also @ TechSpot: Apple working with suppliers on 8-inch iPad, says WSJ
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.

Go Back   TechSpot OpenBoards > Software > Windows OS

Collaborate in the cloud with Office, Exchange, SharePoint, and Lync

Begin2Search Toolbar Removal Instructions

Page 3 of 3 12 3
Thread Tools Search this Thread
  #41  
Old 11-30-2004
Newcomer, in training
 
Member since: Nov 2004, 5 posts
Thanks for the responce RealBlackStuff, jesus theres alot on there.

i spoke to her regarding the Avast and she seems to think its been on there since September. Would u advise to get a new one then mate?
  #42  
Old 11-30-2004
TechSpot Evangelist
 
Location: has left the building
Member since: Aug 2003, 8,165 posts
Before I answer to that, I need to know how religiously that PC's AV is updated, what are the browsing habits (downloading MP3 and stuff?).
I heard good things about Avast, supposedly better than the free AVG, but I am not sure now.
I use Extendia AVK Pro, and have not seen a virus in years.
  #43  
Old 12-06-2004
Newcomer, in training
 
Member since: Dec 2004, 1 posts
After reading this thread, I tried to remove the begin2search toolbar by myself. I sucedded in removing the toolbar but the "Page cannot be displayed" page is still the begin2search one. Can anyone help me here? Thanks.

I attached my log (This board would not let me post for some reason, url's or something)
Attached Files
File Type: txt hijackthis2.txt (7.8 KB, 2 views)
  #44  
Old 12-07-2004
TechSpot Evangelist
 
Location: has left the building
Member since: Aug 2003, 8,165 posts
Flamingshadow

Welcome to TechSpot

First off, go here and follow EXACTLY as it says there.
http://www.techspot.com/vb/topic17297.html
Note the part about 'xfire_lsp...' at the bottom as well.

Also, your AVG6 will expire at the end of this year. Replace it with the (free) AVG7.
When updated, run a full scan of your system.

On of the following files is the official one, you will need to compare all of these with your original CD to establish which one is the "goodie". You may have the "Sircam" virus.
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe

After you have done as instructed in above post, Run your UPDATED HJT on its own in Safe Mode and "fix" all of these, if any are still left after Adaware, Spybot and co.:

C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\svchost32.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cidaemon.exe

O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\system32\dsktrf.dll
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\svchost32.exe"
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...76de901b6c1e8b
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downlo...?1079102657625
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/def...caploader1.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...lInstaller.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...842.8861458333
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab27513.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{B819A037-7A70-4442-9196-34658C86BFD7}: NameServer = 165.21.100.88 165.21.83.88
  #45  
Old 12-21-2004
Newcomer, in training
 
Member since: Dec 2004, 2 posts
begin2search headeach

Hi guys

I am trying to post my results from HiJackThis but I get an error "Your Post contains one or more URLs, please remove them before submitting your message again."

Any ideas?

Thanks

:hotbounce
  #46  
Old 12-22-2004
TechSpot Evangelist
 
Location: has left the building
Member since: Aug 2003, 8,165 posts
Click on "go advanced" when you post, and send your HJT-log as an attachment, e.g. "hijackthis.txt"
Do NOT use the ZIP-format.
  #47  
Old 12-22-2004
Newcomer, in training
 
Member since: Dec 2004, 2 posts
Can you help?

I attached the file

Can you let me know what I still have after running Ad-Aware and Spybot?

Thanks in advance
Attached Files
File Type: txt hijackthis.txt (3.6 KB, 1 views)
  #48  
Old 12-23-2004
TechSpot Evangelist
 
Location: has left the building
Member since: Aug 2003, 8,165 posts
Iloki

Run HJT standalone in Safe Mode and let it "fix":

C:\Program Files\Winamp3\winampa.exe
C:\WINNT\loadqm.exe
C:\WINNT\System32\pngcm.exe

-- Do you run more than one language on your PC? (like switching keyboard-language)
-- If not, this needs to be "fixed" as well:
C:\WINNT\System32\internat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINNT\BTGrab.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
O4 - HKLM\..\Run: [aihwbqf] C:\WINNT\System32\acjctp.exe
O4 - HKCU\..\Run: [ZEv2RXKpW] pngcm.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab27513.cab

At the end, delete all the files thate were "fixed".
  #49  
Old 01-27-2006
djleyo's Avatar
TechSpot Member
 
Location: tijuana Mexico
Member since: Nov 2004, 46 posts
this worked

since begintosearch is an old malware***i got slammed by this one ***the hay to remove it is by using hijackthis ***and downloading the yahoo toolbar with anti-spyware ****this anti spyware removed all traces of begintosearch
Closed Thread
Page 3 of 3 12 3

Similar Topics
Topic Replies Forum
Followed the removal instructions, still having problems 2 Virus and Malware Removal
Symptoms of removal instructions 1 Virus and Malware Removal
Help! I have begin2search toolbar AND SAHagent! 1 Windows OS
begin2search toolbar removal 6 Windows OS
begin2search toolbar removal help 1 Windows OS

Thread Tools Search this Thread
Search this Thread:

Advanced Search
All times are GMT -4. The time now is 04:49 PM.