Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old September 14th, 2004, 03:25 PM
jegates jegates is offline
New Member
 
Join Date: Sep 2004
Posts: 4
highlighting adware

Text on web pages (spyware, adware, credit, discover, etc.) is highlighted this color (the text is still black, but the background behind those words is that peach color) and made into links to advertisers. It's not eZula. Here's my Hijack log: Please help! Thanks

StartupList report, 9/14/2004, 10:24:57 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Owner\Desktop\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
EssSpkPhone = essspk.exe
S3TRAY2 = S3tray2.exe
HP Display Settings = C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
CP4HPOT = C:\PROGRA~1\HPONE-~1\OneTouch.EXE
hpsysdrv = c:\windows\system\hpsysdrv.exe
HP Presentation Ready = C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
MoneyStartUp10.0 = "c:\Program Files\Microsoft Money\System\Activation.exe"
WorksFUD = c:\Program Files\Microsoft Works\wkfud.exe
Microsoft Works Portfolio = c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
HPLaptopGamesActiveMenu = C:\Program Files\WildTangent\ActiveMenu\HPLaptop\Games\Active Menu.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
Msoffice = C:\WINDOWS\Fonts\msoffice.hta
PopUpStopperFreeEdition = "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
WinMX = C:\Program Files\WinMX\WinMX.exe -m
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------

Enumerating Browser Helper Objects:
(no name) - (no file) - SOFTWARE
(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0. dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\Efwghuph.dll - {0AA7AE44-243A-C947-6CDD-5B3273C66BC6}
ohb - C:\WINDOWS\System32\winb2s32.dll - {4D568F0F-8AC9-40AB-88B7-415134C78777}
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab
[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.co...120.5972800926
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 5,985 bytes
Report generated in 0.110 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Reply With Quote
  #2  
Old September 14th, 2004, 03:33 PM
TJolly's Avatar
TJolly TJolly is offline
CTH Subscriber
 
Join Date: Jul 2003
O/S: Windows 7 64-bit
Location: In the uk
Age: 73
Posts: 2,790
Please go here for the most recent version of HJT:

http://allsecpros.com/

or

http://www.majorgeeks.com/download3155.html
Reply With Quote
  #3  
Old September 14th, 2004, 04:01 PM
jegates jegates is offline
New Member
 
Join Date: Sep 2004
Posts: 4
Hjt

That's the version of HJT that I used. (1.98.2)
Reply With Quote
  #4  
Old September 14th, 2004, 04:08 PM
TJolly's Avatar
TJolly TJolly is offline
CTH Subscriber
 
Join Date: Jul 2003
O/S: Windows 7 64-bit
Location: In the uk
Age: 73
Posts: 2,790
You used 1.52.2, look at the top of your log.
Reply With Quote
  #5  
Old September 14th, 2004, 04:55 PM
jegates jegates is offline
New Member
 
Join Date: Sep 2004
Posts: 4
I posted the startup list, not the log. I've since figured out that it was begin2search. Let me know if there are any other problems, or if I haven't taken it out all of the way. Thanks! here it is:

Logfile of HijackThis v1.98.2
Scan saved at 11:52:56 AM, on 9/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe\Web\AOM.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0. dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0AA7AE44-243A-C947-6CDD-5B3273C66BC6} - C:\WINDOWS\Efwghuph.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HPLaptopGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HPLaptop\Games\Active Menu.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Msoffice] C:\WINDOWS\Fonts\msoffice.hta
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/e-center
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/game.../y/fltt2_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt1_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/game...ts/y/wt0_x.cab
Reply With Quote
  #6  
Old September 14th, 2004, 04:58 PM
TJolly's Avatar
TJolly TJolly is offline
CTH Subscriber
 
Join Date: Jul 2003
O/S: Windows 7 64-bit
Location: In the uk
Age: 73
Posts: 2,790
Go here and download Spybot Search&Destroy:
http://www.safer-networking.org/inde...&page=download

Check for updates before running the program. A tutorial can be found under help. You can safely delete what it finds.

Do likewise with Adaware SE that can be found here:
http://lavasoft.element5.com/software/adaware/
Reply With Quote
  #7  
Old September 14th, 2004, 06:10 PM
jegates jegates is offline
New Member
 
Join Date: Sep 2004
Posts: 4
I have both and have run both (BTW, neither gets rid of begin2search)

josh
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
SharePoint Onedrive Highlighting CyberTrek Applications 0 August 31st, 2022 05:58 PM
Explorer Lags When Highlighting AVI's dalton831 Windows XP 2 May 7th, 2006 07:51 AM
Disabling Firefox's auto-highlighting BuzWeaver Internet / Browsers 0 October 29th, 2005 10:36 PM
prevent highlighting text RichardJones Web Development & Graphic Design 9 April 5th, 2003 08:23 PM


All times are GMT +1. The time now is 07:40 AM.