Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

my.freeze.com

(New)
(!)

meka333's Avatar
meka333 meka333 is offline
Junior Member with 2 posts.
THREAD STARTER
 
Join Date: Dec 2004
Experience: Intermediate
02-Dec-2004, 10:30 AM #1
my.freeze.com
Hello, I have a computer that is being overwhelmed with internet popup ads. My home page keeps reverting back to my.freeze.com. When I try to launch Internet Explorer, it immediately closes. I have installed and ran Spybot and Adaware but it doesn't seem to resolve the issue. This is the latest hijack this log I have. Any help would be greatly appreciated. Thank you in advance.

Logfile of HijackThis v1.97.7
Scan saved at 10:16:19 AM, on 12/2/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\LDClient\LOCALSCH.EXE
C:\WINDOWS\system32\cba\pds.exe
C:\LDClient\QIPCLNT.EXE
C:\LDClient\tmcsvc.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\LDClient\wuser32.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\rundll32.exe
C:\LDCLIENT\SDISTHK.EXE
C:\LDClient\SOFTMON.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Medical Manager Corporation\MMClient\MedLpd.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\WINDOWS\system32\kbbaka.exe
C:\Documents and Settings\engle002\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\LDCLIENT\SDISTHK.EXE,C:\LDCli ent\SOFTMON.EXE
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\Hotbar\bin\451~1.0\SBInst.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [ensb] C:\WINDOWS\ensb.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [SESync] "C:\Program Files\SED\SED.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OSS] c:\windows\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\System32\Cache\cxtpls_loader.exe" /HideUninstall /HideDir /PC=CP.FHB /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [xhcskc] C:\WINDOWS\System32\xhcskc.exe
O4 - HKLM\..\Run: [bucezupgoupxs] C:\WINDOWS\System32\rpogzo.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade
O4 - HKLM\..\Run: [os4f37g] sketuf.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [ZBvpRXMpT] siguv.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...B?37921.391875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DA77A16-C75C-4883-9F1E-CA15A6D7F440}: Domain = pikecac.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DA77A16-C75C-4883-9F1E-CA15A6D7F440}: NameServer = 10.78.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{8DA77A16-C75C-4883-9F1E-CA15A6D7F440}: Domain = pikecac.org
O17 - HKLM\System\CS1\Services\Tcpip\..\{8DA77A16-C75C-4883-9F1E-CA15A6D7F440}: NameServer = 10.78.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{8DA77A16-C75C-4883-9F1E-CA15A6D7F440}: Domain = pikecac.org
O17 - HKLM\System\CS2\Services\Tcpip\..\{8DA77A16-C75C-4883-9F1E-CA15A6D7F440}: NameServer = 10.78.0.20
$teve's Avatar
Member with 9,397 posts.
 
Join Date: Oct 2001
Location: 25 miles from Manchester/Engla
Experience: Tweedle-Dee
02-Dec-2004, 10:52 AM #2
Welcome to TSG

Adaware and Spybot should have removed a lot of the crap you have.....and believe me you have quite a lot
Im going to enclose my canned speech for both programs and some A/V scans.

=========================================


Download AdAware SE from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"

Then...... click "proceed" to save your settings.

Now to scan itīs just to click the "Scan" button.

When scan is finished mark everything for removal and get rid of it.(Right-click the window and choose"select all" from the drop down menu)


Now re-boot...

Then
Download Spybot - Search & Destroy from http://majorgeeks.com/download2471.html

After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.
Activate the "Imunize" function.
==========================================================
Run an online antivirus check from at least one and preferably 2 of the following sites....
http://virusscan.jotti.dhs.org/
http://www.kaspersky.com/remoteviruschk.html
http://www.dials.ru/english/www_av/
http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/

Re-boot again.
===============================
You are running HijackThis from your desktop, this is not a good idea because when we do a fix...HijackThis will create backups and they will be spread all over your desktop. Can you please create a folder for the program....call it Hijack (or something similar)its ok to leave the folder on the desktop for now.Download a fresh copy of HijackThis as yours is out of date...... Then extract into the folder you have created and run it from there. When you have done that,delete the previous copy of HijackThis that you have on your desktop.

Then post a new HijackThis log to check what is left.


And when this is all clean...
Consider installing the following:

SpywareBlaster v 3.0 and SpywareGuard v2.2, to prevent Active-X drive-by installations, as well as provide real-time browser hijacking protection: http://www.wilderssecurity.net/index.html

IE-SPYAD, a registry file that adds a long list of known "sites" to the Restricted Sites of your Internet Explorer: https://netfiles.uiuc.edu/ehowes/www/resource.htm
You should check regularly for updates on all these programs

Mozilla FireFox,much safer,faster and lighter browser than IE.
http://www.mozilla.org/products/firefox/
============================================


meka333's Avatar
meka333 meka333 is offline
Junior Member with 2 posts.
THREAD STARTER
 
Join Date: Dec 2004
Experience: Intermediate
02-Dec-2004, 07:55 PM #3
Thank you for all of your help. Your suggestions cleared everything up. There wasn't a need to post another hijackthis log since there isn't anything in it that isn't a valid entry. Thanks again for all of your advice.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2