1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

What the?!

Discussion in 'Virus & Other Malware Removal' started by Maggz, Apr 8, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Maggz

    Maggz Thread Starter

    Joined:
    Jun 27, 2003
    Messages:
    582
    I got home today to find spysweeper opened up as it had finished its schedualed sweep and what do I find? Bonzi buddy! I was astonished that such crapware could of gotten past me! It was catagorized as an exact match and 15 other traces of the software, all of which I killed with a passion. The only thing ive installed in between my schedualled scans was Microsoft Visual Studio 6.

    Im scared now.. so below is my log..

    Logfile of HijackThis v1.97.7
    Scan saved at 5:41:02 AM, on 4/8/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\mdm.exe
    C:\Documents and Settings\Tj\My Documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.venkee.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.venkee.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Tj"
    O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Tj"
    O4 - Startup: PeerGuardian.lnk = C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38073.8206134259
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. Solid_Froggy

    Solid_Froggy

    Joined:
    Apr 2, 2004
    Messages:
    318
    I got an idea! How about you switch to Ad-aware 6.0 or SpyBot Search & Destroy! And about your Bonzi Buddy, SpyBot Search & Destroy will remove it. Uninstall SpySweeper too.
     
  3. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    SpySweeper is a good program. No need to uninstall it.

    Your log is clean! (y)
     
  4. Maggz

    Maggz Thread Starter

    Joined:
    Jun 27, 2003
    Messages:
    582
    Thanks flrman :)
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    My Pleasure! :)
     
  6. Solid_Froggy

    Solid_Froggy

    Joined:
    Apr 2, 2004
    Messages:
    318
    I don't trust anything but Ad-aware and SpyBot
     
  7. Maggz

    Maggz Thread Starter

    Joined:
    Jun 27, 2003
    Messages:
    582
    I trust any software made by webroot their an awesome company and block almost 23k different softwares and have live cookie shield and memory sheild.
     
  8. Skivvywaver

    Skivvywaver

    Joined:
    Mar 18, 2001
    Messages:
    13,948
    I use spysweeper right along with spybot and adaware, it is a very good program and does a very thourough job. I run spyware blaster right along with adwatch, and have immunized with spybot. I still manage to get hit once in awhile, but without them I would be toast. Keep spysweeper IMHO :)
     
  9. Maggz

    Maggz Thread Starter

    Joined:
    Jun 27, 2003
    Messages:
    582
    I dont own ad-aware pro is it worth buying skivvywaver? I often hear good things about adwatch but never had the money.. I also run spyware guard spyware blaster 3.1 and spybot immunize
     
  10. Solid_Froggy

    Solid_Froggy

    Joined:
    Apr 2, 2004
    Messages:
    318
    Nah, no need to buy Ad-aware Pro, download it at http://www.lavasoftusa.com

    =======================
    Advice From A 12 Year Old
    =======================
     
  11. Skivvywaver

    Skivvywaver

    Joined:
    Mar 18, 2001
    Messages:
    13,948
    It is worth it I would say. I've had it for well over a year but would never run adwatch because it B----es about everything you do that changes the registry. I started running it after getting good and HiJacked a few times. I have learned it is better to give a program permission to change the registry than to have it done on auto.
    However Maggz with the other programs you are running, I would say you are better off than most. I don't run spysweeper on startup because I run adwatch. I have hundreds tied up in anti scum software, and I still get smacked. Ask flrman1.:), $teve, WinChester, and the rest that have helped me debug. All I can say is this, if you have this site bookmarked, you have a step up on the scumware pushers. These guys are great.
     
  12. Maggz

    Maggz Thread Starter

    Joined:
    Jun 27, 2003
    Messages:
    582
    Indeed :D(y)
     
  13. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    If you don't have the cash...stick with Spybot, Ad-aware, spywareblaster and spywareguard. You should also check out IE SpyAd. You'd be amazed at the sites it'll block from allowing active-x and downloading. And, SpySweeper's an excellent product. After thorough research and a thumbs up from Flrman1 I bought it. :)

    IESpyAd link:

    http://www.staff.uiuc.edu/~ehowes/resource.htm
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/218499

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice