Home > Hijacked By > Hijacked By ZestyFind And Yyy2.html - Please Help

Hijacked By ZestyFind And Yyy2.html - Please Help

Run a scan and save the log file. how can i delete that one? Click “Scan”. One is a 'bin' file, a 'dll' file and I don't remember the other one right now, because it was replaced by the 'exe' program this time') PureFordKind is also found http://splodgy.org/hijacked-by/hijacked-by-res-mshp-dll-index-html-37049.php

Read more Answer:zestyfind 9 more replies Relevance 45.92% Question: Zestyfind! =( Help! This forces me to restart which sometimes I have to do it completey manually as rundll32 will not end and Windows will not shutdown. I posted a few days ago with some problems, did the fixes, etc. Click on “Save Log” and save it to NotePad.

If someone wants to help with this it would surebe apprecited.~Zenbyte~ Logfile of HijackThis v1.97.7Scan saved at 10:59:14 PM, on 12/16/03Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running But is there a higher authority position in the Windows setup? Internet Explorer warns you in the notification area of your browser if an add-on is slowing down your computer. By looking at the history file, I saw that it was the dreaded redirects from http://69.20.62.53/yyy2.html.

Please Help, my pc was hit with a bunch of highjackers and other PITA stuff.It started with the whole screen turning blue with the "Your computer is infected..." wall paper that Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! I have Windows set up so that it shows all files. Have run ad-aware, spybot, and cwshredder, but none have located the problem.

This stuff is making me crazy. Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exeO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - hey there just joined this forum cos i need help fixing my comp which i think is quite plagued with some unwelcomed visitors. http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/6134635 Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1us.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cabO16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cabO16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cabO16 -

after googling the problem, i realized that loadsa people been having the same problem. What would cause this? Here is the log.I might mention I'm using Windows XP, SBCYahoo Broadband with 2Wire Gateway, Windows Firewall, 2Wire Firewall, McAfee Firewall.Thanks in advanceKentLogfile of HijackThis v1.97.7Scan saved at 8:16:35 AM, on Any new news on this awful adware?!?

Lawrence AbramsFollow us on Twitter!Follow us on FacebookCircle BleepingComputer on Google+!How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!Simple and easy ways to keep your The c:\windows\system32\hivid.exe program was not in the directory. Thanks for help. I really need help with this as it is an extreme annoyance having to restart every 1/2 hour because of this rundll32.exe If more info is required plz ask Answer:rundll32.exe &

Also, I have pasted screen shots from my Process menu and HIJack This. http://splodgy.org/hijacked-by/hijacked-by-http-mysearchnow-com-passthrough-index-html-http-www-google-com.php Read more Answer:zestyfind.com Its not showing up now so you can try deleting that entry from safe mode. After jumping through all VX2Finders hoops it appears the problem has been solved.However would someone look at my HIJack this log (startup list included) and see if anything is lingering.thanksPaulLogfile of Wow you're having a REALLY infected PC there.

Log in or Sign up Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Computer problem? i have checked my registry and found the entry with the url in it. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

this content Microsoft Security Journal Back to top #10 kentj kentj Topic Starter Members 5 posts OFFLINE Local time:05:31 PM Posted 14 April 2004 - 04:33 PM sorry it took me so

Logfile of HijackThis v1.97.7Scan saved at 8:24:38 PM, on 2/16/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\System32\svchost.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\system32\Ati2evxx.exeC:\PROG... Any thoughts? This will prevent reinfection from wherever you got it.Run a new HJT scan and post it here.

Show Ignored Content As Seen On Welcome to Tech Support Guy!

If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. Browser, http://66.33.0.35/spyblocs/adv/bm/bmpop.html or some other redirects take over. Get password guidance Create stronger passwordsHelp protect your passwordsReset your Microsoft account passwordProtect my information Guard your privacy on the Internet Manage your online reputationLearn about location servicesAvoid scams and hoaxes Using Adware, Spybot, CW shredder (all latest verisons) failed to completely remove the damn thing.

I looked up the IP a few weeks ago and it is a hosting company. Everytime I erase them they come back with the next boot-up. You have 60 seconds time.) Please download LSP-Fix from the following link and save it to a location you can find later if necessary.LSP-Fix Download LinkTo remove New.net. http://splodgy.org/hijacked-by/hijacked-by-http-searchweb2-com-passthrough-index-html-http-www-yahoo-com.php If you have Windows 8 installed, antivirus software is included with the operating system.