1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

argh spywares

Discussion in 'Virus & Other Malware Removal' started by cammi, Jan 9, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. cammi

    cammi Thread Starter

    Joined:
    Jan 9, 2003
    Messages:
    560
    my friend was having problems with her computer (she downloaded imesh) and i was asked to help her. i installed lavasoft ad-ware 5.8 (or whatever its called) and I deleted all the stuff it came up with from my computer. The only one i couldn't delete was CNBabe.dll. (Later on I searched on google and found out here on tsg not to delete it! :))

    I went to her windows explorer and went to her program files. in her program files were some really weird stuff - i think it might be spyware. these are the following files that i think are weird:

    *Cnbabe.dll (and its associated files)
    *a folder called ebkrdr which has *.ebk files (what are they?), something that i think is attached to microsoft schedule, ebook, stub, mediaman, etc.
    *a folder called eurotool, which has one icon on it saying "euroconv" and the other docs in this folder are all *.txt files called "eula", "eula_fr" (etc), "cluf", "lisezmoi" and more.
    *a folder called firstlook... which has something called firstlook in it
    *a folder called flt which has something called unins in it, and its icon is a rubbish bin :eek:
    *a folder called newdotnet which contains newdotnet4_50.dll, a readme, and uninstall4_50 in it.

    What's my next step? I really don't know what to do now. How do I get rid of it all? I'm getting really mad cos I can't solve it. Hopefully you guys can help me! :confused: :confused: :confused: :(
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Welcome to TSG, cammi.

    Ad-aware is long out of date, they will be offering a new program in the months to come.


    Right now Spybot is by far the best spyware removal tool. Try installing, updating and running the program following the directions given here:

    http://tomcoyote.com/SPYBOT/

    By the way, it is best to remove New.net through add/remove programs and reboot before doing anything else. Improper removal of its components will prevent internet connectivity.

    After running Spybot, give us a look at the current startup configuration by running the StartupList application available below and copy/paste the results to a reply.

    http://www.lurkhere.com/~nicefiles/
     
  3. cammi

    cammi Thread Starter

    Joined:
    Jan 9, 2003
    Messages:
    560
    did i mention she can't use any browsers to navigate the internet?
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    That might be the result of new.net. If it remains in Add/Remove programs, try removing from there and rebooting.

    Then download this file (lspfix) and unzip it for her to a floppy disk and run it on her computer. It should repair the winsock protocols if New.net or some other program has corrupted them. When that happens it is usually possible to connect to the net, but not browse.


    http://www.cexx.org/lspfix.htm

    Also see this link here from New.net:

    http://www.newdotnet.com/#remove

    If she is still having trouble browsing, run msconfig and remove the check for "load startup group" then see if Spybot can be downloaded.
     
  5. cammi

    cammi Thread Starter

    Joined:
    Jan 9, 2003
    Messages:
    560
    it seems more of my friends have these problems. one of them used to have kazaa (but uninstalled it after i told her about our other friend's spyware problem). i used the spybot and this is what Startup List says:

    StartupList report, 10/01/2003, 9:42:59 AM
    StartupList version: 1.50
    Started from : C:\Documents and Settings\Angela1\Local Settings\Temp\StartupList.EXE
    Detected: Windows XP (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\GetRight\getright.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Angela1\Local Settings\Temp\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    C-Media Mixer = Mixer.exe /startup
    NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
    WinampAgent = "C:\Program Files\Winamp\Winampa.exe"
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    NetBuster = C:\Netbuster\NetBuster.exe
    TkBellExe = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe
    Advanced Tools Check = C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    SpyBotSnD = "C:\Program Files\Spybot - Search & Destroy 1.1\SpybotSD.exe" /autoclose

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=
    HKLM\..\Windows\CurrentVersion\WinLogon: load=
    HKLM\..\Windows\CurrentVersion\WinLogon: run=
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=
    HKCU\..\Windows\CurrentVersion\WinLogon: load=
    HKCU\..\Windows\CurrentVersion\WinLogon: run=
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=
    HKLM\..\Windows NT\CurrentVersion\Windows: load=
    HKLM\..\Windows NT\CurrentVersion\Windows: run=
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    *INI section not found*
    *INI section not found*
    *INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    *Registry value not found*
    *Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: *Registry key not found*
    HKLM\..\Policies: *Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    (no name) - (no file) - {D14641FA-445B-448E-9994-209F7AF15641}
    (no name) - (no file) - {EF99BD32-C1FB-11D2-892F-0090271D4F88}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Symantec NetDetect.job
    Norton AntiVirus - Scan my computer.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [{11111111-1111-1111-1111-111111111111}]
    CODEBASE = http://207.246.124.105/cabs/ROOSTER3001/TPS108.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37575.0694560185

    [MSN Photo Upload Tool]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
    CODEBASE = http://photos.ninemsn.com.au/r/neutral/controls/MsnPUpld.cab?5,0,1730,0

    [{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------
    End of report, 7,808 bytes
    Report generated in 0.250 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Basically nothing wrong with the startups there, BUT, it really isn't the best idea to have Spybot running at startup. I would only run it manually on occasion when problems are suspected. You can reconfigure it through Settings > Settings > Automation -- uncheck the startup option.

