yyy65 removal

[Froston]

I am running Windows XP Professional and I have Ad-Aware SE Personal, Trojan Remover and Norton AntiVirus 2005 and none of these have fixed my problem. Ad windows are constantly popping up out of no where. I primarily use FireFox 1.5.

I will post my HijackThis script and I hope that someone can help me. This would really mean alot, thank you!

 

[swker98]

hello Froston


Go here
then here
and lastly here


Get Avg free and Zone alarm free, get rid of that norton bloatware

go to safemode and

fix the fowling
O23 - Service Service Hosts (ServiceHost) - Unknown owner - CWINDOWSshost.exe (file missing)

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = httpsearchbar.findthewebsiteyouneed.com

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = httpsearchbar.findthewebsiteyouneed.com

R3 - URLSearchHook (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

O3 - Toolbar Search - {FA3804CA-A64A-3E74-D2E7-9F3A962C4873} - CWINDOWSSgtbedwr.dll (file missing)

IF YOU DONT RECOGINNIZE THE FOWLING FIX THEM

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = CWINDOWSSYSTEMblank.htm

F2 - REGsystem.ini UserInit=CWINDOWSsystem32userinit.exe,CWINDOWSSYSTEMUserinit.exe

O16 - DPF Win32 Classes -

O16 - DPF {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - httpsscan.safety.live.comresourcedownloadscanneren-uswlscbase3401.cab

O17 - HKLMSystemCCSServicesTcpip..{DBFFC7BD-607E-4D31-A677-EDFDB01E88BB} NameServer = 198.235.216.110 206.47.244.52

O20 - Winlogon Notify Dynamic Directory - CWINDOWSsystem32o2nslc571f.dll (file missing)





Your 01 and 04 logs seme out of place, after fixing those i posted, post an updated HJT log from safemode

 

[Froston]

From the first three links you told me to go to at the start I got ewido anti malware, ccleaner and xcleaner. I was still getting ads after that so I continued on and installed AVG and ZoneAlarm. I am still getting ads.
I ran HJT in safemode and fixed those files and saved a log. I wasn't able to connect to the internet in safemode so I had to come on normal mode to post this.
I could post the log from my very first scan with ewido if you like. You might find it useful, or you might not.

 

[swker98]

Boot in safemode, disable system restore and

Fix the fowling

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dXNlcg\command.exe

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe


If you dont use the fowling
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban5.exe

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\jtp8077ue.dll

fix and delete them

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your problem is caused by this entry. O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\jtp8077ue.dll


Try this.

Download the trial version of Spy Sweeper from HERE

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Make sure you are disconnected from the internet.

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

When prompted, allow Spy Sweeper to restart your computer.

When done, please post a fresh HJT log.

Regards Howard :wave: :wave: