I keep getting (on my taskbar) Http://mediaxx.fastclick.net(where the x's are numbers) I cannot open the page but I can dlete from the taskbar.
It normally happens when I am going to WND site and a bunch of click occur.
How can I keep this off my computer?
I have Adaware and Spybot. I update them and scan. I have ZoneAlarm firewall and eTrust EZ antivirus.
Bill

Hello Bill; I also have this damn annoying thing.... I have tried for two weeks now, to try and find it / delete it. No luck!!

Things I have tried.... Scans with Adaware, Spybot, Pest Patrol, Bazooka, Stinger, CWShredder, and maybe some more that I can't think of right now. Also tried in safe mode; still no luck.

My comp is running fine and I have no problems, but it's annoying to have that damned "fastclick" thing on the taskbar. Mine is just as yours is; cannot "open" it to see the properties, nor delete it... can only "close" it.

Maybe we'll get some responses and get lucky, my friend!! I sure hope so! Take care, William...
~Tommyo

Bill, have you ever used your search companion, and found any reference to "fastclick"? I have searched many times, and it lists "fastclick" twice...one in Adaware files, and one in "Opt-Out" in Spybot.
I have been trying all day to find out what this damn Opt-Out is; I can't find it anywhere.
Just wondering if you have found out anything yet.... Take care, Bill.
~Tommyo

I searched all the folders and subs for FASTCLICK. The result was NONE.
I have AdAware and Spybot installed so my results are different than yours.
Bill

Its time for a hijack this log.Tommyo and b11,if you have tried the recommended antispyware scanners,and virus scanners,then you should submitt a hijack this log.

How do I get a hijack log?
Bill

Click on the link provided and download hijackthis. Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.When you run HijackThis from C:\HJT folder by double clicking on it and have it "Fixed checked" it will create a backup file of modifications to use restore if it is necessary.

Now make sure you scan with all browsers closed nad click the scan button and copy and paste the log back into this forum and ill take a look at it.DO NOT FIX ANYTHING UNTIL THE LOG HAS BEEN LOOKED AT.

HIJACKTHIS LINK

ogfile of HijackThis v1.97.7
Scan saved at 8:00:53 PM, on 6/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Thomas Orzech\Local Settings\Temporary Internet Files\Content.IE5\0N93IAFT\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thebostonchannel.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [WorkFlo(1)] E:\BrdJmp\WorkFlow.exe
O4 - HKLM\..\Run: [WorkFlo] D:\BrdJmp\WorkFlow.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37872.6596412037
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Good gosh; I hope I did this correctly!! It's funny, as I have read so many of these, from other posters; never thinking that I too would be submitting one.
I must rely on someone with expertise to decipher this, as I'm not sure about these contents.
Thanks very much Joe, for asking me to submit this. i understand the new rules, and one must first be requested to post one first. I hope someone can tell me if there are any nasties here!!! Thanks so much!!
~Tommyo

Tommyo,Do you have have a dell pc?or use dell support?and do you visit www.bostonglobe.com?If you dont? put a checkmark on these and click fix and restart....

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thebostonchannel.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

O4 - HKLM\..\Run: [WorkFlo(1)] E:\BrdJmp\WorkFlow.exe
O4 - HKLM\..\Run: [WorkFlo] D:\BrdJmp\WorkFlow.exe

Can you download another tool from merijn at startup

and its called startuplist.Download it and copy and paste the log back into this forum.You have a very tricky nasty.I want to take a closer look.

Hello Joe, sorry for the delay in replying; I slept a little late today.
Yes, I have a Dell 2350, and I do have Dell support installed... it is just like a monthly feature type update, nothing too big.
And yes to the BostonChannel.... that is my homepage, which is WCVB tv, in Boston.
I'm really confused as to what to delete here, because the "brdJmp" is (I think) related to my Motorola Surfboard cable modem.
Would you happen to know what specific entry is the nasty one? I am trying to google search these results, but I really do not know how to decipher a HijackThis log, and I'm afraid I might delete something that I shouldn't.
Thanks very much for your assistance, Joe. And, if anyone else sees something wrong, please feel free to point it out..thank you!
~Tommyo

Here is my hijack log.
And thanks, Joe. I also don't understand any of this and appreciate your help. My computer is one I purchased from a Canadfian firm and added some of my old hardware to.

