|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
highlighting adware
Text on web pages (spyware, adware, credit, discover, etc.) is highlighted this color (the text is still black, but the background behind those words is that peach color) and made into links to advertisers. It's not eZula. Here's my Hijack log: Please help! Thanks
StartupList report, 9/14/2004, 10:24:57 AM StartupList version: 1.52.2 Started from : C:\Documents and Settings\Owner\Desktop\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\essspk.exe C:\WINDOWS\System32\S3tray2.exe C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\HPONE-~1\OneTouch.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\WinMX\WinMX.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\System32\HPConfig.exe C:\WINDOWS\system32\RadioSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run EssSpkPhone = essspk.exe S3TRAY2 = S3tray2.exe HP Display Settings = C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe CP4HPOT = C:\PROGRA~1\HPONE-~1\OneTouch.EXE hpsysdrv = c:\windows\system\hpsysdrv.exe HP Presentation Ready = C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r MoneyStartUp10.0 = "c:\Program Files\Microsoft Money\System\Activation.exe" WorksFUD = c:\Program Files\Microsoft Works\wkfud.exe Microsoft Works Portfolio = c:\Program Files\Microsoft Works\WksSb.exe /AllUsers HPLaptopGamesActiveMenu = C:\Program Files\WildTangent\ActiveMenu\HPLaptop\Games\Active Menu.exe QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR Msoffice = C:\WINDOWS\Fonts\msoffice.hta PopUpStopperFreeEdition = "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" WinMX = C:\Program Files\WinMX\WinMX.exe -m -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - (no file) - SOFTWARE (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0. dll - {02478D38-C3F9-4efb-9B51-7695ECA05670} (no name) - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\WINDOWS\Efwghuph.dll - {0AA7AE44-243A-C947-6CDD-5B3273C66BC6} ohb - C:\WINDOWS\System32\winb2s32.dll - {4D568F0F-8AC9-40AB-88B7-415134C78777} -------------------------------------------------- Enumerating Download Program Files: [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab [Update Class] InProcServer32 = C:\WINDOWS\System32\iuctl.dll CODEBASE = http://v4.windowsupdate.microsoft.co...120.5972800926 [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 5,985 bytes Report generated in 0.110 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only |
#2
|
||||
|
||||
Please go here for the most recent version of HJT:
http://allsecpros.com/ or http://www.majorgeeks.com/download3155.html |
#3
|
|||
|
|||
Hjt
That's the version of HJT that I used. (1.98.2)
|
#4
|
||||
|
||||
You used 1.52.2, look at the top of your log.
|
#5
|
|||
|
|||
I posted the startup list, not the log. I've since figured out that it was begin2search. Let me know if there are any other problems, or if I haven't taken it out all of the way. Thanks! here it is:
Logfile of HijackThis v1.98.2 Scan saved at 11:52:56 AM, on 9/14/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\essspk.exe C:\WINDOWS\System32\S3tray2.exe C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\HPONE-~1\OneTouch.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\WinMX\WinMX.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\System32\HPConfig.exe C:\WINDOWS\system32\RadioSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe C:\Program Files\Common Files\Adobe\Web\AOM.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0. dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0AA7AE44-243A-C947-6CDD-5B3273C66BC6} - C:\WINDOWS\Efwghuph.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HPLaptopGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HPLaptop\Games\Active Menu.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [Msoffice] C:\WINDOWS\Fonts\msoffice.hta O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/e-center O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/game.../y/fltt2_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt1_x.cab O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/game...ts/y/wt0_x.cab |
#6
|
||||
|
||||
Go here and download Spybot Search&Destroy:
http://www.safer-networking.org/inde...&page=download Check for updates before running the program. A tutorial can be found under help. You can safely delete what it finds. Do likewise with Adaware SE that can be found here: http://lavasoft.element5.com/software/adaware/ |
#7
|
|||
|
|||
I have both and have run both (BTW, neither gets rid of begin2search)
josh |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
SharePoint Onedrive Highlighting | CyberTrek | Applications | 0 | August 31st, 2022 05:58 PM |
Explorer Lags When Highlighting AVI's | dalton831 | Windows XP | 2 | May 7th, 2006 07:51 AM |
Disabling Firefox's auto-highlighting | BuzWeaver | Internet / Browsers | 0 | October 29th, 2005 10:36 PM |
prevent highlighting text | RichardJones | Web Development & Graphic Design | 9 | April 5th, 2003 08:23 PM |
All times are GMT +1. The time now is 07:40 AM.