse\point32.exe
D:\WINDOWS\System32\hkcmd.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\WINDOWS\system32\NWTRAY.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~2\VPTray.exe
D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
D:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zappa/niakwa
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://zappa/niakwa
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = zappa:80
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NDPS] D:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Iomega Startup Options] D:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] D:\Program Files\Iomega\DriveIcons\deskup.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "D:\Program Files\Stop-the-Pop-Up\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [Aats] D:\Documents and Settings\jtd\Application Data\wsaa.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = D:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Service Manager.lnk = D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: UPS OnLine PLD Reminder Utility.lnk = C:\Program Files\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: Download all by Net Transport - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://D:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098282422453
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C1531DE-E75B-475E-B2ED-15F52FD67BD6}: NameServer = 192.8.200.3,192.8.200.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2391FDF-7F2B-46F3-BB85-061A5F7555D7}: NameServer = 192.8.200.3,192.8.200.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C1531DE-E75B-475E-B2ED-15F52FD67BD6}: NameServer = 192.8.200.3,192.8.200.20
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - D:\downloads\antispy\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iomega App Services - Iomega Corporation - D:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NPLSecure - Niakwa, Inc. - D:\WINDOWS\system32\NPLSecure.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - D:\Program Files\Iomega\AutoDisk\ADService.exe