PDA

View Full Version : Need help removing mal/spyware!

Babaganoosh
07-25-2006, 05:10 PM
I ran hijackthis and got the following:

Logfile of HijackThis v1.99.1
Scan saved at 2:49:43 PM, on 7/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ishost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\ismon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC0 7.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG0 7.EXE
C:\Documents and Settings\Cel\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Ad-Protect] C:\Program Files\Ad-Protect\ad-protect.exe /s
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Can you help determine which ones need removing or whatever???
Babaganoosh
07-25-2006, 11:05 PM
didn't think so :thumbsup:
speedfreak_on_the_oval
08-08-2006, 09:51 PM
Install Ad Aware and let it scan...should fix quite a bit.
shrabber
08-11-2006, 02:25 PM
Uninstall norton.download cleanup 4.5 do a search for it.Down load ewido 4.0.Download smitfraudfix.Then download panda
KDracing
08-29-2006, 10:19 AM
did you try spybot S&D do a google search for it
Topolte
09-04-2006, 04:36 PM
Hi Babaganoosh,
Do know if you still have the problem. But if it helps, I downloaded a utility called Autoruns.exe from www.sysinternals.com If you run the file and select the 'Logon' tab, you will see the publisher of all the files you are running at boot up. Most of the malicious software won't give you their publisher's name. If you then check the date it was installed under file properties, it gives you are starting point. I would untick its box on the menu and reboot, if it reactivates itself you probably found the file. Good Luck
SkipperC
09-12-2006, 07:46 PM
Google "Spyware Terminator" and download the program from the freedownload mirror in Texas. This program offers real time protection, itemized identifying of processes and programs, a super user interface and it kicks the crap out of Spybot S&D hands down. It will run just fine with Avast! 4.7 but I don't know about Norton. Norton... :freak: Anywho, this program, teamed with Ad Aware should clean you up and keep you clean. :wave: