spyware removal

Discussion in 'adware, spyware & hijack cleaning' started by qmasante, Jun 2, 2004.

Thread Status:
Not open for further replies.
  1. qmasante

    qmasante Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    5
    I have spyblaster and guard. I have adaware. I keep getting these dataminers that are tracking my pc. Everytime I delete something it creates another one with a a different data miner name. Any help would be appreciated. here is my log.
    yesterday it was a tribalfusion[2].


    ArchiveData(auto-quarantine- 02-06-2004 22-48-49.bckp)
    ======================================================

    TRACKING COOKIE
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    obj[0]=File : c:\documents and settings\quincy asante\cookies\quincy asante@hc2.humanclick[2].txt
    obj[1]=File : c:\documents and settings\quincy asante\cookies\quincy asante@zedo[2].txt
     
  2. qmasante

    qmasante Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    5
    I checked again and the same thing occurred. I came back to my pc and I saw something that seemed to be a program installing itself on my pc. Any help is greatly appreciated. I used ad aware.

    ArchiveData(auto-quarantine- 03-06-2004 01-08-34.bckp)
    ======================================================

    TRACKING COOKIE
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    obj[0]=File : c:\documents and settings\quincy asante\cookies\quincy asante@server.iad.liveperson[1].txt
     
  3. qmasante

    qmasante Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    5
    here is my hijack log too.




    Logfile of HijackThis v1.97.7
    Scan saved at 1:26:53 AM, on 6/3/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    E:\PROGRA~1\ETRUST~1\VetTray.exe
    C:\WINDOWS\System32\VetMsgNT.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    E:\program files\quicktime\qttask.exe
    E:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\WINDOWS\System32\ctfmon.exe
    E:\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\devldr32.exe
    E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    E:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\iPod\bin\iPodService.exe
    E:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    E:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
    E:\Program Files\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files\SpywareGuard\dlprotect.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [imjpmig] F:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
    O4 - HKLM\..\Run: [VetTray] e:\PROGRA~1\ETRUST~1\VetTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "E:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
    O4 - Startup: SpywareGuard.lnk = E:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = E:\WinZip\WZQKPICK.EXE
    O4 - Global Startup: ZoneAlarm.lnk = E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {3730312D-0896-4BB9-9AA8-1D28D503E12E} (AXDownloaderCtl Class) - http://www.homegrownvideo.com/member/downloads/AXDownloader.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
    O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    Those are just cookies, your log looks clean. In Internet Explorer options you have cookie options such that you can deny certain cookies. Click Tools > Internet Options, and go to the PRIVACY tab. Here you can raise the level of cookie privacy :)
     
  5. qmasante

    qmasante Registered Member

    Joined:
    Jun 2, 2004
    Posts:
    5
    I have my privacy settings to high, but I had something that looked liked it was a program installing itself on my pc, and that is when I preceded to scan using ad aware. I still get the same thing. Also, a link to a search page keeps reappearing. i deleted it using hijack, but it came back. So, I assumed it was something else. Thanks
     
Thread Status:
Not open for further replies.