Logfile of HijackThis v1.97.7
Scan saved at 11:48:21 AM, on 6/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\gearsec.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\MailWasher\MailWasher.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum Eval\fplaunch.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TaskBar Icon] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [Controlled StartUp] C:\Program Files\StartUp Organizer\Ctrl.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {46F54996-1839-11D4-817A-0080AD98D408} (Ax39 Control) - http://www.dlsoft.com/controls/ax39.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37963.6138657407
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {B3B8E157-3752-4070-AF84-89880D365362} (SearchNavCtrl Class) - http://searchnav.com/searchnav/src/SearchNav.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/installs/yab_af.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {ED6D016A-12F8-4871-BEDC-CE13AAAB4F0B} (DD_v4_Member.DDv4) - http://www.drivershq.com/members/DD_v4_Member.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AD4D7E2-D5F1-492A-8A10-A00D50AE80DF}: NameServer = 63.202.63.72 206.13.28.12

Tommyo,dont delete those.Thats why i asked if you had dell support,and if you surfed boston globe.Anyway,can you please download the startup list from the link that i provided,and copy and paste that back into this forum.The startup is an excellent tool at detecting sneaky spyware.this will help me too track down your nasty.Bill i will look at your log,but you will have to be patient.I have a few others im looking at right now,and i might not respond right away.

StartupList report, 6/26/2004, 6:30:45 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\Thomas Orzech\Local Settings\Temporary Internet Files\Content.IE5\FY8ZBPS1\StartupList[1].EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Thomas Orzech\Local Settings\Temporary Internet Files\Content.IE5\FY8ZBPS1\StartupList[1].exe

---------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Digital Line Detect.lnk = ?
ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

---------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

---------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
DVDSentry = C:\WINDOWS\System32\DSentry.exe
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
AdaptecDirectCD = C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
DwlClient = C:\Program Files\Common Files\Dell\EUSW\Support.exe
VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
WorkFlo(1) = E:\BrdJmp\WorkFlow.exe
WorkFlo = D:\BrdJmp\WorkFlow.exe
VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
WinampAgent = C:\Program Files\Winamp\winampa.exe
Lexmark X74-X75 = "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

---------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\SSMYST.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

---------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

---------------------

Enumerating Task Scheduler jobs:

McAfee.com Update Check (-Owner).job
McAfee.com Update Check (-Thomas Orzech).job

---------------------

Enumerating Download Program Files:

[Support.com Configuration Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlcm.dll
CODEBASE = http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab

[SysProWmi Class]
InProcServer32 = C:\WINDOWS\System32\Dell\SystemProfiler\SysPro.ocx
CODEBASE = http://support.dell.com/systemprofiler/SysPro.CAB

[DD_v4.DDv4]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\DD_v4.ocx
CODEBASE = http://www.drivershq.com/DD_v4.CAB

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBin\Shared\MGBrwFld.dll
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[Scanner Class]
InProcServer32 = C:\temp\TDECntrl\TDECntrl.dll
CODEBASE = http://www.trojanscan.com/trojanscan/TDECntrl.CAB

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

[PPSDKActiveXScanner.MainScreen]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PPSDKActiveXScanner.ocx
CODEBASE = http://www.pestscan.com/scanner/axscanner.cab

[Microsoft.WinRep]
InProcServer32 = C:\WINDOWS\System32\Winrep.dll
CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\System32\mcinsctl.dll
CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab

[{556DDE35-E955-11D0-A707-000000521957}]
CODEBASE = http://www.xblock.com/download/xclean_micro.exe

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

[AvxScanOnline Control]
InProcServer32 = C:\WINDOWS\AvxOScan\BITDEF~1.OCX
CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37872.6596412037

[CRAVOnline Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ravonline.dll
CODEBASE = http://www.ravantivirus.com/scan/ravonline.cab

[WebResponseAttachments Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\FILETR~1.OCX
CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab

[SassCln Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SassCln.dll
CODEBASE = http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB

[DwnldGroupMgr Class]
InProcServer32 = C:\WINDOWS\System32\mcgdmgr.dll
CODEBASE = http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

---------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: *Registry key not found*
SysTray: C:\WINDOWS\System32\stobject.dll

---------------------
End of report, 8,201 bytes
Report generated in 1.110 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

http://www.snapfiles.com/get/spysweeper.html

Bill, if you haven't tried scanning with this Spy Sweeper yet, give it a try.
I don't want to get too jubilant yet, but since I ran this scan and deleted some junk, that damn "media.fastclick" has not shown up yet.
I ran it, and it did turn up 4 baddies..
1. Com.com cookie
2. Dealtime cookie
3. Alexa toolbar
4. Bizrate cookie
Give it a try, Bill, and post your results so we can compare our findings. I'm hoping that maybe we might get some relief with this...cross-our-fingers!!
~Tommyo

Well my friend, guess what.... yes, it has returned.
That's it for me...I'm going to bed. I'll deal with this prick tomorrow. Have a good evening all; should anyone have any more advice; I'm sure were both all ears!!
Many thanks!
~Tommyo

Open spybot go to settings/ignore products/cookies - and see if fastclick is checked...if it is unchecked it.

I did some reseach on your problem but didn't come up with anything....good luck!

Hello colors, and thanks for the reply..
I'm gonna feel like an ass with this question, but I can't seem to locate Spybot's "settings"..... I have been looking for a half-hour now. How does one get into the settings???
Mine shows four different choices, but no option to get into the settings.
Is it in the "advanced" part???
Many thanks!!!
~Tommyo

LOL! Your not ass:-)

Yes, it's in the advanced mode I should have told you that....soooo sorry.

O.K.; I'm back... I went through everything, and all is un-clicked...except two entries..
1. LSP.New.net (listed under "LSP")
2. SideStep (listed under "all products")

I did see reference to "fastclick" there, but it is un-checked, which means Spybot will detect it.
LOL!! I'm startin' to talk to myself...that's not a good sign. colors!!

Thanks for the assistance; I'll keep on trying things here..
~Tommyo

I have New.net(hijacker) and SideStep(adware)unchecked from my search that's what I came up with.

I found that section that you mentioned, and I removed the checkmarks on the following......
New.Net
MySearch
SideStep

I ran another scan, and it did find a advertise.com tracking cookie. As of this writing, I don't yet know if it has eliminated the "media.fastclick"; I'll probably know by tomorrow morning when I really have a chance to do some surfing.

Do you know how to decipher a HijackThis log, and a Start-Up log, colors? If you do, did you happen to see anything nasty in my logs?
I'm gettin' blurry eyed trying to look up everything on google to try and determine what is legit.
Think we'll call it a night shortly and resume some more in the morning. Have a nice evening, and thanks very much for your help; I appreciate it very much!
~Tommyo

I downloaded and used Spysweeper. So far (two hours) nothing shows up. Haven't browsed WND yet. Thats where I hear the "fastclick". I'll get back.
Bill

Not really but I do like the challenge!

I did go over your log/start-up then googled and check out some forums...took me a couple days I didn't find anything. It would bug the crap out of me to have what is going on with you.

Since you didn't mention 'mysearch' I thought it was unchecked...you did good:-)

It's getting late here I will get back to you tomorrow with some links on what to look in your start-up.

Good night!

Hi Bill, nice to hear from you. Yes, please keep me advised, and I'll also let you know how I'm doing here on my end. So far tonight, no signs of it, but I'll know more tomorrow when I have more time to do some surfing.
I'm trying to maintain my sanity, Bill. This damn thing had me talkin' to myself LOL !! Take care...
~Tommyo

Tommyo,your logs look clean,but can you enter task manager by clicking the ALT,
CTRL,and
DELETE key at the same time, and tell me if you see any of these files?

iicc6.exe, plathping.exeduxdiag.exe, iic3ba.exe, _ps_inst.exe

Good morning, Joe..thank you for the reply, and for looking over my logs. I am relieved that they appear to be o.k.
I looked through TaskManager, and there is no reference to that entry; so I assume that is a good thing.
As of this writing, the "media.fastclick" has not yet appeared, but I have learned not to be very jubilant yet. I will know more a little later, when I do some surfing; gotta do the damn laundry now!!
Thank you, Joe... I will post my findings in a bit, as soon as I give the comp the daily workout.
~Tommyo

Tommyo, Can you recall any recent changes you made? I keep a log on everything I (or my ISP) change, download, update, etc. I wonder what you and Bill had in common to both have this? Hopefully, the problem is gone!

Start-up links:
http://www.windowsstartup.com/wso/search.php
http://www.windowsstartup.com/wso/search.php
http://www.3feetunder.com/krick/startup/list.html
http://www.azpchelp.com/StartupListQ-U.htm#S
http://www.greatis.com/regrun3appdatabase.htm
http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM

Task list programs:
http://64.233.161.104/search?q=cache:1dW_XTDALpoJ:www.answersthatwork.com/Tasklist_pages/tasklist.htm+Answers+That+Work&hl=en&ie=UTF-8

Pests:
http://www.pestpatrol.com/PestInfo/adware.asp

Good luck!

Tommyo,can you SHOW HIDDEN FILES AND FOLDERS by entering MY COMPUTER,then TOOLS,then FOLDER OPTIONS,then VIEW,then click off show hidden files and folders,then APPLY,then OK.After you complete this can you post another hijackthis log.I have a suspicion on what it is,but its going to take some digging to find out what your up against.

Hello colors and Joe... I can't recall making any changes. I did however, download a file from WinMX (music); that's about the only thing that I can think of....unless some sort of tracking cookie was implanted into the song.
I also checked my folder options, and there is indeed a check-mark on "show hidden files and folders".
I just returned from laundry, and have not yet really given the comp a thourough test, but again, as of this typing, it has not shown up.
I'm not sure if this is important or not, but when that "media.fastclick" shows up, it only stays down in the taskbar, right near the "green start" button. No window or pop-ups ever appear, just that damn little box in the taskbar.
I am concerned, as I stopped important transactions on my comp, until I figure this out. I don't really want to conduct any business transactions until I can get rid of this.
Thanks so much, Joe and colors, for your continued help; and everyone else too..I know the thread is long. But, maybe we all will learn something new here LOL!!

Bill, if you're still reading this...by any chance did you also download any music or files? We both have the same exact problem, and I'm wondering if we can maybe put 2+2 together. Thanks everyone; I shall return shortly...gotta go downtown and vote today;
hometown prop 2.5 override questions...
~Tommyo

Last night after my last post the problem came back, "media fastclick" on the taskbar.

This morning I booted up and it isn't there. I have DSL so am on the net right away. I browsed all over the place EXCEPT for 'drudgereport". It might be coming from there. at least being activated from there. I'll stay away from that site for the rest of the day and see what happens. Try it again tomorrow and see if I get activated by fastclick again. By the way I went to the fastclick site and asked them if they know what is going on. Don't really expect an answer tho.I'll post again tomorrow.
Bill

Hello Bill, you have browsed Drudge Report before??? Me too!!!!! I wonder if that is where our problem is coming from. I also will stay away from that site and see what happens.
Today, the damn thing came back, so I got pissed off and ran RegCleaner. I checked off for it to clean everything....the box that says "do them all"..
It found orphan files, and about six other entries that I didn't know what they were.
but because I chose to save for a backup, I got tee'd off enough and let it clean out everything found.
Now, about 2 hours later, "fastclick" has not yet appeared. Of course, I have learned not to get jubilant yet though.
I will keep you posted, Bill. And I'll also stay away from that Drudge Report, in case that is the source of the problem.
Good luck...I will re-post here either later on tonight, or tomorrow after I do a lot of comp useage as a test. Take care!
~Tommyo

To all:

I rec'd the following email from fastclick.com an answer to my question. Sueprised they answered. Anyway I followed their instructions.
-----------
Dear William,

Fastclick only authorizes the placement of advertisements on our
publisher's websites. You can choose to block our ad program by
installing the Opt-Out Cookie available at
http://www.fastclick.com/v4/safe_optout.go.

There have been rare incidents in which people have used our code
maliciously. In these cases we usually recommend that you download a
program such as Spybot or Ad Aware. These programs are freely available
at www.download.com. We apologize for any inconvenience you may be
experiencing, but can assure you that when we identify a publisher
engaging in this type of activity we cancel their account immediately.

Regards,
Publisher Support Representative
Fastclick, Inc.
------

Thank you Bill for posting that! I've read, and re-read, and I don't understand exactly what it is; but I will definitely go to that opt-out site and check it out.
So far, and I'm really crossing my fingers here, the "fastclick" has not re-appeared since I cleaned with that RegCleaner utility. But, if it comes back, I will do the same as you, and try that opt-out.

