Highlighted words/unwanted toolbars

  1. 29-08-2004  #1
    bubbasmommy
    bubbasmommy is offline Newbie

    Question Highlighted words/unwanted toolbars

    Hi,

    I have an unwanted toolbar on my PC that I cannot get rid of in spite of how many times that I run STOPzilla. It is the begin2search.com toolbar. Also, certain words are now always highlighted on my PC--in orange--and this is also new. Both of these things happened after I let my 13 year old nephew use my PC

    Any advice? I paid for STOPzilla and will probably be asking for a refund since the software does not appear to do what it promises.
  2. 29-08-2004  #2
    bubbasmommy
    bubbasmommy is offline Newbie
    Logfile of HijackThis v1.98.2
    Scan saved at 12:35:41 PM, on 8/29/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\WINDOWS\System32\xqlwgr.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijack This\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/googlesidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/googlesidesearch.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html
    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s32.dll
    O2 - BHO: wmnetmur - {B89B966A-8800-5428-2ACC-B8D6EB6774F7} - C:\WINDOWS\System32\wmnetmur.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s32.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKLM\..\Run: [ifmlsjd] C:\WINDOWS\System32\xqlwgr.exe
    O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8B3D8A69-C6FD-4407-9B24-1DCCC9B86E47}: NameServer = 206.47.244.12 206.47.244.42
  3. 30-08-2004  #3
    bubbasmommy
    bubbasmommy is offline Newbie
    Should I reinstall windows? Or should I just live with the annoyances? Does this toolbar present any kind of a risk to me?
  4. 30-08-2004  #4
    HJThis
    HJThis is offline Senior Member
    No need hold on
  5. 30-08-2004  #5
    HJThis
    HJThis is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Hello,bubbasmommy

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/googlesidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/googlesidesearch.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html

    These here if not using fix them
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca

    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
    O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s32.dll
    O2 - BHO: wmnetmur - {B89B966A-8800-5428-2ACC-B8D6EB6774F7} - C:\WINDOWS\System32\wmnetmur.dll

    O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s32.dll

    O4 - HKLM\..\Run: [ifmlsjd] C:\WINDOWS\System32\xqlwgr.exe
    O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

    Make sure you can view hidden and system files: Instructions here

    Then Boot to safe mode: Instructions here

    Delete the following files\folders IF still present:
    C:\WINDOWS\localNRD.dll<--This file
    C:\WINDOWS\System32\winb2s32.dll<--This file
    C:\WINDOWS\System32\wmnetmur.dll<--This file
    C:\WINDOWS\System32\xqlwgr.exe<--This file
    C:\WINDOWS\conscorr.exe<--This file

    Then do this here

    click start->settings->control panel->internet options->programs tab->RESET WEB SETTINGS

    That will change everything back to defaults (M$)......

    Change your homepage and search engines to whatever you wish and reset your pc.

    When it boots back up, open IE and see if the page stays the way that you set it.

    & this here

    go for a free Online scan from Computer associates.

    eTrust AV web scanner (Computer Associates)
    http://www3.ca.com/virusinfo/virusscan.aspx

    Tell us how it did. Write down names and locations of any files that cannot be cleaned, post that info here. OR go after them yourself and delete them.

    Then let us know how it is running & show us new Logfile

    HGD
+ Reply to Thread
« hijack this | Hijackthis log: Ads234 running rampant »