Spyware cont...

Question

I have run the Ad-Aware Spyware removal program, yet again - and yet again it has found another 3-6 tracking cookies which just seem to keep re-appearing. Everytime i delete them they still persist, this in turn causes my MSN Messenger to sign out after around 2mins or if i try and change my status. Also, i am still having the problem with the googe web site, which is still bringing up 'random' website of no interest or relation to what i searched for; in some cases, no results return and the explorer shuts down, which seems to also change the www.google.com website to www.bbc.co.uk (with errors) everytime i try to access the URL of google (BBC website is my homepage). Like i said in my last post on here, i have run all the spyware removal protection progarms, have followed all the guide lines to removing the spyware from the directions given on the Dell forum. I have downloaded the Microsoft Anitspwyare programs, venus spyware trap... everything! Would it be a possiblility if i am to try this hijakcthis removal tool? If so, would anyone guide me though as to what to do? I have also included a Scan Log from what Ad-Aware found: MRU List(TAC index:0):12 total references Tracking Cookie(TAC index:3):5 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings 01-03-2005 23:32:22 - Scan started. (Full System Scan)  MRU List Object Recognized!    Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru    Description        : list of recently saved files, stored according to file extension  MRU List Object Recognized!    Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru    Description        : list of recent programs opened  MRU List Object Recognized!    Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\windows\currentversion\explorerecentdocs    Description        : list of recent documents opened  MRU List Object Recognized!    Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\internet explorer    Description        : last download directory used in microsoft internet explorer  MRU List Object Recognized!    Location:          : software\microsoft\directdraw\mostrecentapplication    Description        : most recent application to use microsoft directdraw  MRU List Object Recognized!    Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\internet explorer	ypedurls    Description        : list of recently entered addresses in microsoft internet explorer  MRU List Object Recognized!    Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\mediaplayer\preferences    Description        : last playlist index loaded in microsoft windows media player  MRU List Object Recognized!    Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\mediaplayer\preferences    Description        : last playlist loaded in microsoft windows media player  MRU List Object Recognized!    Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\mediaplayer\medialibraryui    Description        : last selected node in the microsoft windows media player media library  MRU List Object Recognized!    Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\windows media\wmsdk\general    Description        : windows media sdk  MRU List Object Recognized!    Location:          : C:\Documents and Settings\ssmith\Application Data\microsoft\officeecent    Description        : list of recently opened documents using microsoft office  MRU List Object Recognized!    Location:          : C:\Documents and Settings\ssmithecent    Description        : list of recently opened documents Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe]     #:2 [csrss.exe]     #:3 [winlogon.exe]     #:4 [services.exe]     #:5 [lsass.exe]     #:6 [svchost.exe]     #:7 [svchost.exe]     #:8 [svchost.exe]     #:9 [svchost.exe]     #:10 [svchost.exe]     #:11 [explorer.exe]     #:12 [ccsetmgr.exe]     #:13 [ccevtmgr.exe]     #:14 [spoolsv.exe]          #:16 [bcmwltry.exe]     #:17 [realsched.exe]     #:19 [hpgs2wnd.exe]     #:20 [ccapp.exe]     #:21 [gcasserv.exe]     #:22 [hposol08.exe]     #:23 [spysub.exe]     #:24 [hpgs2wnf.exe]     #:25 [navapsvc.exe]     #:26 [nvsvc32.exe]     #:27 [savscan.exe]    #:28 [svchost.exe]    #:29 [symlcsvc.exe]     #:30 [wdfmgr.exe]     #:31 [symwsc.exe]     #:32 [gcasdtserv.exe]     #:33 [alg.exe]     #:34 [msmsgs.exe]     #:35 [ad-aware.exe]       Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»  Tracking Cookie Object Recognized!    Type               : IECache Entry    Data               : ssmith@servedby.advertising[2].txt     Category           : Data Miner    Comment            : Hits:10    Value              : Cookie:ssmith@servedby.advertising.com/    Expires            : 31-03-2005 23:19:32    LastSync           : Hits:10    UseCount           : 0    Hits               : 10  Tracking Cookie Object Recognized!    Type               : IECache Entry    Data               : ssmith@tribalfusion[1].txt     Category           : Data Miner    Comment            : Hits:1    Value              : Cookie:ssmith@tribalfusion.com/    Expires            : 01-01-2038    LastSync           : Hits:1    UseCount           : 0    Hits               : 1  Tracking Cookie Object Recognized!    Type               : IECache Entry    Data               : ssmith@c4.zedo[1].txt     Category           : Data Miner    Comment            : Hits:1    Value              : Cookie:ssmith@c4.zedo.com/    Expires            : 02-03-2005 05:00:00    LastSync           : Hits:1    UseCount           : 0    Hits               : 1  Tracking Cookie Object Recognized!    Type               : IECache Entry    Data               : ssmith@advertising[1].txt     Category           : Data Miner    Comment            : Hits:7    Value              : Cookie:ssmith@advertising.com/    Expires            : 28-02-2010 23:12:18    LastSync           : Hits:7    UseCount           : 0    Hits               : 7  Tracking Cookie Object Recognized!    Type               : IECache Entry    Data               : ssmith@zedo[2].txt     Category           : Data Miner    Comment            : Hits:122    Value              : Cookie:ssmith@zedo.com/    Expires            : 27-02-2015 23:12:34    LastSync           : Hits:122    UseCount           : 0    Hits               : 122 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 5 Objects found so far: 17   Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 17 Scanning Hosts file...... Hosts file location:'C:\WINDOWS\system32\drivers\etc\hosts'. »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 2 entries scanned. New critical objects:0 Objects found so far: 17   Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 17 23:43:01 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:10:39.453 Objects scanned:154069 Objects identified:5 Objects ignored:0 New critical objects:5 I really hope someone can salvage something from this list... it's now getting to the point where i think the best thing i should do is wipe the computer and start again... Thanks for your time, hope you can help! Best regards, Steve. P.s. after clicked submit post it returned this message: Your post has been changed because invalid HTML was found in the message body. The invalid HTML has been removed. Please review the message and submit the message when you are satisfied. Hope what is left is of help. doesnt look like anything has been deleted though.

ky331 · Answer

also, the MRU objects that Ad-Aware finds are not critical at all....  you should simply tell ad-aware to ignore them: from the opening status screen, after you click on START, you should turn-off (X) the option marked Search for negligible risk entries , and then click NEXT for your scan this will stop the MRU (Most Recently Used) objects from being reported .

ky331 · Answer

Concerning cookies: tracking cookies are not necessarily bad.... most sites you go to (including your bank, and MSN Messenger, for example) may place a 'cookie' on your machine... sometimes, this allows you to re-access the site without having to log-in again... which can be helpful.  so you WANT 'good' cookies.  the problem is that some cookies collect information from you at one site, but then share the information with other sites.    unfortunately, 'bad' cookies have a way of coming back, over and over again.   if you wish to permanently stop them: in Internet Explorer, click on TOOLS    INTERNET OPTIONS    PRIVACY    EDIT (web sites) and then type-in and BLOCK the 'bad' cookies you want to keep away (e.g., advertising.com, tribalfusion.com, zedo.com) when done, click on OK Just be careful not to block any 'good' sites (like your bank/brokerage, or sites you intentionally log-into regularly, like Yahoo or HotMail or MSN Messenger --- removing the MSN cookie is what makes your Messenger sign out).   By the way, I know this cookie-blocking feature is available on win98,  winME, and win2000... i'm not sure about other WIN operating systems.   Alternatively, you can download a program which can monitor cookies (among other things):  WinPatrol 9.0 http://winpatrol.com/ Message Edited by ky331 on 03-02-2005 09:45 AM

