spyware problem

dherzog

dherzog

New Member
All of my memory is used on the hard drive but we have only a few programs installed something is using my memory. There is not enough memory to run many applications.

Logfile of HijackThis v1.99.1
Scan saved at 6:15:38 PM, on 9/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\AOL\1126651871\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1126651871\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Common Files\AOL\1126651871\ee\AOLServiceHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...DMTAa0rtfaU3abFdOTg+1SbZsa3G3yATRJ7YLPPPYnVo=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126651871\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
 
Well ya got yourself a realy nasty AIM virus.

1. Download and Run AIMfix here http://jayloden.com/aimfix.htm

Then open up hijackthis and check these entries.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=w...J7Y LPPPYnVo=

R3 - Default URLSearchHook is missing

Then fixed checked.

Now download killbox here http://www.killbox.net/
Put a checkmark next to Delete on reboot, type in C:\Windows\System32\lockx.exe, and hit the Delete File red circle button.

Download superantispyware here http://www.superantispyware.com/
Update definitions run it and fix what it finds.

Then download Ewido here http://www.ewido.net/en/download/ and do the same thing.

Then reboot computer and post new hijackthis log.
 
Um I just want to comment on something. I downloaded superantispyware but I also did a scan with another anti-spyware problem which was spybot and spybot said it was a trojan. Just something to think about when using this program.
 
soccerdude said:
Um I just want to comment on something. I downloaded superantispyware but I also did a scan with another anti-spyware problem which was spybot and spybot said it was a trojan. Just something to think about when using this program.
Click to expand...
False positive! Superantispyware is a great program! Spybot is a thing of the past, it was a good program at one time but it's just not keeping up with todays more advanced spyware. Ad-aware is pretty much in the same boat, I got rid of both of them.

Now my spyware arsonal is,

Superantispyware

Ewido

Spyware terminator

A-squared

Between these 4 programs they will catch just about everything!
 
soccerdude said:
Um I just want to comment on something. I downloaded superantispyware but I also did a scan with another anti-spyware problem which was spybot and spybot said it was a trojan. Just something to think about when using this program.
Click to expand...

I found Super antispyware to be a little lame on finding and removing things. Ewido, AdAware, and AVG are great tools to be running along with a good firewall. Windows Defender is about to get tossed here since everything seems to get right by it. It won't hurt to run the AIM tool suggested along with the others. That is a specific removal tool.
 
PC eye said:
I found Super antispyware to be a little lame on finding and removing things.
Click to expand...
Your joking right :rolleyes:

For you I would suggest running an antispyware with realtime protection.

Get rid of ad-aware and download spyware terminator here http://www.spywareterminator.com/ it's right up there with spysweeper and is realy light on resources as far as realtime protection goes...and yes ditch Windows Defender!
 
cell4me said:
Your joking right :rolleyes:

For you I would suggest running an antispyware with realtime protection.

Get rid of ad-aware and download spyware terminator here http://www.spywareterminator.com/ it's right up there with spysweeper and is realy light on resources as far as realtime protection goes...and yes ditch Windows Defender!
Click to expand...

I already have real time protection. :D Plus I have intentionally let viruses run to where and how they hide themselves. I've given WD all the time needed to prove itself. :P on MS with that one! Even with AVG disabled it has done far more then that "useless foobar"! Just imagine only running that? :eek: :eek: :eek: !!!
 
PC eye said:
I already have real time protection. :D Plus I have intentionally let viruses run to where and how they hide themselves. I've given WD all the time needed to prove itself. :P on MS with that one! Even with AVG disabled it has done far more then that "useless foobar"! Just imagine only running that? :eek: :eek: :eek: !!!
Click to expand...
So what are you using for realtime protection? AVG? Cause AVG will not block spyware...try spyware terminator it has real time protection against spyware with alot of other features such as virus protection. If you enable the virus protection it will co-exist with AVG with no problems, it's not like running two antiviruses it just blocks them. It will also block changes to your registry and block alot of other things such as toolbar installations. I have only been using it for about a week now and I think it's top notch...and it's free! :D
 
Spyware Doctor is perhaps the best in preventing and removing spyware. The only problem is you need to pay fot it.
 
cell4me said:
So what are you using for realtime protection? AVG? Cause AVG will not block spyware...try spyware terminator it has real time protection against spyware with alot of other features such as virus protection. If you enable the virus protection it will co-exist with AVG with no problems, it's not like running two antiviruses it just blocks them. It will also block changes to your registry and block alot of other things such as toolbar installations. I have only been using it for about a week now and I think it's top notch...and it's free! :D
Click to expand...

AVG has done an "excellent" job here suddenly coming to life out of nowhere when one site copied a trojan right onto the root of the hard drive. It flashed an alert and pointed out just where it was located. But no matter which one you "think" is good "something" will always find a way onto your system! The one advice I can readily give anyone is to "be familiar" with several not just one or two favorites. One will find what another misses quite often. :eek: !!!
 
I did all the scans suggested but and removed hundreds of viruses but I still only have 526mb of a 7gb hard drive available. What do I do next? Is there anyway to recover the use of the memory?
 
One thing for cleaning up useless clutter on a hard drive is called CCleaner. That is one freeware you can download after reading this from an old article surprisingly good on XP as well as 98.
Step-By-Step: Reclaim Hard-Drive Space

Windows utilities help you delete unwanted files, apps, and OS components; convert to FAT32; adjust your browser cache; and defrag your hard drive.

Stan Miastkowski

Tuesday, May 21, 2002 01:00 PM PDT


1. Fire up Windows' Disk Cleanup.

Double-click My Computer, right-click the icon for your C: drive, and choose Properties. Then click the Disk Cleanup button.
Windows will show you a list of types of deletable files, along with the space that can be reclaimed from each. Highlight each category for an explanation of what will be swept away, and check the ones you want cleaned out. Then click OK. Windows will ask you to confirm your choice, and then it will delete the files for you.
Repeat this step for each hard disk http://www.pcworld.com/article/id,97442-page,2-c,maintenancemanagement/article.html

CCleaner can be downloaded at http://www.ccleaner.com/download/ Hopefully the partition information is intact. One Microsoft resource kit outlines steps for troubleshooting hard drives and file systems. You can try a few of the steps seen at http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/c28621675.mspx
 
You must log in or register to reply here.
Back
Top