Homepage Problems

Thanks Lonny.

Went to Redswoosh and had alook around this time. Looks like a server that's probably associated with the gaming being done. Here's a page from their site. Probably don't want to read it all. I didn't, but too lazy to trim it down.

Red Swoosh technology helps our customers deploy breakthrough broadband applications. Here are just a few solutions implemented on our platform.

Are you looking to go beyond what today’s corporate networks and public Internet can offer? Do you want to give your users a flawless Television or DVD quality media or e-learning experience? Do you want to auto-upgrade software packages behind the scenes?

Worries about local loop, last mile, and Internet congestion go away when you "time-shift" delivery of data to machines. The user goes about using his machine as he sees fit, and is only notified when an expected file delivery has been completed. He then can act on that notification without the nuisance of waiting for a download, or being disappointed in the quality of a streaming video or audio clip—the high quality content is already on his machine when he requests to view it!

Better marketing and promotional tools are possible with the Red Swoosh "Time Shift" product. Enterprises can also more reliably and effectively communicate with Sales Organizations, customers, partners, consumers by utilizing Red Swoosh's Time Shift delivery.

Example: User signs up for movie trailer, entering his email address, and clicking OKAY. User goes about his tasks, and then receives an email (SUBJECT: Your Spiderman trailer has arrived) when movie trailer video clip has been downloaded to his machine in an invisible cache. He clicks on the link in the email and gets a DVD-quality movie trailer without a hitch.

The Online Gaming industry is marked by a ravenous, incredibly demanding, always-on consumer base. When a publisher releases the latest game an onslaught of users pound the web sites participating in the direct-to-consumer game distribution. In fact, the peak of demand hits at the moment the release hits the web.

Red Swoosh offers unique solutions so that sites no longer have to plan and provision for massive spikes in demand for popular titles. The Red Swoosh SDG (Software Delivery Grid) solution will obviate the need to build out any additional infrastructure, will improve the quality and speed of downloads by your user base, while allowing you to expand the breadth of your offering, and increase the quality of marketing and distribution products your media customers sponsor and your users pay for.

Create a euphoric game experience without the quality constraints, headaches and cash draw you've come to expect.

Your users want high quality streaming media and their requirements for a quality experience are uncompromising. You want to provide them that experience without overwhelming your budget or your organization.

Whether your users are on the public Internet, behind a corporate intranet, or accessing data and content through a private extranet, Red Swoosh will allow you to communicate with stakeholders, consumers, partners, corporate customers without additional infrastructure deployments or management.

If you are already delivering content and data and want to deliver more at a better quality, at lower costs, and simpler management, you can have the Red Swoosh Grid up and running in a few hours.

If you are looking into new content initiatives without an existing delivery platform, Red Swoosh professional services offers an end-to-end streaming solution and infrastructure platform through a number of Best Practices partners, and service providers.


Large and small corporations alike are adopting e-learning solutions to cut down on travel costs, better train and communicate with remote workers, and more effectively adopt policies and processes in the emerging distributed e-business. Unfortunately, corporate networks were not built for centrally controlled application servers running across distributed, heterogeneous networks; networks that are quite often not very well connected to each other. Adoption of e-learning solutions, therefore, has been constrained by costly and lengthy network infrastructure deployments, and severe limits on the delivery quality of e-learning programming. . . Until Red Swoosh hits the scene.

With Red Swoosh, prospective e-learning customers no longer have to consider deploying caching systems across several if not dozens of branch offices or campuses. E-learning software can sit at IT’s headquarters, and can be managed and controlled without any additional deployment of infrastructure, and without lengthy remote integration projects. All an IT organization has to do is "Swoosh" the URLs to the content, and ultra-rich, massive e-learning initiatives can be lit up overnight. Red Swoosh's intelligent directory sees all available network resources and assigns the closest and most cost-effective aggregate of resources to fulfill the sometimes-unpredictable content requests. This is done at quality levels unheard of in traditional caching deployments, and without ANY deployment of remote infrastructure whatsoever.


