Home > Hijacked By > Hijacked By ZestyFind And Yyy2.html - Please Help

Hijacked By ZestyFind And Yyy2.html - Please Help

Back to top #5 kentj kentj Topic Starter Members 5 posts OFFLINE Local time:05:31 PM Posted 09 April 2004 - 03:58 PM That worked to delete the file. They are killing me on this machine. Run a scan and save the log file. Thanks for your consideration. navigate here

Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

I can't make it go. If you need more help with virus-related issues, go to Microsoft Support. Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exeO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - https://forums.techguy.org/threads/hijacked-by-zestyfind-and-yyy2-html-please-help.223899/

Lawrence AbramsFollow us on Twitter!Follow us on FacebookCircle BleepingComputer on Google+!How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!Simple and easy ways to keep your Login (HKLM)O9 - Extra button: Messenger (HKLM)O9 - Extra 'Tools' menuitem: Yahoo! Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Fix these:R3 - Default URLSearchHook is missingO4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exeO4 - HKCU\..\Run: [Hvid] c:\windows\system32\hvid.exeO16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cabO16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://www.download-url.de/install/StarInstall.ocxO16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cabWhen you

It's hidden itself well i think. This is the same item I've had on here for a while. Read about the signs in What is browser hijacking?If you are already a victim of a hijacked browser, the following instructions can help you free your browser from the hackers, restore Read more Answer:Love/hate realationship with XP - Zestyfind $%#$%!!! 16 more replies Relevance 44.69% Question: Zestyfind and bfast are making me nuts!

every so often an IE window "button" opens in the taskbar and says "loading" and then disappears. If someone wants to help with this it would surebe apprecited.~Zenbyte~ Logfile of HijackThis v1.97.7Scan saved at 10:59:14 PM, on 12/16/03Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running VX2? Login (HKLM)O9 - Extra 'Tools' menuitem: Yahoo!

I have done so, and it is posted below. Logfile of HijackThis v1.99.1Scan saved at 11:10:06 AM, on 4/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Intel\Intel Application Accelerator\iaantmon.exec:\program files\mcafee.com\agent\mcdetec... Put a check next to these then close all browser windows and click "fix checked"R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = Download Combofix to your desktop:Double-click combofix.exe & follow the prompts.When finished, it shall produce a log for you.

I really need help with this as it is an extreme annoyance having to restart every 1/2 hour because of this rundll32.exe If more info is required plz ask Answer:rundll32.exe & http://threadposts.org/question/1297802/Hijacked-by-ZestyFind-and-yyy2-html-Please-help.html Help please. I tried deleting the three URLSearchHooks and they wouldn't go away, so I went into the registry and manually deleted them. And when I first got XP, I was really impressed with the start up speed!

Read more Answer:zestyfind 9 more replies Relevance 45.92% Question: Zestyfind! =( Help! check over here I can't get rid of them! Argh. Do not fix anything since most of them listed there are harmless (some are system required).

If you have Windows 8 installed, antivirus software is included with the operating system. I only have a few items that start up like mcaffee. I complained about to abuse and received word that all I have to do is go to zestyfinds home page and ask to have it removed, which of course didn't work.Any his comment is here I'm still having problems.

I'm about as far from an expert as it is possible to get but have tried to follow the instructions from a couple of threads and have managed to use hi Welcome aboard.. I have heard that this is inbedded in my machine can anyone help me get rid of this mess.

Wow you're having a REALLY infected PC there.

Lawrence AbramsFollow us on Twitter!Follow us on FacebookCircle BleepingComputer on Google+!How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!Simple and easy ways to keep your Download and run Symantec's removal tool.Then go to the windows Update site and install ALL the latest Critical Updates. Could this [non-erasing] problem be caused by administrative issues? The c:\windows\system32\hivid.exe program was not in the directory.

Wait for someone to analyze the log and advise. 3 more replies Relevance 44.69% Question: Highjacked Ie Browser... Thanks Kentj Back to top #4 Grinler Grinler Lawrence Abrams Admin 42,781 posts ONLINE Gender:Male Location:USA Local time:05:31 PM Posted 09 April 2004 - 02:40 PM Lets try this. Look2Me? http://pcialliance.org/hijacked-by/hijacked-by-http-searchweb2-com-passthrough-index-html-http-www-yahoo-com.html Hello and welcome!

winlogon.exe is using 99% of available memory after just a few minutes after startup and essentially the computer is unusable.Here is the latest log from hijackthis Any ideas?Logfile of HijackThis v1.97.7Scan Here's the V2x log, the 'Hijack this' log, the 'Process Finder' results, the 'DumpRight' needed info, and the 'Privilege' info you might need. I posted a few days ago with some problems, did the fixes, etc. Lawrence AbramsFollow us on Twitter!Follow us on FacebookCircle BleepingComputer on Google+!How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!Simple and easy ways to keep your

Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1us.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cabO16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cabO16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cabO16 - Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exeO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - Login (HKLM)O9 - Extra 'Tools' menuitem: Yahoo! If you keep your computer updated with the latest security software updates and practice safe Internet browsing, you're already doing a lot to help keep the hijackers away.Don’t know if your

Back to top #7 kentj kentj Topic Starter Members 5 posts OFFLINE Local time:05:31 PM Posted 09 April 2004 - 05:15 PM No, none of those files show up in Read more Answer:[Solved] ZestyFind? my computer seems clean after i run hijackthis and adaware6 and search'n'destroy... When the scan is finished (it only takes a second), the scan button will change to “Save Log”.

how can i delete that one? Finally, after googling, found VX2Finder.exe. Back to top #12 Scarlett Scarlett Bleeping Diva Members 7,479 posts OFFLINE Gender:Female Location:As always I'm beside myself ;) Local time:05:31 PM Posted 26 March 2006 - 05:13 PM Due What is this?

Logfile of HijackThis v1.97.7Scan saved at 8:24:38 PM, on 2/16/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\System32\svchost.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\system32\Ati2evxx.exeC:\PROG... Open Windows Explorer & Go to Tools > Folder Options. Wonder if you guys can help?