Man, we are learning stuff here, my friend!!
Sure would be nice if either Adaware or Spybot would detect it; as they did not detect it on mine here after many, many scans.

Thank you again Bill, and everyone who has offered help here.... I hope we both shall see relief here!!
~Tommyo

It's back!!!
The optout did not work apparently.And I didn't go to drudge. Maybe I'lldo what you did tommyo and use the reg cleaner.
Bill

http://www.sofotex.com/RegCleaner-download_L4965.html

Oh, man... I'm really ticked to hear that, Bill. Mine has not yet returned as of this writing, but I wont celebrate yet.

I listed the download site for RegCleaner for you, in case you want to give it a try.
I really don't know much about fiddling around the registry, but as this utility has a backup feature, I felt somewhat confident about thoroughly cleaning it out.

I was so ticked off at the time, I chose the "do them all" method. So far, all is well but I'm sure time will tell. Good luck; I'll keep you posted later on tonight or tomorrow morning, after I use the comp a little more.
~Tommyo

Yup, you guessed it!! Bill, don't rush too fast with the RegCleaner, as it has returned for me too.
I went to google, and did a search for (golfer) Michelle Wei. Clicked onto a sight, and got the friggin' "media.fastclick" again.
It appears that we are stuck here, and will probably have to wait for either Spybot or Adaware to include that reference file into a future update.
I honestly cannot think of anything else to try here, as I am about 1 year into my first comp, and still learning some new things each day.
I'm not yet "registry savy" enough to muck around in it. I did find a "fastclick" in my registry by accident, but I don't want to screw around with it until I know for certain what it is.
I clicked "run", "regedit", and "history". In there, there are MANY entries for crapware files (casino, adwares, ect..).
I certainly did not browse there, so I don't know if those are a quarantined file, or what. I'll have to try and google for an answer to see what that junk is. I'll keep you advised if and when I troubleshoot some more. I'll see if I can call my nephew, and ask him if he knows what in the hell that junk is. Take care, buddy....hang in there; keep your sanity!!!!
~Tommyo

Hello everyone,

tommyo, just checking. Did you add those things to your HOST file? Just curious, is all. Thanks

CrazyOne
p.s. If you could give a screen shot, of it, that would be great. Also, does it change colors (Flash,blink) Thanks

Good morning, CrazyOne... I'm not exactly certain what you're referring to re entering the HOSTS file...

I experimented quite a bit last night, and this "fastclick" will appear in the taskbar at random. For example; a site that would previously make it appear before, now will not produce it. And, sites that would not produce it before, now show it.

The "fastclick" that appears is only a blue box in the taskbar; down by the green start button. If I point my cursor at it, a very long "http://......" briefly appears, but I cannot read it as it disappears quickly. I did make out the words "safepop" on it however. Also, when I right-click, the only options are to re-size, move, ect... no option for me to delete.

I feel certain that it is hidden somewhere in my registry somewhere, but I don't know how to decipher registry things, so I'm afraid to muck around there.

I did notice while in "regedit", "P3P', then "history", there is a "fastclick" there amongst MANY casino, advertisement type things.... I don't recall ever visiting those sites, and have no idea what they are doing there. I am also the only user of my comp, so I can't figure it out. I really don't know if I should try to delete that entire folder; I don't want to screw things up.

Thanks you, CrazyOne for reading through all the posts... I realize it is quite long and maybe boring. but, maybe we will all learn something out of this LOL !!

I searched the Adaware forums, and did find some other people who have the same problems as me and Bill, but there were no positive replies. So, at least I do know that we are not alone with this damn thing.

Luckily, my comp is running fine. But I don't like the idea of the damn thing residing there, as now I stopped all my business transactions until I can get rid of this.

Thanks again; I'll keep reading and searching for answers...maybe I'll get lucky!!
~Tommyo

I forgot to mention that I temp shutoff system restore, and scanned with EVERY type trojan/spyware scanner possible; in safe mode too.
A search of "fastclick" through my search companion, showed mention of it in a back-up copy of my registry that I made months ago. I deleted the whole backup, but to no avail..

Tommyo,Bill,

Search these files on pc:
iicc6.exe, foontext.dll, plathping.exe, a3cd.dll, atkctirs.dll, daxtime.dll, drmv21clt.dll, eaxasc3.dll, eventlowg.dll, icbmp.dll, iudq.dll, kybdlt1.dll, thid.dll, ftpcutrs2.dll, duxdiag.exe, iic3ba.exe, jsgdw400.asm, _ps_inst.exe

Search for these files in regedit:

HKEY_CLASSES_ROOT \ clsid {029e02f0-a0e5-4b19-b958-7bf2db29fb13}
HKEY_CLASSES_ROOT \ clsid {37b9ff8c-01d9-4fdc-a6a2-08183915c71d}
HKEY_CLASSES_ROOT \ clsid {98349900-adc7-11d7-8515-0040050362d3}
HKEY_CLASSES_ROOT \ clsid {a3a3043d-749e-433f-a26e-6227d5e9bfcd}
HKEY_CLASSES_ROOT \ clsid {a94b52a0-0863-11d8-99de-444553540000}
HKEY_CLASSES_ROOT \ clsid {d3512525-e159-421f-a154-a60a738f7f6d}
HKEY_CLASSES_ROOT \ clsid {f53d14a9-c1e7-409d-8521-99032d94b1ba}
HKEY_CLASSES_ROOT \ clsid {fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa}
HKEY_CLASSES_ROOT \ ypelib {98349900-adc7-11d7-8515-0040050362d3}
HKEY_CLASSES_ROOT \ ypelib {a3a3043d-749e-433f-a26e-6227d5e9bfcd}
HKEY_CLASSES_ROOT \ ypelib {d212259d-4648-4903-9fbd-02e88785d33c}
HKEY_LOCAL_MACHINE \ clsid {029e02f0-a0e5-4b19-b958-7bf2db29fb13}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid {3182c8ab-5a3e-4644-80da-647417799b11}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid {37b9ff8c-01d9-4fdc-a6a2-08183915c71d}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid{a94b52a0-0863-11d8-99de-444553540000}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid {d3512525-e159-421f-a154-a60a738f7f6d}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid {fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{37b9ff8c-01d9-4fdc-a6a2-08183915c71d}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{a94b52a0-0863-11d8-99de-444553540000}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{d3512525-e159-421f-a154-a60a738f7f6d}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{3182c8ab-5a3e-4644-80da-647417799b11}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ unplathping.exeSearch these files on pc:
iicc6.exe, foontext.dll, plathping.exe, a3cd.dll, atkctirs.dll, daxtime.dll, drmv21clt.dll, eaxasc3.dll, eventlowg.dll, icbmp.dll, iudq.dll, kybdlt1.dll, thid.dll, ftpcutrs2.dll, duxdiag.exe, iic3ba.exe, jsgdw400.asm, _ps_inst.exe

Search for these files in regedit:

HKEY_CLASSES_ROOT \ clsid {029e02f0-a0e5-4b19-b958-7bf2db29fb13}
HKEY_CLASSES_ROOT \ clsid {37b9ff8c-01d9-4fdc-a6a2-08183915c71d}
HKEY_CLASSES_ROOT \ clsid {98349900-adc7-11d7-8515-0040050362d3}
HKEY_CLASSES_ROOT \ clsid {a3a3043d-749e-433f-a26e-6227d5e9bfcd}
HKEY_CLASSES_ROOT \ clsid {a94b52a0-0863-11d8-99de-444553540000}
HKEY_CLASSES_ROOT \ clsid {d3512525-e159-421f-a154-a60a738f7f6d}
HKEY_CLASSES_ROOT \ clsid {f53d14a9-c1e7-409d-8521-99032d94b1ba}
HKEY_CLASSES_ROOT \ clsid {fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa}
HKEY_CLASSES_ROOT \ ypelib {98349900-adc7-11d7-8515-0040050362d3}
HKEY_CLASSES_ROOT \ ypelib {a3a3043d-749e-433f-a26e-6227d5e9bfcd}
HKEY_CLASSES_ROOT \ ypelib {d212259d-4648-4903-9fbd-02e88785d33c}
HKEY_LOCAL_MACHINE \ clsid {029e02f0-a0e5-4b19-b958-7bf2db29fb13}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid {3182c8ab-5a3e-4644-80da-647417799b11}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid {37b9ff8c-01d9-4fdc-a6a2-08183915c71d}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid{a94b52a0-0863-11d8-99de-444553540000}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid {d3512525-e159-421f-a154-a60a738f7f6d}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid {fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{37b9ff8c-01d9-4fdc-a6a2-08183915c71d}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{a94b52a0-0863-11d8-99de-444553540000}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{d3512525-e159-421f-a154-a60a738f7f6d}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{3182c8ab-5a3e-4644-80da-647417799b11}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ unplathping.exe

Tommyo,

#12523 Can someone please review... Response Number 5, is what I was referencing ;-)

So, let me see if I understand a couple of things, ok. If you're not on the internet, no fastclick. Yes Bill, I remember you have DSL, back to that later. Wait a minute, you're both on an on all the time connection, yes. Time to go back and read something.... yes, you both are :-) And yes tommyo, there's a few posts there to read :-) So, I'll start again. If you both leave the computers on, and IE open (on one page, not surfing around). Do you have this appear? What I'm saying, is clean the cache, temp folder, history, and open one window and leave it there. Does it appear, after awhile? Or do you have to be going, to different sites, for it to appear.

About that screen shot, you also could use that, to catch all of what appears. When you put your pointer over it. Hit, make that tap, the Print Screen (button), and open your clipboard, and there it will be.

tommyo, you said at the adaware forum, there are people with the same problem. Could you give a link, please. Thanks

Will look, at all of the post again. Check back later,

CrazyOne

http://www.lavasoftsupport.com/index.php?showtopic=30418

Hello CrazyOne and Joe....wow, this will take me some time Joe, so I will try and look for those reg entries today.... i might not be able to reply for some time though, as I'm not registry savvy.

Yes, CrazyOne, I also am on Comcast cable connection. Each evening, I shut off my computer; I have always done this since I bought it 14 months ago. I do leave on my Motorola Surfboard modem, though. The Comcast service tech advised me to just let it stay on......is this o.k. to do???

Also, yes with the "fastclick" appearing; only when Internet Explorer is open. But, sometimes it appears only after opening 3 or 4 websites...(not nasty sites..legit ones)

I will try your suggestion today re leaving one webpage open; to see if it appears on it's own that way. At this writing, I'm led to believe that it will appear at the exact time a new page/website is opened. And the "title/number" is always different...for example; "media24.fastclick";
or "media18.fastclick".
The number is always a different number. And
it just sits there in the taskbar right next to the green start button.....no pop-ups at all...only the small taskbar box.

Thanks guys for staying with me, and helping me with this; I know it is quite confusing and the thread is very long... I am almost at the point of throwing in the towel, but I worry about business transactions, and what this friggin' fastclick is tracking... I will post again this evening; might take me quite some time as I have a lot to search for.
~Tommyo

Tommyo,just take 1 step at a time.Post back with any info,and dont forget to show hidden files in folders before you search for those files i listed.This was a deja vous of a post about a few people that had the Actulice problem,and i ended finding out that it was a new variant of winpup which spybot,and adaware werent able to detect. is a really nasty,and sneaky spyware.If spybot,adaware cant detect this thing,it gives me the assumption that its a new variant of some sort.I have a big suspicion on what it is,but i will have to find out more info in order to confirm what i think it is.

Thanks for that info, Joe...yes, I think too that it is something new. Now, here is something interesting. I just ran my dearch companion again for "fastclick", and it showed up in these 4 places....
1. a registry back-up that I made (I just deleted it)
2. Adaware-log 27-10-2003
3. Adaware-log 26-10-2003
4. Adaware-log 1-10-2003

Note that in the Adaware logs, when I point to it, it says it is a "text document"
in C:\program files\Lavasoft

Does this help out at all? Could it be that it is indeed in an old Adaware scan that I did some time ago?

I will continue searching, and return back here shortly.

http://www.wilderssecurity.com/archive/index.php/t-15594

I also stumbled onto this Wilder forum info, but I really don't quite understand the response given..

I came to post again and see CrazyOne is wondering about some of the same things:-)

Do you have a popup stopper? Do you clean up your temp, temporary internet files, recycle bin, delete history, defrag and scandisk?

Joe, Doing a search for those files (iicc6.exe, foontext.dll, etc.) won't that show up in regedit and confuse tommyo?

Tommyo, if you go into regedit do a backup. Click Registry/Export Registry file/ file name:/ type in: backup/ save/ save to desk top. I see you have XP I hope it's the same steps?

I found this thread interesting but not really what you are doing with.
http://www.softwaretipsandtricks.com/forum/showthread.php?s=f04b3bdddacf4154f9c4375c71a139d6&threadid=11534&perpage=15&pagenumber=1

I will check back later.

Tommyo,
You've more perseverance than me. I won't spend all my time on this. It does peeve me somewhat but at this point it is only an inconveneince. I hope. Will continue to follow the thread and if I find anytrhing will jump in.
Will fololw Joe's suggestions and let everybody know the results.
Bill

These files are not in the registry:

(iicc6.exe, foontext.dll, etc.

These files are.......

HKEY_CLASSES_ROOT \ clsid {029e02f0-a0e5-4b19-b958-7bf2db29fb13}
HKEY_CLASSES_ROOT \ clsid {37b9ff8c-01d9-4fdc-a6a2-08183915c71d}
HKEY_CLASSES_ROOT \ clsid {98349900-adc7-11d7-8515-0040050362d3}
HKEY_CLASSES_ROOT \ clsid {a3a3043d-749e-433f-a26e-6227d5e9bfcd}
HKEY_CLASSES_ROOT \ clsid {a94b52a0-0863-11d8-99de-444553540000}
HKEY_CLASSES_ROOT \ clsid {d3512525-e159-421f-a154-a60a738f7f6d}
HKEY_CLASSES_ROOT \ clsid {f53d14a9-c1e7-409d-8521-99032d94b1ba}
HKEY_CLASSES_ROOT \ clsid {fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa}
HKEY_CLASSES_ROOT \ ypelib {98349900-adc7-11d7-8515-0040050362d3}
HKEY_CLASSES_ROOT \ ypelib {a3a3043d-749e-433f-a26e-6227d5e9bfcd}
HKEY_CLASSES_ROOT \ ypelib {d212259d-4648-4903-9fbd-02e88785d33c}
HKEY_LOCAL_MACHINE \ clsid {029e02f0-a0e5-4b19-b958-7bf2db29fb13}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid {3182c8ab-5a3e-4644-80da-647417799b11}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid {37b9ff8c-01d9-4fdc-a6a2-08183915c71d}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid{a94b52a0-0863-11d8-99de-444553540000}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid {d3512525-e159-421f-a154-a60a738f7f6d}
HKEY_LOCAL_MACHINE \ software \ classes \ clsid {fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{37b9ff8c-01d9-4fdc-a6a2-08183915c71d}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{a94b52a0-0863-11d8-99de-444553540000}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{d3512525-e159-421f-a154-a60a738f7f6d}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{3182c8ab-5a3e-4644-80da-647417799b11}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ unplathping.exe

Tommyo or bill,if you confirm any of these files, only 1,Then ill tell you exactly what you have.Thats why im asking you guys to search for them.All i need is 1 confirmatiom of 1 file.

I understand.. i will search, but I'll need some time though, as I've got a ton of searching to do. Is there a way I can search those through my search companion; or do I have to read the entire registry??
I ask because I am not very good with the registry at all...

Hi colors, glad you're here too; yes, I did clean out all off-line content, history, cookies, I purged/cleaned out the prefetch files, also I run scandisk once a month
as normal maintenance, and I defragged monthly too.

If I make another reg back-up, I think I'll be backing up the fastclick also; as I did a back-up a few days ago, and when searching with search companion, fastclick shows in the registry backup....so I'm led to believe it is indeed hidden inside my registry somewhere.

Joe, I will start the process of searching all those things you listed...wow, this is gonna take some time, but I will start.

Would you folks maybe want to start another thread, as this is getting rather long???
I don't think Kevin or Justin will mind starting a new one, as there is a lot of scrolling here....let me know... thanks..
~Tommyo

CWShredder v1.59.1 scan only report
Please understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
You can use HijackThis for that:
http://www.merijn.org/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Windows XP (5.01.2600 SP1)
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\System32
AppData folder: C:\Documents and Settings\Thomas Orzech\Application Data
Username: Thomas Orzech

Found Hosts file: C:\WINDOWS\System32\drivers\etc\hosts (74 bytes, A)
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,
Found Win.ini file: C:\WINDOWS\win.ini (554 bytes, -)
Found System.ini file:

C:\WINDOWS\system.ini (435 bytes, -)

- END OF REPORT -

I did a scan last evening; is there anything here that shows anything wrong??