removing spyware

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kwanzah

Thread Starter
Joined
Mar 26, 2007
Messages
21
Hey, I ran the panda security activescan thing, and it several spyware entries. This is a copy of the logfile:

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.go.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[www.myaffiliateprogram.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.2o7.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.atwola.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.com.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Nathan\Application Data\Mozilla\Firefox\Profiles\uhctj06i.default\cookies.txt[.toplist.cz/]
Virus:Malware Generic Disinfected C:\WINDOWS\system32\silc_dll.dll
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe

If someone could give me some advice on how to remove this stuff, it would be much appreciated, thanks!
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

kwanzah

Thread Starter
Joined
Mar 26, 2007
Messages
21
Logfile of HijackThis v1.99.1
Scan saved at 1:20:13 PM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe
O1 - Hosts: HPED3509 HP0019BBED3509
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top