somebody please help me!!!

[leviatam]

i've scanned using adware, but now i don't know what to do, if somebody could tell me what i need to do i would appreciate it so much!

Logfile of HijackThis v1.98.2
Scan saved at 12:15:27 AM, on 9/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\RUNDLL32.exe
F:\PROGRA~1\AIM\aim.exe
F:\Program Files\Winamp\winamp.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\WinMX\WinMX.exe
F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
F:\Program Files\NaviSearch\bin\nls.exe
F:\Program Files\CashBack\bin\cashback.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\aapatayan3\hijack\HijackThis2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/googlesidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/googlesidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - F:\WINDOWS\localNRD.dll
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - F:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - F:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - F:\WINDOWS\SYSTEM32\winb2s32.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - F:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - F:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - F:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - F:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - F:\WINDOWS\SYSTEM32\winb2s32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "F:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [updater] F:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\RunOnce: [AAW] "F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] F:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM\aim.exe

 

[mobo]

rescan once again with hijack, insert a checknext to each of the following then close all browser windows and click "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/googlesidesearch.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/googlesidesearch.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html

R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - F:\WINDOWS\localNRD.dll

O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - F:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL

O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - F:\WINDOWS\SYSTEM32\winb2s32.dll

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - F:\WINDOWS\System32\nvms.dll

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - F:\WINDOWS\System32\mscb.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - F:\WINDOWS\System32\msbe.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - F:\WINDOWS\SYSTEM32\winb2s32.dll

O4 - HKLM\..\Run: [updater] F:\Program Files\Common files\updater\wupdater.exe

then reboot into safe mode : http://dotcomsecurity.org/forums/index.php?showtopic=55

Open windows explorer, find then delete:
F:\Program Files\Common files\updater\wupdater.exe


Then immediately get to windows update and get all updates available for your system.

 

[cybertech]

leviatam, please continue with this thread until your problem is solved. Do not continue to start new threads. Post your reply(s) here.

 

[leviatam]

ok i did it all and i think everything is fine now. here's my log anyway
thanks a lot
Logfile of HijackThis v1.98.2
Scan saved at 9:21:13 PM, on 9/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\RUNDLL32.exe
F:\PROGRA~1\AIM\aim.exe
F:\Program Files\Winamp\winamp.exe
F:\Program Files\WinMX\WinMX.exe
F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
F:\Program Files\NaviSearch\bin\nls.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\WINDOWS\System32\wuauclt.exe
F:\aapatayan3\hijack\HijackThis2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - F:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - F:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "F:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\RunOnce: [AAW] "F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] F:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094357801358

 

[mobo]

this is recommended to be fixed:
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "F:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain


As well remove this entry in safe mode F:\Program Files\WildTangent


Then go to windows update and get ALL updates for your system to bring it upto date