*.frame.crazywinnings.com in trusted sites

I've been through the sticky thread on how to remove spyware, and I followed it step by step. I did this and I still have one thing that is driving me nuts although it has cleared up most of the popups and other problems I was seeing.

When I go to the "trusted sites" in IE's security section it has an entry for:

*.frame.crazywinnings.com

When I remove this entry, it returns the next time I check for it. Also, I've removed this via hijackthis and when I scan again it is there again.

This guy:

http://forums.majorgeeks.com/showthread.php?t=64503

had the same thing I believe, but with my problem I can't seem to find a process that is causing the problem, and I've been working on this for about 8 hours now. Can anyone provide a hint? I know we're not supposed to attach a hijackthis log until asked, so I uploaded here:

http://www.projectrun.com/hijackthislog1.txt

This is my sister's XP home machine, and it appeared to be pretty infected. I've got firefox installed on it now and it seems OK, but I'd like to know for sure what this last thing is, as it seems like more spyware. I've tried everything I know how.

Thanks in advance,
Jason

 

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!


After you complete the above, reboot and post a fresh HJT log as an attachment to your post.

 

Wow, I didn't think it could be something that simple. I've attached the log, and the symptoms have gone away.

I did one last thing (after the updated Hijackthis log), since she has SBC Yahoo DSL, they just started advertising an anti-spyware and anti-virus package, I installed that. It said it found and removed Win32.startpage.FZ. It hasn't found anything again upon reboot and scan.

At this point I'm going to try to convince my sister to use Firefox instead of IE. I've tightened down IE so that almost nothing runs.

Jason

 

Scan with HijackThis and Check the Boxes for the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll (file missing)

O4 - HKCU\..\Run: [Yahoo! Pager] 1

Make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After you complete all of the above REBOOT, Scan with HijackThis and attach the new log.