|
|
||
02-17-2006, 06:15 PM
|
#1 (permalink) |
|
New Member
 Join Date: Feb 2006
Location: canada
Posts: 17
|
PLEASE HELP /normal/yyy65.html popup virus
I have this very annoying popup virus i dont know where i have gotten it from ive had it for a few months now adn cannot take it any more, they come every minute that im on the internet. the popups are all like the one below with /normal/yyy65.htm at the end of them
http://www.hug-ediscounts.com/normal/yyy65.html http://www.ecommerc-e.com/normal/yyy65.html http://www.health-yshopping.com/normal/yyy65.html also this one http://www.redzip.com/index.php?tpid...mputer%20forum ttp://www212.paypopup.com/networks/budsinc2.php?rurl=http%3A%2F%2Fpopunder.paypopup.c om%2Fprogress.php%3Fsn%3D861140196633%26serverfile %3Dpopdirect%26siteid%3DBundleWare%26subid%3D23782 %26data%3DrSe_2%25D1%25CF%25CD%25C9%25CD%25D1%25CF %25D7%25D1%25D1%25C1%252Bg%255E%255DcY%25DD%25E0%2 52B%2524%257C%2521%25FE%25F8%257B-%257C%25C1q_ZcY%25DD%25D0%25CC%25D0%25D4%25CA%25BF %252B4%25E1%2527-l%255Ejs2%25E3%25DF%25BF%25FB%252B%2524%2522%257E% 2529%2522-%25FCeO5_c%25CD0%2529%25C5%257D%2523%25D4%252F%25D B%25CE%25C9%25D0%2524Wq%253D%255E14%25D6%25E9%257D %2529%25FE0%257C%252A%252A%2527sQ%2560%2B%255E-%25DB%25CB%25CD%25CA%25CA%25CC%25D6%25CC%25CF%25CF %25D3%252C%257B%252B3%26adsid%3D4%26adsname%3Dbuds inc_prepopped and their are a few other random ones here is my hijack this. Please help if you can. Logfile of HijackThis v1.99.1 Scan saved at 12:09:37 PM, on 17/02/2006 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Spyware Doctor\sndoctor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\My Documents\music\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINNT\system32\sfg.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan O4 - HKCU\..\Run: [mzri] C:\PROGRA~1\COMMON~1\mzri\mzrim.exe O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINNT\system32\sfg.dll" O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/...er/Install.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138245125758 O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe THank you Last edited by markcresswell; 02-17-2006 at 06:18 PM. |
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Threaded Mode