http://1-2-3-4-5-6-7-8-9-8-7-6-5-4-3-2-1.sexocean.biz/bonus.htm

Every time I click on a link I am forwarded to the following page; http://1-2-3-4-5-6-7-8-9-8-7-6-5-4-3-2-1.sexocean.biz/bonus.htm. It is driving me crazy. I have adware and stopzilla on my computer along with norton. I have read seveal threads and download and run startchmfiz and host file reader

result form startchmfix
The bad files found are:



Here is the log page from Hijackthis.
Logfile of HijackThis v1.97.7
Scan saved at 1:39:31 PM, on 4/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\services\winlogon.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\David Kassoff\Application Data\acao.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David Kassoff\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=C:\WINDOWS\System32\services\winlogon.exe
O1 - Hosts: Usage Information:
O1 - Hosts: Save Changes - Save any changes you make to hosts file
O1 - Hosts: Reset Default - Will Replace any existing Hosts with a Windows Default one, original file doesn't have to exist
O1 - Hosts: Save Log - Will Save the Hosts as a Text file, Good for Posting
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Enable and Disable - Will Swap Hosts Files On the Fly for those that want to use Hosts, and Temporarily Disable it.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: Scan for Hosts - Will Search your Windows Drive for Hosts Files, useful if Hosts is in wrong location or installed to Alternate location by Trojan.
O1 - Hosts: Delete - Does exactly that, Delete and Hosts File Selected in the Listbox.
O1 - Hosts: _________________________________________________________________
O1 - Hosts: By Option^Explicit, techcd@shaw.ca
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\System32\services\2.01.00.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\CONFLICT.19\bridge.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\winlogon.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\CONFLICT.19\bridge.dll",Load
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\winlogon.exe
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

 

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F1 - win.ini: run=C:\WINDOWS\System32\services\winlogon.exe

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\System32\services\2.01.00.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\CONFLICT.19\bridge.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\winlogon.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\CONFLICT.19\bridge.dll",Load
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\winlogon.exe

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

Reboot, and delete

files
C:\WINDOWS\System32\services\winlogon.exe

folders
C:\WINDOWS\Downloaded Program Files\CONFLICT.19

These may be hidden files. See HERE for how to show hidden files.

 

I have done what you suggested. Which was having Hijackthis fix all items in log report. However, my systems does not have the following files to delete. And yes I do have exploreer set to display hidden files.

files
C:\WINDOWS\System32\services\winlogon.exe

folders
C:\WINDOWS\Downloaded Program Files\CONFLICT.19

I am still having problems. When I click on something I am forwarded to the link in the subjet line.

Please let me know what else I can do?

 

Download and run CWShredder
Use the Fix button and follow the instructions provided by the program.

Then reboot and post a new HijackThis log.

Regards,

Pieter