1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

somebody please help me!!!

Discussion in 'Virus & Other Malware Removal' started by leviatam, Sep 4, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. leviatam

    leviatam Thread Starter

    Joined:
    Aug 9, 2004
    Messages:
    14
    i've scanned using adware, but now i don't know what to do, if somebody could tell me what i need to do i would appreciate it so much!

    Logfile of HijackThis v1.98.2
    Scan saved at 12:15:27 AM, on 9/4/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\System32\nvsvc32.exe
    F:\WINDOWS\System32\RUNDLL32.exe
    F:\PROGRA~1\AIM\aim.exe
    F:\Program Files\Winamp\winamp.exe
    F:\WINDOWS\System32\wuauclt.exe
    F:\Program Files\WinMX\WinMX.exe
    F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    F:\Program Files\NaviSearch\bin\nls.exe
    F:\Program Files\CashBack\bin\cashback.exe
    F:\WINDOWS\explorer.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\aapatayan3\hijack\HijackThis2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/googlesidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/googlesidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - F:\WINDOWS\localNRD.dll
    O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - F:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - F:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
    O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - F:\WINDOWS\SYSTEM32\winb2s32.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - F:\WINDOWS\System32\nvms.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - F:\WINDOWS\System32\mscb.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - F:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - F:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - F:\WINDOWS\SYSTEM32\winb2s32.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "F:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [updater] F:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\RunOnce: [AAW] "F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
    O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] F:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM\aim.exe
     
  2. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    rescan once again with hijack, insert a checknext to each of the following then close all browser windows and click "fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/googlesidesearch.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/googlesidesearch.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html

    R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)

    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - F:\WINDOWS\localNRD.dll

    O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - F:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL

    O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - F:\WINDOWS\SYSTEM32\winb2s32.dll

    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - F:\WINDOWS\System32\nvms.dll

    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - F:\WINDOWS\System32\mscb.dll

    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - F:\WINDOWS\System32\msbe.dll

    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

    O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - F:\WINDOWS\SYSTEM32\winb2s32.dll

    O4 - HKLM\..\Run: [updater] F:\Program Files\Common files\updater\wupdater.exe


    then reboot into safe mode : http://dotcomsecurity.org/forums/index.php?showtopic=55

    Open windows explorer, find then delete:
    F:\Program Files\Common files\updater\wupdater.exe


    Then immediately get to windows update and get all updates available for your system.
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    leviatam, please continue with this thread until your problem is solved. Do not continue to start new threads. Post your reply(s) here.
     
  4. leviatam

    leviatam Thread Starter

    Joined:
    Aug 9, 2004
    Messages:
    14
    ok i did it all and i think everything is fine now. here's my log anyway
    thanks a lot
    Logfile of HijackThis v1.98.2
    Scan saved at 9:21:13 PM, on 9/4/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\System32\nvsvc32.exe
    F:\WINDOWS\System32\RUNDLL32.exe
    F:\PROGRA~1\AIM\aim.exe
    F:\Program Files\Winamp\winamp.exe
    F:\Program Files\WinMX\WinMX.exe
    F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    F:\Program Files\NaviSearch\bin\nls.exe
    F:\WINDOWS\explorer.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\WINDOWS\System32\wuauclt.exe
    F:\aapatayan3\hijack\HijackThis2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - F:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - F:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "F:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\RunOnce: [AAW] "F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
    O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] F:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM\aim.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094357801358
     
  5. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    this is recommended to be fixed:
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "F:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain


    As well remove this entry in safe mode F:\Program Files\WildTangent


    Then go to windows update and get ALL updates for your system to bring it upto date
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/269958

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice