somebody please help me!!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

leviatam

Thread Starter
Joined
Aug 9, 2004
Messages
14
i've scanned using adware, but now i don't know what to do, if somebody could tell me what i need to do i would appreciate it so much!

Logfile of HijackThis v1.98.2
Scan saved at 12:15:27 AM, on 9/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\RUNDLL32.exe
F:\PROGRA~1\AIM\aim.exe
F:\Program Files\Winamp\winamp.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\WinMX\WinMX.exe
F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
F:\Program Files\NaviSearch\bin\nls.exe
F:\Program Files\CashBack\bin\cashback.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\aapatayan3\hijack\HijackThis2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/googlesidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/googlesidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - F:\WINDOWS\localNRD.dll
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - F:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - F:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - F:\WINDOWS\SYSTEM32\winb2s32.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - F:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - F:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - F:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - F:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - F:\WINDOWS\SYSTEM32\winb2s32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "F:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [updater] F:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\RunOnce: [AAW] "F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] F:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM\aim.exe
 
Joined
Feb 23, 2003
Messages
16,274
rescan once again with hijack, insert a checknext to each of the following then close all browser windows and click "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/googlesidesearch.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/googlesidesearch.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/googlesidesearch.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/googlesidesearch.html

R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - F:\WINDOWS\localNRD.dll

O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - F:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL

O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - F:\WINDOWS\SYSTEM32\winb2s32.dll

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - F:\WINDOWS\System32\nvms.dll

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - F:\WINDOWS\System32\mscb.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - F:\WINDOWS\System32\msbe.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - F:\WINDOWS\SYSTEM32\winb2s32.dll

O4 - HKLM\..\Run: [updater] F:\Program Files\Common files\updater\wupdater.exe


then reboot into safe mode : http://dotcomsecurity.org/forums/index.php?showtopic=55

Open windows explorer, find then delete:
F:\Program Files\Common files\updater\wupdater.exe


Then immediately get to windows update and get all updates available for your system.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
leviatam, please continue with this thread until your problem is solved. Do not continue to start new threads. Post your reply(s) here.
 

leviatam

Thread Starter
Joined
Aug 9, 2004
Messages
14
ok i did it all and i think everything is fine now. here's my log anyway
thanks a lot
Logfile of HijackThis v1.98.2
Scan saved at 9:21:13 PM, on 9/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\RUNDLL32.exe
F:\PROGRA~1\AIM\aim.exe
F:\Program Files\Winamp\winamp.exe
F:\Program Files\WinMX\WinMX.exe
F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
F:\Program Files\NaviSearch\bin\nls.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\WINDOWS\System32\wuauclt.exe
F:\aapatayan3\hijack\HijackThis2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - F:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - F:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - F:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "F:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\RunOnce: [AAW] "F:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] F:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AIM Search - res://F:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094357801358
 
Joined
Feb 23, 2003
Messages
16,274
this is recommended to be fixed:
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "F:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain


As well remove this entry in safe mode F:\Program Files\WildTangent


Then go to windows update and get ALL updates for your system to bring it upto date
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top