also @ TechSpot: Microsoft and News Corp potential alliance, against the open Web
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Login to participate.

Go Back   TechSpot OpenBoards > Operating Systems & Software > Windows OS

Begin2Search Toolbar Removal Instructions

Closed Thread
Page 3 of 3 12 3
Bookmark Thread Tools
  #41  
Old 11-30-2004
Newcomer, in training
 
Member since: Nov 2004, 5 posts
Thanks for the responce RealBlackStuff, jesus theres alot on there.

i spoke to her regarding the Avast and she seems to think its been on there since September. Would u advise to get a new one then mate?
  #42  
Old 11-30-2004
TechSpot Evangelist
 
Location: has left the building
Member since: Aug 2003, 8,160 posts
Before I answer to that, I need to know how religiously that PC's AV is updated, what are the browsing habits (downloading MP3 and stuff?).
I heard good things about Avast, supposedly better than the free AVG, but I am not sure now.
I use Extendia AVK Pro, and have not seen a virus in years.
To remove this ad, sign in. To register for a new account, click here.
  
  #43  
Old 12-06-2004
Newcomer, in training
 
Member since: Dec 2004, 1 posts
After reading this thread, I tried to remove the begin2search toolbar by myself. I sucedded in removing the toolbar but the "Page cannot be displayed" page is still the begin2search one. Can anyone help me here? Thanks.

I attached my log (This board would not let me post for some reason, url's or something)
Attached Files
File Type: txt hijackthis2.txt (7.8 KB, 2 views)
  #44  
Old 12-07-2004
TechSpot Evangelist
 
Location: has left the building
Member since: Aug 2003, 8,160 posts
Flamingshadow

Welcome to TechSpot

First off, go here and follow EXACTLY as it says there.
http://www.techspot.com/vb/topic17297.html
Note the part about 'xfire_lsp...' at the bottom as well.

Also, your AVG6 will expire at the end of this year. Replace it with the (free) AVG7.
When updated, run a full scan of your system.

On of the following files is the official one, you will need to compare all of these with your original CD to establish which one is the "goodie". You may have the "Sircam" virus.
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe

After you have done as instructed in above post, Run your UPDATED HJT on its own in Safe Mode and "fix" all of these, if any are still left after Adaware, Spybot and co.:

C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\svchost32.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cidaemon.exe

O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\system32\dsktrf.dll
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\svchost32.exe"
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...76de901b6c1e8b
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downlo...?1079102657625
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/def...caploader1.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...842.8861458333
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab27513.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{B819A037-7A70-4442-9196-34658C86BFD7}: NameServer = 165.21.100.88 165.21.83.88
  #45  
Old 12-21-2004
Newcomer, in training
 
Member since: Dec 2004, 2 posts
begin2search headeach

Hi guys

I am trying to post my results from HiJackThis but I get an error "Your Post contains one or more URLs, please remove them before submitting your message again."

Any ideas?

Thanks

:hotbounce
  #46  
Old 12-22-2004
TechSpot Evangelist
 
Location: has left the building
Member since: Aug 2003, 8,160 posts
Click on "go advanced" when you post, and send your HJT-log as an attachment, e.g. "hijackthis.txt"
Do NOT use the ZIP-format.
  #47  
Old 12-22-2004
Newcomer, in training
 
Member since: Dec 2004, 2 posts
Can you help?

I attached the file

Can you let me know what I still have after running Ad-Aware and Spybot?

Thanks in advance
Attached Files
File Type: txt hijackthis.txt (3.6 KB, 1 views)
  #48  
Old 12-23-2004
TechSpot Evangelist
 
Location: has left the building
Member since: Aug 2003, 8,160 posts
Iloki

Run HJT standalone in Safe Mode and let it "fix":

C:\Program Files\Winamp3\winampa.exe
C:\WINNT\loadqm.exe
C:\WINNT\System32\pngcm.exe

-- Do you run more than one language on your PC? (like switching keyboard-language)
-- If not, this needs to be "fixed" as well:
C:\WINNT\System32\internat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINNT\BTGrab.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [aihwbqf] C:\WINNT\System32\acjctp.exe
O4 - HKCU\..\Run: [ZEv2RXKpW] pngcm.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab27513.cab

At the end, delete all the files thate were "fixed".
  #49  
Old 01-27-2006
djleyo's Avatar
Newcomer, in training
 
Location: tijuana Mexico
Member since: Nov 2004, 46 posts
this worked

since begintosearch is an old malware***i got slammed by this one ***the hay to remove it is by using hijackthis ***and downloading the yahoo toolbar with anti-spyware ****this anti spyware removed all traces of begintosearch
To remove this ad, sign in. To register for a new account, click here.
  
Closed Thread
Page 3 of 3 12 3

Tip: Download Advanced SystemCare 3 Freeware - 1 Click A Day to Clean, Repair, Protect & Optimize your PC.

Thread Tools


Similar Topics
Topic Category Replies Last Post
begin2search - how does it return? solution? Windows OS 2 02-01-2005 07:20 AM
Begin2search nightmare Windows OS 11 11-28-2004 02:48 PM
begin2search toolbar removal Windows OS 6 11-03-2004 06:41 AM
begin2search toolbar removal help Windows OS 1 09-18-2004 06:34 PM
Begin2search Problems with Hijack, Adaware etc Virus & Malware removal 5 09-15-2004 11:12 PM


All times are GMT -4. The time now is 07:58 PM.