    And, really no need for this as a permanent startup:

    NetBuster = C:\Netbuster\NetBuster.exe

    Your NAV program should be quite adequate for detecting and cleaning Netbus trojans.
     
  7. cammi

    cammi Thread Starter

    Joined:
    Jan 9, 2003
    Messages:
    560
    ok, the problem with the browser was fixed. i can now surf th net on her ie. i removed the net. thing, as well as programs associated with imesh (eg, toptextit). nothing was wrong with her winsock. i installed spybot and it removed like 142 spyware on her computer! :eek:

    by the way, do you know what C:\\WINDOWS\System32\ntdvnp. (i cant remember the file extension) is? It appeared in something that looked like a msdos box.

    anyway enough rambling. THis is her startup list:

    StartupList report, 10/01/2003, 9:30:32 PM
    StartupList version: 1.50
    Started from : C:\Documents and Settings\user\Desktop\StartupList.EXE
    Detected: Windows XP (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    C:\Program Files\FarStone\VirtualDrive\VDTask.exe
    C:\WINDOWS\vcdplayx.exe
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\Genius NetScroll + Series Mouse\mouseElf.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\AOL 7.0\aoltray.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Netropa\InetKb\Inetkb.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\AOL 7.0\waol.exe
    C:\Documents and Settings\user\Desktop\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\user\Start Menu\Programs\Startup]
    Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    AGRSMMSG = AGRSMMSG.exe
    NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    pccguide.exe = "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    PCCClient.exe = "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    Pop3trap.exe = "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    VirtualDrive = "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
    vcdplayx = "C:\WINDOWS\vcdplayx.exe"
    MULTIMEDIA KEYBOARD = C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    mouseElf = C:\Program Files\Genius NetScroll + Series Mouse\mouseElf.exe
    IMJPMIG8.1 = C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    MSPY2002 = C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    PHIME2002ASync = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    PHIME2002A = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    nwiz = nwiz.exe /install
    ICQ Lite = C:\Program Files\ICQLite\ICQLite.exe -minimize
    WebScan = C:\Program Files\Acceleration Software\Anti-Virus\defscangui.exe -k
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    ICQ Lite = C:\Program Files\ICQLite\ICQLite.exe -trayboot

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=
    HKLM\..\Windows\CurrentVersion\WinLogon: load=
    HKLM\..\Windows\CurrentVersion\WinLogon: run=
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=
    HKCU\..\Windows\CurrentVersion\WinLogon: load=
    HKCU\..\Windows\CurrentVersion\WinLogon: run=
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=
    HKLM\..\Windows NT\CurrentVersion\Windows: load=
    HKLM\..\Windows NT\CurrentVersion\Windows: run=
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    *INI section not found*
    *INI section not found*
    *INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
    *Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: *Registry key not found*
    HKLM\..\Policies: *Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

    --------------------------------------------------
    End of report, 8,307 bytes
    Report generated in 0.160 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  8. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
  9. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Nothing grossly out of order there either that I can see. But for optimum peformance you really should disable Find Fast, which causes a lot of unnecessary hard drive and cpu activity. This can be done either through the Control Panel or by running msconfig and removing the startup check for it.

    Try to get a better look at the file name you are seeing, you may have copied it wrong; if it starts with nt, it is likely a system file. If it starts with nv, like this: nvsvc32.exe, it is probably an NVidia driver file of some kind.

    Glad to see Tony is catching what I breeze over ;)

    anyway, it's nice that you've got browsing back. You don't realize what a bullet you've dodged. Fortunately the New.net uninstall worked properly and repaired the winsock/lsp entries on its own; that doesn't always happen.
     
  10. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    :)

    Actually, there's new SpyBot update out that includes updated TPS108 detection, possibly to cover this ActiveX object, among others:

    2003-01-09

    Spyware

    ++ GigaTech SuperBar ++ eBates MoneyMaker + C2.lop + Transponder/TPS108 + IPinsight + SaveNow + Bargain Buddy + TwistedHumor

    Dialer

    + VLoading + XXXDial + 00SyncNet

    Hijacker

    + Xupiter
     
  11. cammi

    cammi Thread Starter

    Joined:
    Jan 9, 2003
    Messages:
    560
    thanks guys! :)
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/112265

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice