help me please!!

short848 · Oct 9, 2004

Can someone please help me! I have been trying to do some research on line to fix this problem on my computer, here's my hijack this file:

PhilliePhan · Oct 9, 2004

Hi Short848,

You have a TRUCKLOAD of problems in this log! It is one of the worst I've seen in a long time. I'm a bit in AWE!
Sorry about that, I had to comment

That said, we are happy to work through this with you, but it will take A LOT of effort. I see a number of items that will probably need the talents of our resident genius, Chaslang. (Not exactly the birthday present he was looking for )

HijackThis is a last step and yours is out of date. Plus, you are running it from a TEMP folder. You should download an up-to-date version and put it in its own folder - C:\Program Files\HijackThis

--------------------------------------------------------------------------
Please start HERE:
http://forums.majorgeeks.com/showthread.php?t=35407

Follow the instructions CAREFULLY. Make note of the steps you are able to finish and the ones that give you trouble. Hopefully this will clean up some of the easier items. If you have a question, don't hesitate to ask.

Frankly, I'm not sure where to start. Run through the tutorial and post back for Chaslang's instructions.

Hang in there! If you are willing to stick with this, so are we!

PP

PhilliePhan · Oct 9, 2004

Hi Short848,

When running through the tutorial, make sure to do the steps in the Alternative Scans - If still having problems section. Especially the TROJAN SCANS.

Also, look in Add or Remove Programs for the following:
Internet Optimizer
Windows SyncroAd
Winsync
BullsEye Network
AutoUpdate
Save\Save.exe
Remove them if you find them.

In Safe Mode with Viewing of Hidden Files Enabled, look for and try to delete the following:
C:\WINDOWS\System32\golumm\services.exe
C:\Program Files\Internet Optimizer
C:\Program Files\Windows SyncroAd
C:\WINDOWS\uptodate.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\PROGRA~1\Save
C:\Program Files\BullsEye Network
C:\Program Files\AutoUpdate
C:\Program Files\Internet Optimizer
C:\Documents and Settings\Tony\Application Data\hgv?e.exe
C:\PROGRA~1\CLOCKS~1\Sync.exe

I probably missed a few and I left out a few questionable items - likely trojans. This should help to get things started, though.

I'm heading out the door - I'll check back tomorrow. Hang in there

PP

short848 · Oct 9, 2004

thank you soooo much for your help, I'm still working on things!!!

PhilliePhan · Oct 9, 2004

Happy to help - or at least try to help
I'd guess that about 75% of your HJT log needs to be dealt with. Some of it exceeds my limited abilities.
Hang with it & I'll check back tomorrow.

Best,

PP

chaslang · Oct 9, 2004

As PP said and I repeat, you have a lot of bad stuff in your PC. Complete all the steps in the read me tutorial and do the Alternate Scans too (as PP indicated) and uninstall the other items he gave you. If you have a problem running any of the steps in safe mode (like the online scans), just run them from normal boot mode. We need to make a little bit of a dent in the baddies you have. Hopefully all the scans should make an improvement.

So of those items PP gave you to delete will probably not delete unless you end the process associated with them first using Task Manager (press CTRL-ALT-DEL to bring up Task Manager).

Also to try to make an immediate improvement run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Tony\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Tony\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Tony\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Tony\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Tony\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://nkvd.us (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Tony\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50040
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll (file missing)
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - C:\WINDOWS\2020Search2.dll (file missing)
O2 - BHO: (no name) - {6FDA380E-B518-06BD-8754-11557E872243} - C:\WINDOWS\System32\ldgfl.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll (file missing)
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll (file missing)
O2 - BHO: (no name) - {D7EFC29D-4C8E-490C-9944-AAB7652B3BFA} - C:\WINDOWS\System32\chaeohb.dll
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - C:\WINDOWS\System32\mshelper.dll (file missing)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: 2020SEARCH2 - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - C:\WINDOWS\2020Search2.dll (file missing)
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL
O9 - Extra button: SideFind (HKLM)
O13 - DefaultPrefix: http://%6E%6B%76%64%2E%75%73/
O13 - WWW Prefix: http://%6E%6B%76%64%2E%75%73/
O13 - Home Prefix: http://%6E%6B%76%64%2E%75%73/
O13 - Mosaic Prefix: http://%6E%6B%76%64%2E%75%73/
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...84f880889783bc3
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

Some of those are going to come back but this is a start.

Then post a new HJT log as a .txt file attachment. Again I repeat what PP said, get version 1.98.2 of HJT and put it in its own directory. The link is in the tutorial.

short848 · Oct 10, 2004

I ran the tutorial, but it didn't seem to do anything. Everything that it told me I was deleating just came back again. I have all my disk given to me by dell, can I just wipe the system clean and reload all of it. All my files have been backed up onto disk, so can I just delete everything and reload it? and if so how do I do that!

Thanks again for helping me you guys are great!!!!

Major Attitude · Oct 10, 2004

Yes you can, if you have a proper backup, re-installing is MUCH faster. Switch to FireFox, install SpywareBlaster and be careful typing in web addresses down the road.

PhilliePhan · Oct 10, 2004

short848 said:

I ran the tutorial, but it didn't seem to do anything. Everything that it told me I was deleating just came back again. I have all my disk given to me by dell, can I just wipe the system clean and reload all of it. All my files have been backed up onto disk, so can I just delete everything and reload it? and if so how do I do that!
Thanks again for helping me you guys are great!!!!
Click to expand...

Welcome back, M.A.

Hi Short848,
If you want to go that route, it will work as well. However, you need to make sure that you didn't back up any malware on disk. Usually, that is an option for when everything else has failed. Don't give up so easily!

Did you follow the tutorial carefully w/ System Restore Off etc...? How did the Online Scans turn out? It is not uncommon for some of the files I asked you to delete to come back. As Chas said, we needed to try and make a dent and I wanted to give you an idea of some of the things to look for.

If you want to do a reinstall of your OS, etc..., that will work - But, how long you stay clean is a questionmark. Your log showed a little bit of everything in terms of malware. This indicates to me that your machine was not adequately protected with the proper Windows Priority Updates, Patches, Anti-virus and Anti-spyware tools. No worries, though - As M.A. said, there are steps you can take to address this.

Before you make a final decision about how to proceed, please wait for Chaslang to weigh in with his advice. I'll try to check back tonight to see how things worked out.

Best,

PP

chaslang · Oct 10, 2004

Yes you can take the route of reinstalling your system. Don't forget you loose anything that is not part of the original disks. Also, anything you have configure and tweaks will be gone too (Favorites, special settings in all your programs etc) Also, if you will most likely have to download quite a few patches and updates for your software and OS to get it up to date.

You may learn more (and this may help you prevent this from happening again) by fixing the problems. It's your choice. But it also does not sound like you know how to reload your system from scratch either.

Log in or Sign up

help me please!!

short848 Private E-2

Attached Files:

hjt.txt

PhilliePhan Guest

PhilliePhan Guest

short848 Private E-2

PhilliePhan Guest

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

short848 Private E-2

Major Attitude Co-Owner MajorGeeks.Com Staff Member

PhilliePhan Guest

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Log in or Sign up

help me please!!

short848 Private E-2

Attached Files:

hjt.txt

PhilliePhan Guest

PhilliePhan Guest

short848 Private E-2

PhilliePhan Guest

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

short848 Private E-2

Major Attitude Co-Owner MajorGeeks.Com Staff Member

PhilliePhan Guest

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Useful Searches