SpyBot Question...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

antares

Thread Starter
Joined
Jan 11, 2003
Messages
255
This is my first time using this program, but I have a question that bugs me.

What do I get rid of?

This question means that what kinds of files should be deleted. Here is my list of what I got when I ran it:

Advertisiting.com
Avenue A, Inc.
Bargain Buddy
BDE Projector
BFast
Comet Cursors
Common Hijacker
CommonName
Cydoor
DoubleClick
eAcceleration
eGroup
ExCyberSearch
eZula HotText
FastClick
FlashTrack
Gator
HitBox
IGetNet
Internet Explorer (Data source object exploit)
MarketScore
MediaPlex
MS Media Player
n-Case
New.net
SaveNow
Sidestep
VX2/? (VX2/a-VX2/e)
WurldMedia
Common Dialogs

and the rest is Logs, MS Office 9.0, and Windows Explorer.

This all comes down to "169 problems found", which I think is a lot. Also, around half of them are Registry files.

Read over the list and tell me what I should do.
:confused:
 
Joined
Jan 27, 2001
Messages
741
I let it remove everything that spybot puts a checkmark in you have a lot of spyware on your machine.
 
Joined
Feb 28, 2001
Messages
11,584
antares
Welcome to TSG!
One caution here though... only the items in Red at this point should be considered for removal.

Dave
 

antares

Thread Starter
Joined
Jan 11, 2003
Messages
255
Thanks. I will start removing it right away.
Also, thanks davey, for your welcoming. I glad to be here. :)
 
Joined
Dec 9, 2000
Messages
45,855
Wow, that's a big load even for Spybot.

I would recommend removing New.net independently first, using Add/Remove programs and then rebooting. This is the most dangerous. You can do the same with SaveNow

It might be a good idea, after that to run Spybot in Safe Mode and have it do its thing from there to minimize the possiblity of conflicts with programs in memory. Be sure to reboot afterwards.
 

JohnWill

Retired Moderator
Joined
Oct 19, 2002
Messages
106,429
I have never seen such a list on one machine! :eek: How did you manage to accumulate such a load of spyware???
 

antares

Thread Starter
Joined
Jan 11, 2003
Messages
255
I dont know for sure. It's probably the many programs that I have downloaded and install, during my computer's lifetime. Good thing that I them removed :D

Hopefully, I will do I weekly check-up to make sure there is no spyware in my computer.
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Given the number of dodgy items you've accumulated, I strongly suspect there may be more.

Would you please do this:

After running SpyBot, and having it remove all it found, go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and show us its contents.
 

antares

Thread Starter
Joined
Jan 11, 2003
Messages
255
Here it is:

Logfile of HijackThis v1.90.0
Scan saved at 11:41:25 AM, on 1/11/2003
Platform: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://tribesaa.com/forums/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.google.com
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - E:\WINDOWS\System\BHO001.DLL
O4 - HKLM\..\Run: [NAV Agent] E:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] E:\WINDOWS\System32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] E:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] E:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [QD FastAndSafe]
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [2wSysTray] E:\Program Files\2Wire\HomePortal\2PortalMon.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinStart001.EXE] E:\WINDOWS\System\WinStart001.EXE -b
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: Allow Site's Pop-&ups - file://E:\Program Files\PopNot\trustsite.script
O8 - Extra context menu item: Always &Kill this Pop-up - file://E:\Program Files\PopNot\blocksite.script
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://65.83.242.101/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.4.3.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} - http://fr4-download.nocreditcard.com/download/Object/ieaccess2XP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31FD415A-1103-4329-B323-2DE693146C4E} (InstallHelper Class) - http://survey.prod.there.com/qualsurvey/ThereInstallHelper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} - http://wcs00180.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/22b78f35f87eaf482a04/netzip/RdxIE601.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {69A4F9FF-E915-11D5-A9F1-009099104002} (XDialer Class) - http://www.pctlca.com/XDialer2.CAB
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37577.3884143519
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.virtualvegas.com/cab/WONWebLauncherControl.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {E344ADA2-75B6-4E7E-B221-0A04FD5B0165} (MaxisPublishX Control) - http://thesims.ea.com/us/teleport/MaxisPublishX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O16 - DPF: {FA53CFF8-B253-49DE-9B13-3A6129830AF0} - http://130.94.70.13/player/allcast082902_17.cab
O18 - Protocol: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82}
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Thank you.

I see one baddie in startup, and a load of very dodgy ActiveX objects.

Also an unknown Browser plugin that I'd like to have a look at. It may be harmless, but it could also be an all new baddie.
Would you be so kind as to send me a copy of E:\WINDOWS\System\BHO001.DLL as an attachment, please?
I'll PM you with my e-mail addie.

Now do this:

Run Hijjack This and check ALL of the following items. Subsequently shut down ALL Internet Explorer Windows, and have HT fix all selected.

Reboot when you're done, and find and delete E:\WINDOWS\System\WinStart001.EXE

We'll decide what to do with the browser plugin as soon as we know whether it's OK or not.

Here are the items to be fixed:

O4 - HKLM\..\Run: [WinStart001.EXE] E:\WINDOWS\System\WinStart001.EXE -b
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} - http://fr4-download.nocreditcard.co...ieaccess2XP.cab
O16 - DPF: {31FD415A-1103-4329-B323-2DE693146C4E} (InstallHelper Class) - http://survey.prod.there.com/qualsu...stallHelper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} - http://wcs00180.egain.net/wcsapp/we...g/ie/SecMgr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/22b78f35f87eaf...ip/RdxIE601.cab
O16 - DPF: {69A4F9FF-E915-11D5-A9F1-009099104002} (XDialer Class) - http://www.pctlca.com/XDialer2.CAB
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.virtualvegas.com/cab/WON...cherControl.cab
O16 - DPF: {FA53CFF8-B253-49DE-9B13-3A6129830AF0} - http://130.94.70.13/player/allcast082902_17.cab


Cheers,
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392

JohnWill

Retired Moderator
Joined
Oct 19, 2002
Messages
106,429
Almost seems a re-install would have been easier than cleaning all this stuff out! :D:D
 
Joined
Feb 28, 2001
Messages
11,584
John
lol:D:D
How accurate your statement of reinstall is if not for the reupdating and all. My stepdaughter had 167 items Spybot found and it took me several hours to untangle the mess and get Her system to snuff.

Dave
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top