vjgkam

A few days ago, something odd began to happen when I view any web page.

Small words, such as: a, and, the, be, etc... starting appearing on web pages as a link. The text color is different, and when I move my cursor over the word it appears to want to link me to Yahoo.

If I left click and go to properties, here is what I see:

The tab is marked "general" with the words www.yahoo.com at the top

Underneath that is says:

Protocol: Hyper Text Transfer Protocal
Type: CDM/File
Address: http://www.yahoo.com/
(URL)

Whenever I open a web page, it looks normal for a few seconds and then smaller words start to appear as the link.

PLEASE, can anyone help???

Buzz1927

Post a Hijackthis log.
Hijackthis Logs

__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!

vjgkam

Here's the log file...I never had Hijackthis before andjust downloaded it.
Thanks!


Logfile of HijackThis v1.99.1
Scan saved at 10:04:55 AM, on 6/8/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\ibmpmsvc.exe
C:\winnt\system32\Ati2evxx.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\winnt\system32\CTSvcCDA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\winnt\system32\Ati2evxx.exe
C:\winnt\Explorer.EXE
C:\winnt\system32\tp4mon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\winnt\AGRSMMSG.exe
C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
C:\winnt\system32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\winnt\system32\regsvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\winnt\system32\MSTask.exe
C:\Program Files\Error Nuker\bin\ErrorNuker.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\winnt\system32\stisvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.0\CM_camera.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\Program Files\j2 Messenger 4.0\J2GDllCmd.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\Program Files\j2 Messenger 4.0\J2GTray.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\winnt\system32\MsPMSPSv.exe
C:\winnt\system32\svchost.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINNT\System32\mshta.exe
C:\WINNT\System32\mshta.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\Verizon Online\SupportCenter\bin\mad.exe
C:\winnt\System32\sol.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\WinZip\WINZIP32.EXE
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcall.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\winnt\system32\Userinit.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MediaCodec.BHO - {525A7CE1-5FD4-4FC7-A333-27D3754DB57C} - C:\WINNT\Downloaded Program Files\MediaCodec.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\winnt\system32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Memory Function] C:\winnt\system32\mfc.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [P2P Networking] C:\winnt\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [PSU_Playbook] C:\Documents and Settings\snyders.WICK\Local Settings\Temporary Internet Files\Content.IE5\I35UJIJ5\PlaybookNews[1].exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [IM] C:\program files\earthlinkim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: FriendFinder Messenger.lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.0\CM_camera.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O4 - Global Startup: j2 DllCmd 4.0.lnk = C:\Program Files\j2 Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: j2 Tray Menu 4.0.lnk = C:\Program Files\j2 Messenger 4.0\J2GTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Verizon Online\WinPoET\Verizon Online.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Button Test - {20340348-8448-47f8-ae16-796747b6605c} - C:\winnt\system32\Microsoft\Extension\20340348-8448-47f8-ae16-796747b6605c.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://software.nocusnetworks.com
O16 - DPF: DigiChat Applet - http://host16.digichat.com/DigiChat/.../Client_IE.cab
O16 - DPF: NetCharts - https://cpgn.infores.com/utils/NetCh...es/install.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/e...rInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovio...affiliate=wtlv
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {62FB8678-5EAD-4D27-A639-415D9F0B668F} (MediaCodec.Install) - http://software.nocusnetworks.com/mediacodec.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123704351652
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144593592992
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://directv.direcway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://143.166.224.166/Media/visitorchat/TLIEFlash.CAB
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...on/install.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/...ler/dwnldr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\winnt\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\winnt\system32\CTSvcCDA.EXE
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\winnt\system32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ll_reg - Unknown owner - Rundll32.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\winnt\system32\mousebm.exe (file missing)
O23 - Service: NetMeeting Remote Desktop (RPC) Sharing - Unknown owner - Rundll32.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)

vjgkam

I would really appreciate any help that anyone can provide.
Thank You.

vjgkam

I guess it's too much of a mess....the thing is now popping up windows that can not be shut down.....

JTM

I can tell you that some of that stuff should be deleted, but I'm not sure enough to tell you what. When I had problems like that I switched to FireFox, just to clear up trojans etc. download Mcafee Stinger, and do a scan it searches for all the new viruses that have come out..
good luck.

Jars

Sorry for the delay.

Welcome,
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido anti-malware it is a free version of the program.

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
   
6. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

vjgkam

When I try to install Ewido I get the following error message for Microsoft Office 2000 Standard:

" The path 'S:\PC Software|Microsoft Office\Microsoft Office 2000\ Standard Version\DATA1.MSI' cannot be found. Verify that you have access to this location and try again, or find the instlation package DATA1.MSI in a folder from which you can install the product Microsoft Office 200 Standard"

This is a company laptop and I do not have the installation disk.

Any suggestions??

Thanks for all your help so far.

vjgkam

Sorry for the Chinese fire drill guys.
Ewido eventually installed and I'm running the scan now.....I'll post when it's completed. I'm crossing my fingers....

vjgkam

I ran Ewido, cleaned all the files, and the problem still exists. I only get the weblinks in IE though, not Firefox.
Also- Ewido would not let me save the report, as it said I needed to clean all infected files first, despite the fact that the number of cleaned files matched the number of infected files.
I'm beginning to feel like this is a lost cause.