1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Early Spring cleaning

Discussion in 'Windows XP' started by Jstealth, Feb 4, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Jstealth

    Jstealth Thread Starter

    Joined:
    Nov 14, 2003
    Messages:
    97
    Hi All,

    I am having a bunch of little things occurring with my computer and believe that there is a virus or two causing these problems.

    It's tme to make another donation!

    Could someone please help me clean up my system?

    Thanks in advance,

    Jstealth
     
  2. DoubleHelix

    DoubleHelix Banned

    Joined:
    Dec 9, 2004
    Messages:
    24,388
    Did you update your anti-virus software and run a full scan?
     
  3. Jstealth

    Jstealth Thread Starter

    Joined:
    Nov 14, 2003
    Messages:
    97
    I did run http://www.pandasoftware.com/active...n_principal.htm recently and it said that I had 9 critical virus' and it said that it cleaned them up. I ran it again and it showed no virus'. Where can I find the latest version of Hijack this? I will download it and then post my log.

    Thanks!
     
  4. Memory_Loss

    Memory_Loss

    Joined:
    Sep 29, 2003
    Messages:
    77
    Major Geeks Click it here to go download HijackThis.
     
  5. DoubleHelix

    DoubleHelix Banned

    Joined:
    Dec 9, 2004
    Messages:
    24,388
    What anti-virus software do you have running on your computer? You have to have anti-virus software on your computer if you want to stop getting infected with viruses.
     
  6. Jstealth

    Jstealth Thread Starter

    Joined:
    Nov 14, 2003
    Messages:
    97
    Hi DoubleHelix,

    I was using Ad-aware 6.0 and Search & Destroy. I constantly search for updates before running them and at some point there were no available updates for either one and all they were catching was tracking cookies.

    Here is my log:
    Spyware Doctor Activity Report
    Generated on 2/5/2005 7:12:17 AM Spyware Doctor Homepage PCTools Homepage Technical Support


    Scans (basic information only):

    Scan Results:
    scan start: 2/5/2005 7:33:15 AM
    scan stop: 2/5/2005 7:39:48 AM
    scanned items: 127272
    found items: 101
    found and ignored: 0
    tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner



    Infection Name Location Risk
    Altnet Software multiple Elevated
    eUniverse/IncrediFind multiple High
    Kazaa Promotional Items multiple Medium
    Altnet Software HKCR\AppID\adm.EXE Elevated
    Altnet Software HKCR\AppID\Altnet Signing Module.EXE Elevated
    Altnet Software HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Altnet Elevated
    BonziBuddy HKLM\software\classes\typelib\{4b7f8bf4-99c2-11d2-b3c3-00a0cc3a50b9} High
    BonziBuddy HKLM\software\classes\typelib\{4b7f8bf4-99c2-11d2-b3c3-00a0cc3a50b9}\4.0 High
    BonziBuddy HKLM\software\classes\typelib\{4b7f8bf4-99c2-11d2-b3c3-00a0cc3a50b9}\4.0\0 High
    BonziBuddy HKLM\software\classes\typelib\{4b7f8bf4-99c2-11d2-b3c3-00a0cc3a50b9}\4.0\0\win32 High
    BonziBuddy HKLM\software\classes\typelib\{4b7f8bf4-99c2-11d2-b3c3-00a0cc3a50b9}\4.0\FLAGS High
    BonziBuddy HKLM\software\classes\typelib\{4b7f8bf4-99c2-11d2-b3c3-00a0cc3a50b9}\4.0\HELPDIR High
    IBIS Toolbar HKLM\software\microsoft\windows\currentversion\run##viewmgr Medium
    Kazaa Promotional Items HKCU\Software\Kazaa\Promotions Medium
    Kazaa Promotional Items HKCU\Software\Kazaa\Promotions\Broadband Medium
    TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971} Medium
    TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0 Medium
    TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\0 Medium
    TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\0\win32 Medium
    TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\FLAGS Medium
    TopSearch HKCR\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\HELPDIR Medium
    TopSearch HKCR\Interface\{582AB125-1403-42FB-9EFB-198690BA1496} Medium
    TopSearch HKCR\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}\ProxyStubClsid Medium
    TopSearch HKCR\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}\ProxyStubClsid32 Medium
    TopSearch HKCR\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}\TypeLib Medium
    Tracking Cookie(s) jim [email protected][1].txt Medium
    Known Bad Sites C:\Documents and Settings\Jim Hinely\Favorites\jim\humor\i made a poop!.url High
    Bargain Buddy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878B424-1F95-4E26-B5AB-F0D349D89650} Elevated
    Bargain Buddy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0878B424-1F95-4E26-B5AB-F0D349D89650}\iexplore Elevated
    TopSearch HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC} Medium
    TopSearch HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Control Medium
    TopSearch HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Implemented Categories Medium
    TopSearch HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Medium
    TopSearch HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Medium
    TopSearch HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\InprocServer32 Medium
    TopSearch HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\MiscStatus Medium
    TopSearch HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\MiscStatus\1 Medium
    TopSearch HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\ProgID Medium
    TopSearch HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Programmable Medium
    TopSearch HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\ToolboxBitmap32 Medium
    TopSearch HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\TypeLib Medium
    TopSearch HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Version Medium
    TopSearch HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\VersionIndependentProgID Medium
    TopSearch HKLM\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC} Medium
    TopSearch HKLM\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Control Medium
    TopSearch HKLM\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Implemented Categories Medium
    TopSearch HKLM\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Medium
    TopSearch HKLM\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Medium
    TopSearch HKLM\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\InprocServer32 Medium
    TopSearch HKLM\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\MiscStatus Medium
    TopSearch HKLM\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\MiscStatus\1 Medium
    TopSearch HKLM\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\ProgID Medium
    TopSearch HKLM\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Programmable Medium
    TopSearch HKLM\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\ToolboxBitmap32 Medium
    TopSearch HKLM\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\TypeLib Medium
    TopSearch HKLM\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Version Medium
    TopSearch HKLM\Software\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\VersionIndependentProgID Medium
    Zestyfind (Unknown Hijacker) HKCR\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC} Medium
    Zestyfind (Unknown Hijacker) HKCR\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Implemented Categories Medium
    Zestyfind (Unknown Hijacker) HKCR\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Implemented Categories\{00021493-0000-0000-C000-000000000046} Medium
    Zestyfind (Unknown Hijacker) HKCR\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32 Medium
    Zestyfind (Unknown Hijacker) HKCR\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Instance Medium
    Zestyfind (Unknown Hijacker) HKCR\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Instance\InitPropertyBag Medium
    Zestyfind (Unknown Hijacker) HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC} Medium
    Zestyfind (Unknown Hijacker) HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Implemented Categories Medium
    Zestyfind (Unknown Hijacker) HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Implemented Categories\{00021493-0000-0000-C000-000000000046} Medium
    Zestyfind (Unknown Hijacker) HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32 Medium
    Zestyfind (Unknown Hijacker) HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Instance Medium
    Zestyfind (Unknown Hijacker) HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\Instance\InitPropertyBag Medium
    Twain-tech C:\WINDOWS\preInsTT.exe Elevated
    Grokster C:\WINDOWS\smdat32a.sys Medium
    Grokster C:\WINDOWS\smdat32m.sys Medium
    Altnet Software C:\WINDOWS\Temp\Altnet\adm.exe Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\adm25.dll Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\adm4.dll Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\admdata.dll Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\admdloader.dll Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\admfdi.dll Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\admprog.dll Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\Atl.dll Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\dmfiles.cab Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\dminstall3.cab Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\mysearch.cab Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\pmexe.cab Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\pmfiles.cab Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\pminstall.cab Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\Setup.cab Elevated
    Altnet Software C:\WINDOWS\Temp\Altnet\Setup.exe Elevated
    Altnet Software C:\WINDOWS\Temp\BullGuard\bulldownload.exe Elevated
    Twain-tech C:\WINDOWS\twaintec.dll Elevated
    MultiDropper-LO C:\Documents and Settings\Jim & Reene\Local Settings\Temp\ckz194a4\Files\sx.htm High
    MultiDropper-LO C:\Documents and Settings\Jim & Reene\Local Settings\Temp\ckz194a4\Files\vi.tty High
    Twain-tech C:\Documents and Settings\Renee Hinely\Local Settings\Temp\THI1C6A.tmp\twaintec.dll Elevated
    nCASE C:\kyf.dat Medium
    nCASE C:\msbb.exe Medium
    nCASE C:\ncmyb.dll Medium
    Zestyfind (Unknown Hijacker) C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE Medium
    SahAgent C:\WINNT\Downloaded Program Files\SAHAgent_.exe Elevated
    SahAgent C:\WINNT\Downloaded Program Files\SAHUninstall_.exe Elevated
    nCASE C:\WINNT\system32\kyf.dat Medium
    NetPal C:\WINNT\system32\n3tpa1i.dll High


    Other Sections:








    Copyright ? 2005. Distributed by PC Tools Pty Ltd. Legal Notice


    Should I go after the files through Explorer first or address the Registry issues first?

    Thanks,

    Jstealth
     
  7. DoubleHelix

    DoubleHelix Banned

    Joined:
    Dec 9, 2004
    Messages:
    24,388
    I don't think AVG 6.0 is supported anymore. I've read several threads here about the new version 7.0. You should download that and use it. Ad-Aware doesn't prevent viruses or spyware. It only cleans up spyware after it's been put on your computer.
     
  8. Kenny94

    Kenny94 Banned

    Joined:
    Dec 16, 2004
    Messages:
    2,026
    Here's a GREAT cleaning tool from a-squared (a²) is a complementary product to antivirus software and desktop firewalls on MS Windows computers. Antivirus software specializes in detecting classic viruses. Many available products have weaknesses in detecting other malicious software (Malware) like Trojans, Dialers, Worms and Spyware (Adware). a² fills the gap that malware writers exploit.
    When on page, scroll down to a² Free at:

    http://www.emsisoft.com/en/software/free/
     
  9. RAM-PAGE

    RAM-PAGE Banned

    Joined:
    Dec 19, 2004
    Messages:
    2,355
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/326914

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice