Crazywinnings

**jimbo** · 08-01-2005

Hi,

I recently performed the operations to eliminate search extender - my thanks to this forum, because the problem is taken care of. However, I just ran adaware and spybot, but am unable to get rid of the crazywinnings entries that show up on my hijack this log file (below).

Any help would be appreciated.

Jimbo

Logfile of HijackThis v1.99.0
Scan saved at 12:28:54 PM, on 1/8/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hidserv.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Program Files\TimeCalendarLE\TCLE.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500 NT\Bin\HPOstr05.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500 NT\bin\HPOVDX05.EXE
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKCU\..\Run: [TimeCalendar] "C:\Program Files\TimeCalendarLE\TCLE.exe" auto
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500 NT\Bin\HPOstr05.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/game...ts/y/ut2_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdcc...d/tgctlins.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O19 - User stylesheet: (file missing)
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

**owen** · 08-01-2005

Please download the attached DelDomains.zip. Unzip it and right click the file DelDomains.inf and from the drop down menu, click Install. It will perform a silent process.

Warning: This will delete all sites in the IE Trusted and Restricted Zones! If you have made immunizations with software such as SpywareBlaster and Spybot, you will need to perform them again after this procedure.

**jimbo** · 09-01-2005

Thanks Owen!

**owen** · 09-01-2005

Did it work?

**jimbo** · 10-01-2005

Yes,

It worked and was a very easy fix.

Thanks again!
Jimbo

**owen** · 12-01-2005

Glad to hear it!