I Know its only a matter of time

[howard_hopkinso]

See HERE for info on Webshots.

See HERE for info on Paltalk.

They are both responsible for placing adware on your system.

Decide if you really want them on your system.

Regards Howard

This thread is for the use of RestlessBeauty only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[RestlessBeauty]

Ok ran the Panda Total Scan

Seems lots of the stuff was still in my old files on the F: drive and is now gone.. its this naupoint that gets to me first. Is it a viable file for Verizon?

I have attached the file I ran...

RB

 

[howard_hopkinso]

From what I can gather that is indeed adware.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\DOWNLOADED PROGRAM FILES\VZBB.DLL

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard

This thread is for the use of RestlessBeauty only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[RestlessBeauty]

Done

still getting this on my browser though..

http://my.systemsecure.org/

but have hopes for finding what is hijacking it..

the hjt log is attached


thanks for all youve done.. i know its hard when people speak two different languages..

rB

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Ad-Aware 2007 Service (aawservice)Disable the servicename and or the name in brackets.

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

aawservice.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)

O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)

O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe

O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\Program Files\WinZip\WZQKPICK.EXE

O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab

O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) - http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab

O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe

O24 - Desktop Component 0: (no name) - http://img.photobucket.com/albums/v702/shellbaby13666/kissmegoodbye9fo.jpg

Click on the fix checked button.

Close HJT and reboot your system.

Now try setting your homepage to wherever you want.

Regards Howard

This thread is for the use of RestlessBeauty only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[RestlessBeauty]

I will do this

But I have been reading up on all these hijack browsers that Ive been showing and I finally read one that made some kind of desperate sense..

A guy was helping a girl in college who had the same exact hijack browers addys as i did.. he had done all the scans you recommended with no success.. what he finally did was change her homepage to google.com and no more probs..

I went to see the addy in mine and it said Downloads ..sooo why not try what he did.. I reset it to google and then closed down.. reopend and it goes to google every time..

I dont know who made this gem.. but if they ever find out.. i want first dibs on em..

ok gonna go do what ya said.. God bless..

RB