Certain segments of Industry have found themselves with enormous computational needs and have turned to Distributed Computation platforms to run problem sets over 1000's of machines concurrently. Unfortunately these solutions rarely provide for an abstraction of networking resources: storage and bandwidth across those same machines.

Companies on distributed computing platforms are often left to set up a dedicated Data Center with provisioned bandwidth and purchased storage resources. They spend months setting this up so that all machines can access the data they need. Staging various projects can be just as frustrating as each project gets placed into the IT project queue, data resources are allocated, and complex planning for the projects is completed. Quite often these projects occur across multiple organizations such that control of data, its security and management of projects adds another layer of bureaucracy, and complexity to running these distributed projects.

Imagine being able to add data sets to projects on the fly. Get data where it needs to be just-in-time. Provide access controls and security to the data without having a bloated centralized infrastructure. Accelerate distributed computing projects instantly by providing ultra-local, highly connected access to data. Rid your IT organization of redundant, inefficient project management, and get your Distributed Computation projects staged and ready to go with a push of a button, instead of the typical weeks long processes managers often see.

 

My kids play Battlefield 1942 on line, counter strike, desert combat, battlefield vietnam. They have teamspeak, saitek game stick, veo web cam. They download maps and patches.

Noahdfear - the member that posted first on "cannot change home page" when he posted his log he also had that "heart stupid ". I don't know what it is.

I did right click on the blue toolbar that magically appeared under my address bar and there was no option to remove it. Realbar is listed unchecked along with mcafee.

I don't know what Active X controls are. Anyone more experienced in scrutinizing these from my log file to advise what I can remove???

Markp2 - our video card on this hp is the nvidia geforce fx 5200. Previous was a Nvidia TNT2.

I will remove what you all suggested and repost my log file.

Thank you all, but I think we still have work to do.

 

I did get Spybot to run. My boys play peer to peer battlefield, etc.

Lonny - we have comcast internet service.

Ok, I'll be back after I remove all what you suggested, re-run spybot, adware, hijackthis. I'll repost my log. Thank you all so much

 

I think you should fix everything suggested plus
as the others have pointed out , without it affecting the kids online games, if it does use the backups hijackthis creates to put back "Red Swoosh "
we can explain if it come to that

so fix this on also
O4 - HKLM\..\Run: [drive date] C:\PROGRA~1\heart stupid rule\64joysign.exe
reboot and delete folder
C:\PROGRA~1\heart stupid rule << folder


But disregard deleting this folder for now.
C:\Program Files\RSNet

Let us know ?

 

Logfile of HijackThis v1.97.7
Scan saved at 7:55:27 AM, on 3/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ZS\CW\cw.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\heart stupid rule\64joysign.exe
C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.24:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {85810C93-C14C-11D5-BC4B-0050BA28E4FE} - C:\WINDOWS\System32\popkill.dll
O2 - BHO: (no name) - {B79170A8-21DA-8FEE-C15A-B714D0931715} - C:\PROGRA~1\PROXYD~1\ChinHeck.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: default start - {B8C7BDA7-CBE6-1C82-3F71-B93CD02B8717} - C:\PROGRA~1\PROXYD~1\ChinHeck.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Xerox WorkCentre 480cx Monitor] RUNDLL32.EXE C:\WINDOWS\System32\X480SHLL.DLL,AutoUpdatePnPValue
O4 - HKLM\..\Run: [CWatch] C:\PROGRA~1\ZS\CW\cw.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [drive date] C:\PROGRA~1\heart stupid rule\64joysign.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe "
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_37.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,73/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/206d88b1b95627c15106/netzip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs7b.instantservice.com/jars/customerxsigned35.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37579.3450578704
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {CDBA8D4D-4088-4F27-B9A8-17FD5A008080} (PixelFixx Game Launcher) - http://69.25.23.235:9090/ion/ocx/ion.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca05.rightnowtech.com/uo/eatech/rnt/rnl/java/RntX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4285/mcfscan.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab

Here is the latest log file. I still have that stupid toolbar under my address bar. Thank you.

 

Ok, I got rid of the toolbar. By the way, the microsoft advertisement that appears when you enter the microsoft BB comes up with a stablity wizard that tells me there are errors in my registry.

I ran spybot and it found 6 entries. I did nothing with them since they are internet settings.

They are start like this:

DSO Exploit: data source object exploit
HKEY users/s-1-5-20\software\microsoftwindows]currentversion\internet settings\zones\0\1004=w=3

plus a turbodownload c:\\windows\syustem32\iedriver

Thanks all so much. I have to be out until 3:00 pm eastern time. (I volunteer at the ukranian church to help make the pierogies)

 

Place a check next to these items
Close all browser windows and shut down all other programs(even folders)
that show in the taskbar. Then Hit fix selected

O2 - BHO: (no name) - {B79170A8-21DA-8FEE-C15A-B714D0931715} - C:\PROGRA~1\PROXYD~1\ChinHeck.dll
O3 - Toolbar: default start - {B8C7BDA7-CBE6-1C82-3F71-B93CD02B8717} - C:\PROGRA~1\PROXYD~1\ChinHeck.dll

O4 - HKLM\..\Run: [drive date] C:\PROGRA~1\heart stupid rule\64joysign.exe

and all the 0-16's
========

Reboot the PC
come back, scan again with hijackthis and post another fresh log

 

I lost my homepage again! After my last log that I did after removing the items suggested rebooted, it's back! The toolbar keeps coming back also. After I right click it, it just returns. I'll following the last 2 advices that Lonny gave me, re-scan with hijackthis and post the log. Thank you.

 

Logfile of HijackThis v1.97.7
Scan saved at 3:34:50 PM, on 3/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ZS\CW\cw.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\heart stupid rule\64joysign.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.24:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {85810C93-C14C-11D5-BC4B-0050BA28E4FE} - C:\WINDOWS\System32\popkill.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Xerox WorkCentre 480cx Monitor] RUNDLL32.EXE C:\WINDOWS\System32\X480SHLL.DLL,AutoUpdatePnPValue
O4 - HKLM\..\Run: [CWatch] C:\PROGRA~1\ZS\CW\cw.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [drive date] C:\PROGRA~1\HEARTS~1\64joysign.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe "
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

What about this R1 ProxyOverride?
I followed your advice and removed all the 016's, etc.
Home page is back and toolbar is gone (for now).
Thank you. Waiting for further instructions.

 

I can't delete Heart Stupid. Message, access is denied.

 

Looking much better!

If you still cannot identify the hearts stupid rule (a game?), delete the folder from C:\Program Files, then fix this with HJT and reboot.

O4 - HKLM\..\Run: [drive date] C:\PROGRA~1\HEARTS~1\64joysign.exe

I believe the Proxy server and override are part of your Comcast connection.

 

Just saw your other post. Do a search of the forums for move on boot, locate a link and download (I'd put one up for you but have to leave right now). Install and you will have a new right click option to delete on next boot. Use it on that folder. good luck! Will check in later.

 

Just a suggestion, may be off base here, but I did notice
that in the first log posted that the URL sent me to Search.Lop,
Had a similiar problem with a buddy of mine where
URL directed to Search.Lop and he had a running process and
and 04 starting on startup that I didn't recognize but close to
what is in this log.
He also had a BHO which was unidentified, although I didn't see no sign of Winactive in the log you may want to try the
LOP uninstaller from lop.com, just to make sure.
Like I said, just a suggestion, but problem looks very similiar.

 

DSO Exploit: data source object exploit
It is perfectly safe to let Spybot fix that for you.

HKEY users/s-1-5- 20\software\microsoftwindows currentversion\internet settings\zones\0\1004=w=3
This is referring to your Internet Options Security Settings. You should check your Internet Options Security Settings.
You can check this by going into Internet Options, click on Security tab, be sure the Internet Icon is highlighted, click on Customize button, and put the ActiveX settings like this.

Download signed ActiveX; Prompt
Download unsigned ActiveX; Disable
Initialize and script ActiveX controls not marked as Safe; Disable
Run ActiveX controls and Plugins; Enable
Script ActiveX controls marked safe for scripting; Enable

Now Click on the Advanced tab, and uncheck both "Install on Demand ". This is not on your demand, but on the website's and any third party's website demand.

turbodownload c:\\windows\system32\iedriver
This thing is changing your homepage. Let Spybot get rid of it.
http://securityresponse.symantec.com/avcenter/venc/data/adware.iedriver.html

Dr Delete can help with Heart Stupid.

 

indmusic No its not offbase someone had mentioned this combination sounds like lop, But I wouldnt recommend and uninstaller from them.


O2 - BHO: (no name) - {B79170A8-21DA-8FEE-C15A-B714D0931715} - C:\PROGRA~1\PROXYD~1\ChinHeck.dll
O3 - Toolbar: default start - {B8C7BDA7-CBE6-1C82-3F71-B93CD02B8717} - C:\PROGRA~1\PROXYD~1\ChinHeck.dll
C:\PROGRA~1\heart stupid rule\64joysign.exe


Phyllis Let us know how you make out
those three have to go then reboot and delete the folders
either manualy or with Dr Delete as markp62's suggests

Regards
Lonny

 

Noahdfear - I found this on the BB, but can't access the page.

http://www.gibinsoft.net/gipoutils/bin/moveonb.exe


MarkP62 - Can I print a log file from spybot like I can from Hijackthis? I will re-run spybot and see if I can at least print the results to ensure I can tell you what is on there before I delete anything. Thanks so much!

Lonny - the instructions you gave me for my internet options/security/ customize & active X. All my settings were already set as you suggested on both the security & advance.

My homepage is A-ok today and I don't have that toolbar. We are doing great! I'll be back after I find Dr. Delete and re-run spybot & hijackthis.

Thank you for your continuing assistance

 

Phyllis,

That is a direct download and should have opened a download dialog box. Did it not do that for you?

 

Logfile of HijackThis v1.97.7
Scan saved at 8:07:31 AM, on 3/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ZS\CW\cw.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\heart stupid rule\64joysign.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.24:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {85810C93-C14C-11D5-BC4B-0050BA28E4FE} - C:\WINDOWS\System32\popkill.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Xerox WorkCentre 480cx Monitor] RUNDLL32.EXE C:\WINDOWS\System32\X480SHLL.DLL,AutoUpdatePnPValue
O4 - HKLM\..\Run: [CWatch] C:\PROGRA~1\ZS\CW\cw.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [drive date] C:\PROGRA~1\HEARTS~1\64joysign.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe "
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

I just noticed that after sending my recent hijackthis log file, spybot did not remove Heart STupid. I forgot to run Dr.Delete. I'll do that right now.

I did remove the 5 DSO exploit: data source object exploit that showed up in spybot and the turbodownload.

Be right back. Thank you.

 

The download worked the third time around for Dr. Delete.

Dr. Delete did not remove the file heart stupid upon reboot.
I re-ran hijackthis and removed the file. Scanned it again and I don't see it. I'll post my lastest scan.

Upon reboot I received the following message: Wnd for Nadmin not responding. I've seen this message a few times during the last few days. What does it mean and why?

I updated and ran Adware first thing this morning and was wondering if you could explain why I received the following since I haven't been anywhere on the internet in the last few days except here and to the suggested links and downloads:

c:\documnets & settings\owner\cookies\owner@ayb.lop[1]txt
@bins.lop

Logfile of HijackThis v1.97.7
Scan saved at 9:00:11 AM, on 3/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ZS\CW\cw.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.24:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {85810C93-C14C-11D5-BC4B-0050BA28E4FE} - C:\WINDOWS\System32\popkill.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Xerox WorkCentre 480cx Monitor] RUNDLL32.EXE C:\WINDOWS\System32\X480SHLL.DLL,AutoUpdatePnPValue
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe "
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab