TechSpot

begin2search/sidesearch problems

By no1bighb
Nov 8, 2004
  1. i can not seem to remove the begin2search spyware from my pc. whenever i use ie the words spyware, games, virus etc are highlighted. i have the following hijack this log. can anyone please help.
    rgrds

    Logfile of HijackThis v1.97.7
    Scan saved at 07:59:11, on 08/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\RadioSvr.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\System32\gigljv.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
    C:\Navig\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://toolbar.desktoptraffic.net/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.desktoptraffic.net/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://toolbar.desktoptraffic.net/sidesearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.desktoptraffic.net/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.hp.com/info/homepage-o
    O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll
    O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s32.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~2\MARK~1.BUC\Desktop\SPYBOT~1\SDHelper.dll
    O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\System32\dsktrf.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\explorer.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [bgrwntf] C:\WINDOWS\System32\gigljv.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/homepage-o
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - http://toolbar.isearch.com/general/drm.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1099635425780
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AMMCO.local
    O17 - HKLM\Software\..\Telephony: DomainName = AMMCO.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AMMCO.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AMMCO.local
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Welcome to TechSpot

    First of all, ALWAYS run HJT in Safe Mode, as the ONLY open program.
    Secondly, it looks like you always open Outlook, Word and Excel. That is an unnecessary waste of resources.
    Once a program has been opened during a session, the next time it will open in a fraction of a second!

    Now, go download CWshredder at http://www.spywareinfo.com/~merijn/downloads.html.

    Boot into Safe Mode (press F8 a few times at start-up) and run first CWShredder and then HJT.
    A few of the entries underneath might have disappeared already.

    These are the criminals to be "fixed" by HJT:
    (I included the R1 and O14 HP-lines. Nobody likes HP that much to have them as default home-page!)

    C:\WINDOWS\System32\gigljv.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://toolbar.desktoptraffic.net/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.desktoptraffic.net/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://toolbar.desktoptraffic.net/sidesearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.desktoptraffic.net/sidesearch.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.hp.com/info/homepage-o
    O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
    O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - C:\WINDOWS\System32\toolbar.dll
    O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s32.dll
    O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\System32\dsktrf.dll
    O4 - HKLM\..\Run: [bgrwntf] C:\WINDOWS\System32\gigljv.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/homepage-o
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} (iSearch Toolbar) - http://toolbar.isearch.com/general/drm.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1099635425780
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AMMCO.local
    O17 - HKLM\Software\..\Telephony: DomainName = AMMCO.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AMMCO.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AMMCO.local

    As you are using Wireless networking, make sure you have set all the safety-precautions,
    such as 128-bit WEP-encryption and not sending of SSID, etc.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...