ky331 · Answer

Sorry if I might have offended you with my detailed response on tracking cookies... I have no way of knowing, in advance, how technically-adept someone else might be.   besides, others who read this thread may also benefit from the discussion.   anyway, concerning HiJack this, yes, it is a powerful, and popular tool around here.  however, i can't stress enough that, if you choose to go that way, you should obtain the results of its scan, and then, post it here for one of the 'experts' to help you.  IF YOU SIMPLY REMOVE THINGS ON YOUR OWN, YOU RISK SEVERELY DAMAGING YOUR PC.   (FYI, I am not qualified to analyze HiJackThis logs, so you'll have to seek elsewhere.)  Having said this, you may obtain HiJack This 1.99.1 from http://majorgeeks.com/download3155.html it should be installed in a folder of its own; e.g.,  C:\HJT   Before you go the way of HiJack This, it's highly recommended that you run several (ideally, ALL) of the following anti-spyware programs first:   Microsoft anti-spyware beta (Note:  will NOT run on win98 nor winME) http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en   spybot search and destroy 1.3 http://www.spybot.info/en/download/index.html  for the underlying 1.3 program.   Install it.  and THEN go to: http://majorgeeks.com/download4392.html  for the 1.3. 1TX DSO-Exploit patch   ad-aware SE 1.05 (which you already have), with the VX2 add-on http://www.lavasoftusa.com/   CWShredder 2.13 http://majorgeeks.com/download3019.html   hope this helps.  good luck

Steveos21 · Answer

Im aware about what cookies do, and how they work, except this still does not work when i block the bad cookies.

I have just blocked the URls of the cookies which appeared on the Ad-Aware scan, and i am still having the same problems, expect new bad cookies are now appearing... i.e. this is the search results i got after deleteing and blocking the bad cookies on google:

Adult Friend Finder S** Personals

Anonymously find singles, couples and group action online. Search over 10,000,000 profiles and thousands of saxy member photos. It's free and easy to join.
www.adultfriendfinder.com/go/p133677.subFROS - 9k - Similar pages

Microsoft Help & Updates

Fix Microsoft Errors, Free Download - Tell us what your problem is today
www.pcmightymax.net/cgi-bin/view.cgi/zen411/download.html - 9k - Similar pages

UK Residents: Save on Gas and Electricity Costs

UK Residents: Save on Gas and Electricity Costs. Instantly Compare Prices from Top UK Energy Sites and Services. Find out how much you can save by switching.
showtheplanet.co.uk/find.php - 9k - Similar pages

Find Bargain Holidays and Last Minute Deals

Take a short break or a long holiday. Compare the best bargains and last minute deals from the UK's top travel sites, tour operators, accomodations and trip planners.
showtheplanet.co.uk/find.php - 9k - Similar pages

UK Broadband Internet: Compare Top Broadband Plans

Compare the UK's top broadband providers. Find the best plan for you. Search and Compare multiple provider sites.
showtheplanet.co.uk/find.php - 9k - Similar pages

UK Residents: UK Adult Dating Services Online

Online Dating Services in the UK. Compare Information from Multiple Sites. Search and Compare the UK's top Services, Shops and Sites.
showtheplanet.co.uk/find.php - 9k - Similar pages

SEARCH for Casino - FIND the best casino site!

Play Poker, BlackJack, Slots, Roulettes, Bingo online because we feature the World's Best Casinos.
www.punchnet.com/entertainment.htm - 9k - Similar pages

Software Escrow

I had searched for Advance Nav..

would hijackthis be of help maybe? there seems to be quite a few people talking about it on here...?

The msn messeneger is still also not performing right.

Regards,

Steve

p.s. have changed the word on one of the search results as :

The message body contains the following prohibited content: 'S e'ex' You must remove this content before submitting your post.

zbestwun2001 · Answer

Sounds like you have a bit more going on than the run of the mill everyday Spyware.

Let's see what's shakkin'?

Go to here and do an online scan and delete whatever it finds. Be sure to highlight the drives you want to have searched.
After that could you please go to here
and download AdAwareSE and delete what it finds. Then while using
AdAware, click on add-ons and get their plug-in for the VX2 variant,
and run that and delete what it finds.
After that go to here
and download SpyBot and run that and delete what it finds.
Now go to
here and download HiJackThis to its own folder that you create on your C:\ drive.
After it is downloaded open the program and click Scan and Save to log.

Post the log that it generates here.

Steve

Virus & Spyware

Was this post helpful?