Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help, cannot remove popup 'yyy102.html'

Started by boyt , Dec 14 2005 10:25 AM

  • Please log in to reply

#1
boyt
Posted 14 December 2005 - 10:25 AM

boyt

    New Member

  • Member
  • Pip
  • 5 posts
Hi there! I hope someone can help me also. :tazz:

I got this annoying popups which usually has the 'yyy102.html' address. I have tried the different spyware removal tools mentioned in the Geeks to Go guide, however, it still was not removed or fixed.

Attached below is the HiJackThis log and also the Ewido scan log.

Appreciate anybody who could help me on this! Thanks!


HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:56:28 PM, on 12/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\O2Micro\AudioDJ\o2cd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
E:\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\DWNLD\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://red.clientapp...//www.yahoo.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1

\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [o2cd] C:\Program Files\O2Micro\AudioDJ\o2cd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton

Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe"

/GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0

\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqthb08.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG

CreataCard\AGremind.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!

\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!

\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!

\Common/ycmap.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

e:\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - e:\Microsoft

ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-

00C04FAE2D4F} - e:\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://www.snapfish....fishActivia.cab
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\l44qleh51h4.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\dn0s01d7e.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security

suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Visual IP InSight Client (CitiGroup-WWDS) (InverseLaunchIPI_CitiGroup:WWDS) -

Unknown owner - C:\Program Files\WorldWide Dial Service\WWDS\InSight\LaunchIPI.exe (file

missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton

Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation -

C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation -

C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1

\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1

\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe



Ewido scan log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:08:48 AM, 12/14/2005
+ Report-Checksum: 7F1D8C51

+ Scan result:

[280] C:\WINDOWS\system32\wudmlog.dll -> Spyware.Look2Me : Error during cleaning
[2128] C:\WINDOWS\system32\wudmlog.dll -> Spyware.Look2Me : Error during cleaning
C:\drsmartload1.exe -> Spyware.SmartLoad : Cleaned with backup
C:\WINDOWS\system32\r28slcl71fq.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\o2660cjsefo60.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fpls0337e.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\Cookies\the [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\the boss@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\installer.exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\The Boss\Local Settings\Temp\Cookies\the [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\The Boss\Local Settings\Temp\Cookies\the [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\The Boss\Local Settings\Temp\Cookies\the boss@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\The Boss\Local Settings\Temp\Cookies\the [email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\The Boss\Local Settings\Temporary Internet Files\Content.IE5\0LU3O5Q7\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\The Boss\Local Settings\Temporary Internet Files\Content.IE5\OT2VSP2J\installer[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\The Boss\Local Settings\Temporary Internet Files\Content.IE5\OT2VSP2J\timessquare[1].exe -> Hijacker.StartPage.aw : Cleaned with backup
C:\Documents and Settings\The Boss\Local Settings\Temporary Internet Files\Content.IE5\0PIFMRGT\drsmartload[1].exe -> Spyware.SmartLoad : Cleaned with backup
C:\Documents and Settings\The Boss\Local Settings\Temporary Internet Files\Content.IE5\TGTHRHPZ\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\The Boss\Local Settings\Temporary Internet Files\Content.IE5\TGTHRHPZ\drsmartload185a[1].exe -> Downloader.VB.qr : Cleaned with backup
C:\Documents and Settings\The Boss\Cookies\the [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\mte3ndi6odoxng.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP7\A0000436.exe -> Worm.Sober.y : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP7\A0000437.exe -> Worm.Sober.y : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP7\A0000438.exe -> Worm.Sober.y : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP7\A0000439.EXE -> Worm.Sober.y : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP8\A0000496.exe -> Downloader.VB.qr : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP8\A0000498.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP8\A0000500.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP8\A0000501.exe -> Trojan.VB.afn : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP8\A0000502.exe -> Hijacker.StartPage.aw : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP8\A0000525.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP8\A0000538.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP8\A0000539.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP8\A0000557.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP9\A0000562.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP9\A0000563.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP9\A0000566.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP9\A0000567.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP9\A0000579.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP9\A0000580.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP9\A0000581.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP9\A0000582.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP9\A0000583.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP10\A0000616.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP10\A0000619.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP10\A0000620.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP10\A0000621.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP11\A0000628.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP11\A0000632.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP12\A0000642.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{CFD8FAC4-FD80-49D0-9E14-916F297B285A}\RP12\A0000645.dll -> Spyware.Look2Me : Cleaned with backup
D:\DWNLD\john-16w\john-16\run\john-k6.zip/john.exe -> Not-A-Virus.HackTool.John : Cleaned with backup
D:\DWNLD\john-16w\john-16\run\john-mmx.zip/john.exe -> Not-A-Virus.HackTool.John : Cleaned with backup
D:\DWNLD\john-16w\john-16\run\john.exe -> Not-A-Virus.HackTool.John : Cleaned with backup
D:\DWNLD\john-16w.zip/john-16/run/john.exe -> Not-A-Virus.HackTool.John : Cleaned with backup
D:\DWNLD\john-16w.zip/john-16/run/john-k6.zip/john.exe -> Not-A-Virus.HackTool.John : Cleaned with backup
D:\DWNLD\john-16w.zip/john-16/run/john-mmx.zip/john.exe -> Not-A-Virus.HackTool.John : Cleaned with backup


::Report End
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP