spysweeper detects winvestigator

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

lalao

Thread Starter
Joined
Feb 5, 2003
Messages
45
I've just installed "Pc Security v. 6.1 on my win 2000 computer. Since then, spysweeper detects spyware called: Winvestigator. The spyware is then deleted, but after reboot, it's there again! Spybot and adware do not find this spyware. Is this something to worry about? I read the article from Tropsoft, where you can install this Winvestigator, but I didn't install that. It just appeared after I installed "Pc Security" from Tropical Software. Should I worry, since spybot or adware didn't find it? Thanks for any help. Here's the log file if you need it...Logfile of HijackThis v1.97.7
Scan saved at 18:18:05, on 30.03.2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\winser.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\MARY'S~1.03\ANTIVI~1\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINNT\System32\r_server.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programme\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.exe
C:\WINNT\anvshell.exe
C:\Programme\Iomega\AutoDisk\ADUserMon.exe
D:\mary's programs ab 8.5.03\iomega\DriveIcons\ImgIcon.exe
D:\MARY'S~1.03\ANTIVI~1\avgcc32.exe
D:\mary's programs ab 8.5.03\Ad-aware 6\Ad-watch.exe
C:\WINNT\winwd.exe
C:\WINNT\sdaemon.exe
D:\mary's programs ab 8.5.03\restoreit\RestoreIT!_2K\VBPTASK.EXE
C:\Programme\Perfect Process\ppshield.exe
C:\Programme\ShutDownPro\ShutDownPro.exe
D:\mary's programs ab 8.5.03\Speaking Clock Deluxe\SpClDlx.exe
D:\MARY'S~1.03\PRINTS~1\PrintScreen.exe
C:\Programme\Skype\Phone\Skype.exe
D:\mary's programs ab 8.5.03\AllToTray\AllToTray.exe
D:\mary's programs ab 8.5.03\MSGTAG\MSGTAG.exe
C:\Programme\Task Killer\TaskKiller.exe
D:\mary's programs ab 8.5.03\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
C:\Programme\CyberBuddy\CyberBud.exe
C:\Programme\MailCheck\MailCheck.exe
D:\mary's programs ab 8.5.03\adsGone\adsgone.exe
D:\mary's programs ab 8.5.03\transIcons\TransparentD.exe
D:\mary's programs ab 8.5.03\rd Restore icons\Restore Desktop.exe
C:\unzipped\TCL228G tclock\TClock.exe
C:\WINNT\msagent\AgentSvr.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\mary's DOWNLOADS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\mary's programs ab 8.5.03\acrobatReader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\MARY'S~1.03\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\MARY'S~1.03\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\MARY'S~1.03\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] d:\mary's programs ab 8.5.03\iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AVG_CC] D:\MARY'S~1.03\ANTIVI~1\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [fbdirect] C:\PROGRA~1\\scansoft\PAPERP~1\fbdirect.exe
O4 - HKLM\..\Run: [Ad-watch] "D:\mary's programs ab 8.5.03\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SDaemon] C:\WINNT\sdaemon.exe
O4 - HKLM\..\Run: [SWd] C:\WINNT\winwd.exe
O4 - HKLM\..\Run: [RestoreIT!] "D:\mary's programs ab 8.5.03\restoreit\RestoreIT!_2K\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [SpyCop ScanCheck] C:\Programme\Internet Explorer\setup.exe /LASTSCAN
O4 - HKLM\..\Run: [Perfect Process shield] C:\Programme\Perfect Process\ppshield.exe
O4 - HKCU\..\Run: [ShutDownPro] C:\Programme\ShutDownPro\ShutDownPro.exe
O4 - HKCU\..\Run: [Speaking Clock Deluxe] "D:\mary's programs ab 8.5.03\Speaking Clock Deluxe\SpClDlx.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] D:\MARY'S~1.03\PRINTS~1\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AllToTray] D:\mary's programs ab 8.5.03\AllToTray\AllToTray.exe
O4 - HKCU\..\Run: [MSGTAG] "D:\mary's programs ab 8.5.03\MSGTAG\MSGTAG.exe" /startup
O4 - HKCU\..\Run: [Task Killer] C:\Programme\Task Killer\TaskKiller.exe
O4 - HKCU\..\Run: [PeerGuardian] D:\mary's programs ab 8.5.03\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [SpySweeper] C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "cloos"
O4 - Startup: AdsGone.lnk = D:\mary's programs ab 8.5.03\adsGone\adsgone.exe
O4 - Startup: TransparentD.lnk = D:\mary's programs ab 8.5.03\transIcons\TransparentD.exe
O4 - Startup: Restore Desktop.lnk = D:\mary's programs ab 8.5.03\rd Restore icons\Restore Desktop.exe
O4 - Startup: Planer.lnk = D:\mary's programs ab 8.5.03\Planer\Planer.exe
O4 - Startup: msimn.lnk = C:\Programme\Outlook Express\msimn.exe
O4 - Startup: Geburtstag.lnk = D:\mary's programs ab 8.5.03\geb\Geburtstag.exe
O4 - Startup: TClock.lnk = C:\unzipped\TCL228G tclock\TClock.exe
O4 - Startup: Update TUT.lnk = D:\Programme\AnswersThatWork\Troubleshooter\WiseUpdt.exe
O4 - Global Startup: CyberBuddy.lnk = C:\Programme\CyberBuddy\CyberBud.exe
O4 - Global Startup: MailCheck 2.lnk = C:\Programme\MailCheck\MailCheck.exe
O8 - Extra context menu item: &Convert and Open - D:\MARY'S~1.03\CONV~1.AND\ConvertIt.htm
O8 - Extra context menu item: &Google Search - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Alles mit FlashGet laden - D:\mary's programs ab 8.5.03\FlashGet\jc_all.htm
O8 - Extra context menu item: Backward &Links - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Mit FlashGet laden - D:\mary's programs ab 8.5.03\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Speak by Text To Speech LIver Player - C:\Programme\TextToSpeechLivePlayer\ttslpcom.htm
O9 - Extra button: Voiced Keyboard Homepage (HKLM)
O9 - Extra button: Wallpaper (HKLM)
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O12 - Plugin for .asp: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .bcf: C:\Programme\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/de/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37841.1083449074
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Do I have other "crap" on the computer while you're reviewing this?? Thankyou very much for your help
:confused:
 

lalao

Thread Starter
Joined
Feb 5, 2003
Messages
45
No, I did not download Winvestigator. I only installed "PC Security", and then winvestigator was detected by spysweeper. Not by spybot or adadware . I ran all 3 of the online scans you mentioned and all was fine. Should I just disregard spysweper now?. Seems to be the only one finding this. Thank you very much, and oh- would it be possible to see if I have any other junk from the hijack this log?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top