1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

SpyBot Question...

Discussion in 'All Other Software' started by antares, Jan 11, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. antares

    antares Thread Starter

    Joined:
    Jan 11, 2003
    Messages:
    255
    This is my first time using this program, but I have a question that bugs me.

    What do I get rid of?

    This question means that what kinds of files should be deleted. Here is my list of what I got when I ran it:

    Advertisiting.com
    Avenue A, Inc.
    Bargain Buddy
    BDE Projector
    BFast
    Comet Cursors
    Common Hijacker
    CommonName
    Cydoor
    DoubleClick
    eAcceleration
    eGroup
    ExCyberSearch
    eZula HotText
    FastClick
    FlashTrack
    Gator
    HitBox
    IGetNet
    Internet Explorer (Data source object exploit)
    MarketScore
    MediaPlex
    MS Media Player
    n-Case
    New.net
    SaveNow
    Sidestep
    VX2/? (VX2/a-VX2/e)
    WurldMedia
    Common Dialogs

    and the rest is Logs, MS Office 9.0, and Windows Explorer.

    This all comes down to "169 problems found", which I think is a lot. Also, around half of them are Registry files.

    Read over the list and tell me what I should do.
    :confused:
     
  2. ezymony

    ezymony

    Joined:
    Jan 27, 2001
    Messages:
    741
    I let it remove everything that spybot puts a checkmark in you have a lot of spyware on your machine.
     
  3. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    antares
    Welcome to TSG!
    One caution here though... only the items in Red at this point should be considered for removal.

    Dave
     
  4. antares

    antares Thread Starter

    Joined:
    Jan 11, 2003
    Messages:
    255
    Thanks. I will start removing it right away.
    Also, thanks davey, for your welcoming. I glad to be here. :)
     
  5. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Wow, that's a big load even for Spybot.

    I would recommend removing New.net independently first, using Add/Remove programs and then rebooting. This is the most dangerous. You can do the same with SaveNow

    It might be a good idea, after that to run Spybot in Safe Mode and have it do its thing from there to minimize the possiblity of conflicts with programs in memory. Be sure to reboot afterwards.
     
  6. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    I have never seen such a list on one machine! :eek: How did you manage to accumulate such a load of spyware???
     
  7. antares

    antares Thread Starter

    Joined:
    Jan 11, 2003
    Messages:
    255
    I dont know for sure. It's probably the many programs that I have downloaded and install, during my computer's lifetime. Good thing that I them removed :D

    Hopefully, I will do I weekly check-up to make sure there is no spyware in my computer.
     
  8. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Given the number of dodgy items you've accumulated, I strongly suspect there may be more.

    Would you please do this:

    After running SpyBot, and having it remove all it found, go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and show us its contents.
     
  9. antares

    antares Thread Starter

    Joined:
    Jan 11, 2003
    Messages:
    255
    Here it is:

    Logfile of HijackThis v1.90.0
    Scan saved at 11:41:25 AM, on 1/11/2003
    Platform: Windows NT 5.01.2600
    MSIE version: 6.0.2800.1106

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://tribesaa.com/forums/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.google.com
    O1 - Hosts: 216.177.73.139 ieautosearch
    O1 - Hosts: 216.177.73.139 auto.search.msn.com
    O1 - Hosts: 216.177.73.139 search.netscape.com
    O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - E:\WINDOWS\System\BHO001.DLL
    O4 - HKLM\..\Run: [NAV Agent] E:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [BackgroundSwitcher] E:\WINDOWS\System32\bgswitch.exe
    O4 - HKLM\..\Run: [CoolSwitch] E:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [FastUser] E:\WINDOWS\System32\fast.exe
    O4 - HKLM\..\Run: [QD FastAndSafe]
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [2wSysTray] E:\Program Files\2Wire\HomePortal\2PortalMon.exe
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinStart001.EXE] E:\WINDOWS\System\WinStart001.EXE -b
    O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O8 - Extra context menu item: Allow Site's Pop-&ups - file://E:\Program Files\PopNot\trustsite.script
    O8 - Extra context menu item: Always &Kill this Pop-up - file://E:\Program Files\PopNot\blocksite.script
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: Translate (HKLM)
    O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://free.aol.com
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://65.83.242.101/sdccommon/download/tgctlcm.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.4.3.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} - http://fr4-download.nocreditcard.com/download/Object/ieaccess2XP.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {31FD415A-1103-4329-B323-2DE693146C4E} (InstallHelper Class) - http://survey.prod.there.com/qualsurvey/ThereInstallHelper.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} - http://wcs00180.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/22b78f35f87eaf482a04/netzip/RdxIE601.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {69A4F9FF-E915-11D5-A9F1-009099104002} (XDialer Class) - http://www.pctlca.com/XDialer2.CAB
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37577.3884143519
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.virtualvegas.com/cab/WONWebLauncherControl.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
    O16 - DPF: {E344ADA2-75B6-4E7E-B221-0A04FD5B0165} (MaxisPublishX Control) - http://thesims.ea.com/us/teleport/MaxisPublishX.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
    O16 - DPF: {FA53CFF8-B253-49DE-9B13-3A6129830AF0} - http://130.94.70.13/player/allcast082902_17.cab
    O18 - Protocol: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
    O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82}
     
  10. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Thank you.

    I see one baddie in startup, and a load of very dodgy ActiveX objects.

    Also an unknown Browser plugin that I'd like to have a look at. It may be harmless, but it could also be an all new baddie.
    Would you be so kind as to send me a copy of E:\WINDOWS\System\BHO001.DLL as an attachment, please?
    I'll PM you with my e-mail addie.

    Now do this:

    Run Hijjack This and check ALL of the following items. Subsequently shut down ALL Internet Explorer Windows, and have HT fix all selected.

    Reboot when you're done, and find and delete E:\WINDOWS\System\WinStart001.EXE

    We'll decide what to do with the browser plugin as soon as we know whether it's OK or not.

    Here are the items to be fixed:

    O4 - HKLM\..\Run: [WinStart001.EXE] E:\WINDOWS\System\WinStart001.EXE -b
    O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} - http://fr4-download.nocreditcard.co...ieaccess2XP.cab
    O16 - DPF: {31FD415A-1103-4329-B323-2DE693146C4E} (InstallHelper Class) - http://survey.prod.there.com/qualsu...stallHelper.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
    O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} - http://wcs00180.egain.net/wcsapp/we...g/ie/SecMgr.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/22b78f35f87eaf...ip/RdxIE601.cab
    O16 - DPF: {69A4F9FF-E915-11D5-A9F1-009099104002} (XDialer Class) - http://www.pctlca.com/XDialer2.CAB
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.virtualvegas.com/cab/WON...cherControl.cab
    O16 - DPF: {FA53CFF8-B253-49DE-9B13-3A6129830AF0} - http://130.94.70.13/player/allcast082902_17.cab


    Cheers,
     
  11. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
  12. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    Almost seems a re-install would have been easier than cleaning all this stuff out! :D:D
     
  13. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    John
    lol:D:D
    How accurate your statement of reinstall is if not for the reupdating and all. My stepdaughter had 167 items Spybot found and it took me several hours to untangle the mess and get Her system to snuff.

    Dave
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/112626

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice