1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

removing spyware

Discussion in 'Virus & Other Malware Removal' started by kwanzah, Jun 29, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. kwanzah

    kwanzah Thread Starter

    Joined:
    Mar 26, 2007
    Messages:
    21
    Hey, I ran the panda security activescan thing, and it several spyware entries. This is a copy of the logfile:

    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.go.com/]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.www.myaffiliateprogram.com/]
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[www.myaffiliateprogram.com/]
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.www.myaffiliateprogram.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.fastclick.net/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.cdfreaks.com/]
    Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.club.cdfreaks.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.com.com/]
    Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.i.screensavers.com/]
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.toplist.cz/]
    Virus:Malware Generic Disinfected C:\WINDOWS\system32\silc_dll.dll
    Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe

    If someone could give me some advice on how to remove this stuff, it would be much appreciated, thanks!
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download HJTsetup.exe.
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. kwanzah

    kwanzah Thread Starter

    Joined:
    Mar 26, 2007
    Messages:
    21
    Logfile of HijackThis v1.99.1
    Scan saved at 1:20:13 PM, on 6/30/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: Shell=Explorer.exe
    O1 - Hosts: HPED3509 HP0019BBED3509
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /O6 "USB002" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Half of the log is missing
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - removing spyware
  1. jennys95
    Replies:
    1
    Views:
    654
  2. rjay13
    Replies:
    0
    Views:
    290
  3. dano_61
    Replies:
    14
    Views:
    919
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/590146

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice