ogfile of HijackThis v1.97.7 Scan saved at 8:00:53 PM, on 6/25/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\DSentry.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\WINDOWS\system32\cisvc.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Documents and Settings\Thomas Orzech\Local Settings\Temporary Internet Files\Content.IE5\0N93IAFT\HijackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thebostonchannel.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [WorkFlo(1)] E:\BrdJmp\WorkFlow.exe O4 - HKLM\..\Run: [WorkFlo] D:\BrdJmp\WorkFlow.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: TREND MICRO HouseCall (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37872.6596412037 O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Good gosh; I hope I did this correctly!! It's funny, as I have read so many of these, from other posters; never thinking that I too would be submitting one. I must rely on someone with expertise to decipher this, as I'm not sure about these contents. Thanks very much Joe, for asking me to submit this. i understand the new rules, and one must first be requested to post one first. I hope someone can tell me if there are any nasties here!!! Thanks so much!! ~Tommyo

0

Tommyo,Do you have have a dell pc?or use dell support?and do you visit www.bostonglobe.com?If you dont? put a checkmark on these and click fix and restart.... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thebostonchannel.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ O4 - HKLM\..\Run: [WorkFlo(1)] E:\BrdJmp\WorkFlow.exe O4 - HKLM\..\Run: [WorkFlo] D:\BrdJmp\WorkFlow.exe Can you download another tool from merijn at startup and its called startuplist.Download it and copy and paste the log back into this forum.You have a very tricky nasty.I want to take a closer look.

0

Hello Joe, sorry for the delay in replying; I slept a little late today. Yes, I have a Dell 2350, and I do have Dell support installed... it is just like a monthly feature type update, nothing too big. And yes to the BostonChannel.... that is my homepage, which is WCVB tv, in Boston. I'm really confused as to what to delete here, because the "brdJmp" is (I think) related to my Motorola Surfboard cable modem. Would you happen to know what specific entry is the nasty one? I am trying to google search these results, but I really do not know how to decipher a HijackThis log, and I'm afraid I might delete something that I shouldn't. Thanks very much for your assistance, Joe. And, if anyone else sees something wrong, please feel free to point it out..thank you! ~Tommyo

0

Here is my hijack log. And thanks, Joe. I also don't understand any of this and appreciate your help. My computer is one I purchased from a Canadfian firm and added some of my old hardware to. Logfile of HijackThis v1.97.7 Scan saved at 11:48:21 AM, on 6/26/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\CTSvcCDA.exe C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe C:\WINDOWS\System32\gearsec.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\VetMsgNT.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\Program Files\MailWasher\MailWasher.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\Explorer.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum Eval\fplaunch.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [TaskBar Icon] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKCU\..\Run: [Controlled StartUp] C:\Program Files\StartUp Organizer\Ctrl.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\adsgone.exe O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Yahoo! Login (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM) O9 - Extra button: Fill Forms (HKLM) O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM) O9 - Extra button: Save (HKLM) O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: RoboForm (HKLM) O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {46F54996-1839-11D4-817A-0080AD98D408} (Ax39 Control) - http://www.dlsoft.com/controls/ax39.cab O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37963.6138657407 O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll O16 - DPF: {B3B8E157-3752-4070-AF84-89880D365362} (SearchNavCtrl Class) - http://searchnav.com/searchnav/src/SearchNav.ocx O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/installs/yab_af.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab O16 - DPF: {ED6D016A-12F8-4871-BEDC-CE13AAAB4F0B} (DD_v4_Member.DDv4) - http://www.drivershq.com/members/DD_v4_Member.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{6AD4D7E2-D5F1-492A-8A10-A00D50AE80DF}: NameServer = 63.202.63.72 206.13.28.12

0

Tommyo,dont delete those.Thats why i asked if you had dell support,and if you surfed boston globe.Anyway,can you please download the startup list from the link that i provided,and copy and paste that back into this forum.The startup is an excellent tool at detecting sneaky spyware.this will help me too track down your nasty.Bill i will look at your log,but you will have to be patient.I have a few others im looking at right now,and i might not respond right away.

0

StartupList report, 6/26/2004, 6:30:45 PM StartupList version: 1.52 Started from : C:\Documents and Settings\Thomas Orzech\Local Settings\Temporary Internet Files\Content.IE5\FY8ZBPS1\StartupList[1].exe Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\LEXPPS.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\DSentry.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Thomas Orzech\Local Settings\Temporary Internet Files\Content.IE5\FY8ZBPS1\StartupList[1].exe --------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Digital Line Detect.lnk = ? ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe --------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run IgfxTray = C:\WINDOWS\System32\igfxtray.exe HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe DVDSentry = C:\WINDOWS\System32\DSentry.exe MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\McUpdate.exe AdaptecDirectCD = C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe DwlClient = C:\Program Files\Common Files\Dell\EUSW\Support.exe VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" WorkFlo(1) = E:\BrdJmp\WorkFlow.exe WorkFlo = D:\BrdJmp\WorkFlow.exe VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask WinampAgent = C:\Program Files\Winamp\winampa.exe Lexmark X74-X75 = "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" --------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\SSMYST.SCR drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* --------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} --------------------- Enumerating Task Scheduler jobs: McAfee.com Update Check (-Owner).job McAfee.com Update Check (-Thomas Orzech).job --------------------- Enumerating Download Program Files: [Support.com Configuration Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlcm.dll CODEBASE = http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab [SysProWmi Class] InProcServer32 = C:\WINDOWS\System32\Dell\SystemProfiler\SysPro.ocx CODEBASE = http://support.dell.com/systemprofiler/SysPro.CAB [DD_v4.DDv4] InProcServer32 = C:\WINDOWS\Downloaded Program Files\DD_v4.ocx CODEBASE = http://www.drivershq.com/DD_v4.CAB [BrowseFolderPopup Class] InProcServer32 = C:\WINDOWS\MCBin\Shared\MGBrwFld.dll CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab [Scanner Class] InProcServer32 = C:\temp\TDECntrl\TDECntrl.dll CODEBASE = http://www.trojanscan.com/trojanscan/TDECntrl.CAB [Symantec AntiVirus scanner] InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab [PPSDKActiveXScanner.MainScreen] InProcServer32 = C:\WINDOWS\Downloaded Program Files\PPSDKActiveXScanner.ocx CODEBASE = http://www.pestscan.com/scanner/axscanner.cab [Microsoft.WinRep] InProcServer32 = C:\WINDOWS\System32\Winrep.dll CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab [McAfee.com Operating System Class] InProcServer32 = C:\WINDOWS\System32\mcinsctl.dll CODEBASE = http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab [{556DDE35-E955-11D0-A707-000000521957}] CODEBASE = http://www.xblock.com/download/xclean_micro.exe [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab [AvxScanOnline Control] InProcServer32 = C:\WINDOWS\AvxOScan\BITDEF~1.OCX CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab [Update Class] InProcServer32 = C:\WINDOWS\System32\iuctl.dll CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37872.6596412037 [CRAVOnline Object] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ravonline.dll CODEBASE = http://www.ravantivirus.com/scan/ravonline.cab [WebResponseAttachments Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\FILETR~1.OCX CODEBASE = https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab [SassCln Object] InProcServer32 = C:\WINDOWS\Downloaded Program Files\SassCln.dll CODEBASE = http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB [DwnldGroupMgr Class] InProcServer32 = C:\WINDOWS\System32\mcgdmgr.dll CODEBASE = http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab [Symantec RuFSI Registry Information Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\flash.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab --------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: *Registry key not found* SysTray: C:\WINDOWS\System32\stobject.dll --------------------- End of report, 8,201 bytes Report generated in 1.110 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

0

http://www.snapfiles.com/get/spysweeper.html Bill, if you haven't tried scanning with this Spy Sweeper yet, give it a try. I don't want to get too jubilant yet, but since I ran this scan and deleted some junk, that damn "media.fastclick" has not shown up yet. I ran it, and it did turn up 4 baddies.. 1. Com.com cookie 2. Dealtime cookie 3. Alexa toolbar 4. Bizrate cookie Give it a try, Bill, and post your results so we can compare our findings. I'm hoping that maybe we might get some relief with this...cross-our-fingers!! ~Tommyo

0

Well my friend, guess what.... yes, it has returned. That's it for me...I'm going to bed. I'll deal with this prick tomorrow. Have a good evening all; should anyone have any more advice; I'm sure were both all ears!! Many thanks! ~Tommyo

0

Open spybot go to settings/ignore products/cookies - and see if fastclick is checked...if it is unchecked it. I did some reseach on your problem but didn't come up with anything....good luck!

0

Hello colors, and thanks for the reply.. I'm gonna feel like an ass with this question, but I can't seem to locate Spybot's "settings"..... I have been looking for a half-hour now. How does one get into the settings??? Mine shows four different choices, but no option to get into the settings. Is it in the "advanced" part??? Many thanks!!! ~Tommyo

0

LOL! Your not ass:-) Yes, it's in the advanced mode I should have told you that....soooo sorry.

0

O.K.; I'm back... I went through everything, and all is un-clicked...except two entries.. 1. LSP.New.net (listed under "LSP") 2. SideStep (listed under "all products") I did see reference to "fastclick" there, but it is un-checked, which means Spybot will detect it. LOL!! I'm startin' to talk to myself...that's not a good sign. colors!! Thanks for the assistance; I'll keep on trying things here.. ~Tommyo

0

I have New.net(hijacker) and SideStep(adware)unchecked from my search that's what I came up with.

0

I found that section that you mentioned, and I removed the checkmarks on the following...... New.Net MySearch SideStep I ran another scan, and it did find a advertise.com tracking cookie. As of this writing, I don't yet know if it has eliminated the "media.fastclick"; I'll probably know by tomorrow morning when I really have a chance to do some surfing. Do you know how to decipher a HijackThis log, and a Start-Up log, colors? If you do, did you happen to see anything nasty in my logs? I'm gettin' blurry eyed trying to look up everything on google to try and determine what is legit. Think we'll call it a night shortly and resume some more in the morning. Have a nice evening, and thanks very much for your help; I appreciate it very much! ~Tommyo

0

I downloaded and used Spysweeper. So far (two hours) nothing shows up. Haven't browsed WND yet. Thats where I hear the "fastclick". I'll get back. Bill

0

Not really but I do like the challenge! I did go over your log/start-up then googled and check out some forums...took me a couple days I didn't find anything. It would bug the crap out of me to have what is going on with you. Since you didn't mention 'mysearch' I thought it was unchecked...you did good:-) It's getting late here I will get back to you tomorrow with some links on what to look in your start-up. Good night!

0

Hi Bill, nice to hear from you. Yes, please keep me advised, and I'll also let you know how I'm doing here on my end. So far tonight, no signs of it, but I'll know more tomorrow when I have more time to do some surfing. I'm trying to maintain my sanity, Bill. This damn thing had me talkin' to myself LOL !! Take care... ~Tommyo

0

Tommyo,your logs look clean,but can you enter task manager by clicking the ALT, CTRL,and DELETE key at the same time, and tell me if you see any of these files? iicc6.exe, plathping.exeduxdiag.exe, iic3ba.exe, _ps_inst.exe

0

Good morning, Joe..thank you for the reply, and for looking over my logs. I am relieved that they appear to be o.k. I looked through TaskManager, and there is no reference to that entry; so I assume that is a good thing. As of this writing, the "media.fastclick" has not yet appeared, but I have learned not to be very jubilant yet. I will know more a little later, when I do some surfing; gotta do the damn laundry now!! Thank you, Joe... I will post my findings in a bit, as soon as I give the comp the daily workout. ~Tommyo

0

Tommyo, Can you recall any recent changes you made? I keep a log on everything I (or my ISP) change, download, update, etc. I wonder what you and Bill had in common to both have this? Hopefully, the problem is gone! Start-up links: http://www.windowsstartup.com/wso/search.php http://www.windowsstartup.com/wso/search.php http://www.3feetunder.com/krick/startup/list.html http://www.azpchelp.com/StartupListQ-U.htm#S http://www.greatis.com/regrun3appdatabase.htm http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM Task list programs: http://64.233.161.104/search?q=cache:1dW_XTDALpoJ:www.answersthatwork.com/Tasklist_pages/tasklist.htm+Answers+That+Work&hl=en&ie=UTF-8 Pests: http://www.pestpatrol.com/PestInfo/adware.asp Good luck!

0

Tommyo,can you SHOW HIDDEN FILES AND FOLDERS by entering MY COMPUTER,then TOOLS,then FOLDER OPTIONS,then VIEW,then click off show hidden files and folders,then APPLY,then OK.After you complete this can you post another hijackthis log.I have a suspicion on what it is,but its going to take some digging to find out what your up against.

0

Hello colors and Joe... I can't recall making any changes. I did however, download a file from WinMX (music); that's about the only thing that I can think of....unless some sort of tracking cookie was implanted into the song. I also checked my folder options, and there is indeed a check-mark on "show hidden files and folders". I just returned from laundry, and have not yet really given the comp a thourough test, but again, as of this typing, it has not shown up. I'm not sure if this is important or not, but when that "media.fastclick" shows up, it only stays down in the taskbar, right near the "green start" button. No window or pop-ups ever appear, just that damn little box in the taskbar. I am concerned, as I stopped important transactions on my comp, until I figure this out. I don't really want to conduct any business transactions until I can get rid of this. Thanks so much, Joe and colors, for your continued help; and everyone else too..I know the thread is long. But, maybe we all will learn something new here LOL!! Bill, if you're still reading this...by any chance did you also download any music or files? We both have the same exact problem, and I'm wondering if we can maybe put 2+2 together. Thanks everyone; I shall return shortly...gotta go downtown and vote today; hometown prop 2.5 override questions... ~Tommyo

0

Last night after my last post the problem came back, "media fastclick" on the taskbar. This morning I booted up and it isn't there. I have DSL so am on the net right away. I browsed all over the place EXCEPT for 'drudgereport". It might be coming from there. at least being activated from there. I'll stay away from that site for the rest of the day and see what happens. Try it again tomorrow and see if I get activated by fastclick again. By the way I went to the fastclick site and asked them if they know what is going on. Don't really expect an answer tho.I'll post again tomorrow. Bill

0

Hello Bill, you have browsed Drudge Report before??? Me too!!!!! I wonder if that is where our problem is coming from. I also will stay away from that site and see what happens. Today, the damn thing came back, so I got pissed off and ran RegCleaner. I checked off for it to clean everything....the box that says "do them all".. It found orphan files, and about six other entries that I didn't know what they were. but because I chose to save for a backup, I got tee'd off enough and let it clean out everything found. Now, about 2 hours later, "fastclick" has not yet appeared. Of course, I have learned not to get jubilant yet though. I will keep you posted, Bill. And I'll also stay away from that Drudge Report, in case that is the source of the problem. Good luck...I will re-post here either later on tonight, or tomorrow after I do a lot of comp useage as a test. Take care! ~Tommyo

0

To all: I rec'd the following email from fastclick.com an answer to my question. Sueprised they answered. Anyway I followed their instructions. ----------- Dear William, Fastclick only authorizes the placement of advertisements on our publisher's websites. You can choose to block our ad program by installing the Opt-Out Cookie available at http://www.fastclick.com/v4/safe_optout.go. There have been rare incidents in which people have used our code maliciously. In these cases we usually recommend that you download a program such as Spybot or Ad Aware. These programs are freely available at www.download.com. We apologize for any inconvenience you may be experiencing, but can assure you that when we identify a publisher engaging in this type of activity we cancel their account immediately. Regards, Publisher Support Representative Fastclick, Inc. ------

0

Thank you Bill for posting that! I've read, and re-read, and I don't understand exactly what it is; but I will definitely go to that opt-out site and check it out. So far, and I'm really crossing my fingers here, the "fastclick" has not re-appeared since I cleaned with that RegCleaner utility. But, if it comes back, I will do the same as you, and try that opt-out. Man, we are learning stuff here, my friend!! Sure would be nice if either Adaware or Spybot would detect it; as they did not detect it on mine here after many, many scans. Thank you again Bill, and everyone who has offered help here.... I hope we both shall see relief here!! ~Tommyo

0

It's back!!! The optout did not work apparently.And I didn't go to drudge. Maybe I'lldo what you did tommyo and use the reg cleaner. Bill

0

http://www.sofotex.com/RegCleaner-download_L4965.html Oh, man... I'm really ticked to hear that, Bill. Mine has not yet returned as of this writing, but I wont celebrate yet. I listed the download site for RegCleaner for you, in case you want to give it a try. I really don't know much about fiddling around the registry, but as this utility has a backup feature, I felt somewhat confident about thoroughly cleaning it out. I was so ticked off at the time, I chose the "do them all" method. So far, all is well but I'm sure time will tell. Good luck; I'll keep you posted later on tonight or tomorrow morning, after I use the comp a little more. ~Tommyo

0

Yup, you guessed it!! Bill, don't rush too fast with the RegCleaner, as it has returned for me too. I went to google, and did a search for (golfer) Michelle Wei. Clicked onto a sight, and got the friggin' "media.fastclick" again. It appears that we are stuck here, and will probably have to wait for either Spybot or Adaware to include that reference file into a future update. I honestly cannot think of anything else to try here, as I am about 1 year into my first comp, and still learning some new things each day. I'm not yet "registry savy" enough to muck around in it. I did find a "fastclick" in my registry by accident, but I don't want to screw around with it until I know for certain what it is. I clicked "run", "regedit", and "history". In there, there are MANY entries for crapware files (casino, adwares, ect..). I certainly did not browse there, so I don't know if those are a quarantined file, or what. I'll have to try and google for an answer to see what that junk is. I'll keep you advised if and when I troubleshoot some more. I'll see if I can call my nephew, and ask him if he knows what in the hell that junk is. Take care, buddy....hang in there; keep your sanity!!!! ~Tommyo

0

Hello everyone, tommyo, just checking. Did you add those things to your HOST file? Just curious, is all. Thanks CrazyOne p.s. If you could give a screen shot, of it, that would be great. Also, does it change colors (Flash,blink) Thanks

0

Good morning, CrazyOne... I'm not exactly certain what you're referring to re entering the HOSTS file... I experimented quite a bit last night, and this "fastclick" will appear in the taskbar at random. For example; a site that would previously make it appear before, now will not produce it. And, sites that would not produce it before, now show it. The "fastclick" that appears is only a blue box in the taskbar; down by the green start button. If I point my cursor at it, a very long "http://......" briefly appears, but I cannot read it as it disappears quickly. I did make out the words "safepop" on it however. Also, when I right-click, the only options are to re-size, move, ect... no option for me to delete. I feel certain that it is hidden somewhere in my registry somewhere, but I don't know how to decipher registry things, so I'm afraid to muck around there. I did notice while in "regedit", "P3P', then "history", there is a "fastclick" there amongst MANY casino, advertisement type things.... I don't recall ever visiting those sites, and have no idea what they are doing there. I am also the only user of my comp, so I can't figure it out. I really don't know if I should try to delete that entire folder; I don't want to screw things up. Thanks you, CrazyOne for reading through all the posts... I realize it is quite long and maybe boring. but, maybe we will all learn something out of this LOL !! I searched the Adaware forums, and did find some other people who have the same problems as me and Bill, but there were no positive replies. So, at least I do know that we are not alone with this damn thing. Luckily, my comp is running fine. But I don't like the idea of the damn thing residing there, as now I stopped all my business transactions until I can get rid of this. Thanks again; I'll keep reading and searching for answers...maybe I'll get lucky!! ~Tommyo

0

I forgot to mention that I temp shutoff system restore, and scanned with EVERY type trojan/spyware scanner possible; in safe mode too. A search of "fastclick" through my search companion, showed mention of it in a back-up copy of my registry that I made months ago. I deleted the whole backup, but to no avail..

0

Tommyo,Bill, Search these files on pc: iicc6.exe, foontext.dll, plathping.exe, a3cd.dll, atkctirs.dll, daxtime.dll, drmv21clt.dll, eaxasc3.dll, eventlowg.dll, icbmp.dll, iudq.dll, kybdlt1.dll, thid.dll, ftpcutrs2.dll, duxdiag.exe, iic3ba.exe, jsgdw400.asm, _ps_inst.exe Search for these files in regedit: HKEY_CLASSES_ROOT \ clsid {029e02f0-a0e5-4b19-b958-7bf2db29fb13} HKEY_CLASSES_ROOT \ clsid {37b9ff8c-01d9-4fdc-a6a2-08183915c71d} HKEY_CLASSES_ROOT \ clsid {98349900-adc7-11d7-8515-0040050362d3} HKEY_CLASSES_ROOT \ clsid {a3a3043d-749e-433f-a26e-6227d5e9bfcd} HKEY_CLASSES_ROOT \ clsid {a94b52a0-0863-11d8-99de-444553540000} HKEY_CLASSES_ROOT \ clsid {d3512525-e159-421f-a154-a60a738f7f6d} HKEY_CLASSES_ROOT \ clsid {f53d14a9-c1e7-409d-8521-99032d94b1ba} HKEY_CLASSES_ROOT \ clsid {fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa} HKEY_CLASSES_ROOT \ ypelib {98349900-adc7-11d7-8515-0040050362d3} HKEY_CLASSES_ROOT \ ypelib {a3a3043d-749e-433f-a26e-6227d5e9bfcd} HKEY_CLASSES_ROOT \ ypelib {d212259d-4648-4903-9fbd-02e88785d33c} HKEY_LOCAL_MACHINE \ clsid {029e02f0-a0e5-4b19-b958-7bf2db29fb13} HKEY_LOCAL_MACHINE \ software \ classes \ clsid {3182c8ab-5a3e-4644-80da-647417799b11} HKEY_LOCAL_MACHINE \ software \ classes \ clsid {37b9ff8c-01d9-4fdc-a6a2-08183915c71d} HKEY_LOCAL_MACHINE \ software \ classes \ clsid{a94b52a0-0863-11d8-99de-444553540000} HKEY_LOCAL_MACHINE \ software \ classes \ clsid {d3512525-e159-421f-a154-a60a738f7f6d} HKEY_LOCAL_MACHINE \ software \ classes \ clsid {fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{37b9ff8c-01d9-4fdc-a6a2-08183915c71d} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{a94b52a0-0863-11d8-99de-444553540000} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{d3512525-e159-421f-a154-a60a738f7f6d} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{3182c8ab-5a3e-4644-80da-647417799b11} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ unplathping.exeSearch these files on pc: iicc6.exe, foontext.dll, plathping.exe, a3cd.dll, atkctirs.dll, daxtime.dll, drmv21clt.dll, eaxasc3.dll, eventlowg.dll, icbmp.dll, iudq.dll, kybdlt1.dll, thid.dll, ftpcutrs2.dll, duxdiag.exe, iic3ba.exe, jsgdw400.asm, _ps_inst.exe Search for these files in regedit: HKEY_CLASSES_ROOT \ clsid {029e02f0-a0e5-4b19-b958-7bf2db29fb13} HKEY_CLASSES_ROOT \ clsid {37b9ff8c-01d9-4fdc-a6a2-08183915c71d} HKEY_CLASSES_ROOT \ clsid {98349900-adc7-11d7-8515-0040050362d3} HKEY_CLASSES_ROOT \ clsid {a3a3043d-749e-433f-a26e-6227d5e9bfcd} HKEY_CLASSES_ROOT \ clsid {a94b52a0-0863-11d8-99de-444553540000} HKEY_CLASSES_ROOT \ clsid {d3512525-e159-421f-a154-a60a738f7f6d} HKEY_CLASSES_ROOT \ clsid {f53d14a9-c1e7-409d-8521-99032d94b1ba} HKEY_CLASSES_ROOT \ clsid {fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa} HKEY_CLASSES_ROOT \ ypelib {98349900-adc7-11d7-8515-0040050362d3} HKEY_CLASSES_ROOT \ ypelib {a3a3043d-749e-433f-a26e-6227d5e9bfcd} HKEY_CLASSES_ROOT \ ypelib {d212259d-4648-4903-9fbd-02e88785d33c} HKEY_LOCAL_MACHINE \ clsid {029e02f0-a0e5-4b19-b958-7bf2db29fb13} HKEY_LOCAL_MACHINE \ software \ classes \ clsid {3182c8ab-5a3e-4644-80da-647417799b11} HKEY_LOCAL_MACHINE \ software \ classes \ clsid {37b9ff8c-01d9-4fdc-a6a2-08183915c71d} HKEY_LOCAL_MACHINE \ software \ classes \ clsid{a94b52a0-0863-11d8-99de-444553540000} HKEY_LOCAL_MACHINE \ software \ classes \ clsid {d3512525-e159-421f-a154-a60a738f7f6d} HKEY_LOCAL_MACHINE \ software \ classes \ clsid {fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{37b9ff8c-01d9-4fdc-a6a2-08183915c71d} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{a94b52a0-0863-11d8-99de-444553540000} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{d3512525-e159-421f-a154-a60a738f7f6d} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{3182c8ab-5a3e-4644-80da-647417799b11} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ unplathping.exe

0

Tommyo, #12523 Can someone please review... Response Number 5, is what I was referencing ;-) So, let me see if I understand a couple of things, ok. If you're not on the internet, no fastclick. Yes Bill, I remember you have DSL, back to that later. Wait a minute, you're both on an on all the time connection, yes. Time to go back and read something.... yes, you both are :-) And yes tommyo, there's a few posts there to read :-) So, I'll start again. If you both leave the computers on, and IE open (on one page, not surfing around). Do you have this appear? What I'm saying, is clean the cache, temp folder, history, and open one window and leave it there. Does it appear, after awhile? Or do you have to be going, to different sites, for it to appear. About that screen shot, you also could use that, to catch all of what appears. When you put your pointer over it. Hit, make that tap, the Print Screen (button), and open your clipboard, and there it will be. tommyo, you said at the adaware forum, there are people with the same problem. Could you give a link, please. Thanks Will look, at all of the post again. Check back later, CrazyOne

0

http://www.lavasoftsupport.com/index.php?showtopic=30418 Hello CrazyOne and Joe....wow, this will take me some time Joe, so I will try and look for those reg entries today.... i might not be able to reply for some time though, as I'm not registry savvy. Yes, CrazyOne, I also am on Comcast cable connection. Each evening, I shut off my computer; I have always done this since I bought it 14 months ago. I do leave on my Motorola Surfboard modem, though. The Comcast service tech advised me to just let it stay on......is this o.k. to do??? Also, yes with the "fastclick" appearing; only when Internet Explorer is open. But, sometimes it appears only after opening 3 or 4 websites...(not nasty sites..legit ones) I will try your suggestion today re leaving one webpage open; to see if it appears on it's own that way. At this writing, I'm led to believe that it will appear at the exact time a new page/website is opened. And the "title/number" is always different...for example; "media24.fastclick"; or "media18.fastclick". The number is always a different number. And it just sits there in the taskbar right next to the green start button.....no pop-ups at all...only the small taskbar box. Thanks guys for staying with me, and helping me with this; I know it is quite confusing and the thread is very long... I am almost at the point of throwing in the towel, but I worry about business transactions, and what this friggin' fastclick is tracking... I will post again this evening; might take me quite some time as I have a lot to search for. ~Tommyo

0

Tommyo,just take 1 step at a time.Post back with any info,and dont forget to show hidden files in folders before you search for those files i listed.This was a deja vous of a post about a few people that had the Actulice problem,and i ended finding out that it was a new variant of winpup which spybot,and adaware werent able to detect. is a really nasty,and sneaky spyware.If spybot,adaware cant detect this thing,it gives me the assumption that its a new variant of some sort.I have a big suspicion on what it is,but i will have to find out more info in order to confirm what i think it is.

0

Thanks for that info, Joe...yes, I think too that it is something new. Now, here is something interesting. I just ran my dearch companion again for "fastclick", and it showed up in these 4 places.... 1. a registry back-up that I made (I just deleted it) 2. Adaware-log 27-10-2003 3. Adaware-log 26-10-2003 4. Adaware-log 1-10-2003 Note that in the Adaware logs, when I point to it, it says it is a "text document" in C:\program files\Lavasoft Does this help out at all? Could it be that it is indeed in an old Adaware scan that I did some time ago? I will continue searching, and return back here shortly. http://www.wilderssecurity.com/archive/index.php/t-15594 I also stumbled onto this Wilder forum info, but I really don't quite understand the response given..

0

I came to post again and see CrazyOne is wondering about some of the same things:-) Do you have a popup stopper? Do you clean up your temp, temporary internet files, recycle bin, delete history, defrag and scandisk? Joe, Doing a search for those files (iicc6.exe, foontext.dll, etc.) won't that show up in regedit and confuse tommyo? Tommyo, if you go into regedit do a backup. Click Registry/Export Registry file/ file name:/ type in: backup/ save/ save to desk top. I see you have XP I hope it's the same steps? I found this thread interesting but not really what you are doing with. http://www.softwaretipsandtricks.com/forum/showthread.php?s=f04b3bdddacf4154f9c4375c71a139d6&threadid=11534&perpage=15&pagenumber=1 I will check back later.

0

Tommyo, You've more perseverance than me. I won't spend all my time on this. It does peeve me somewhat but at this point it is only an inconveneince. I hope. Will continue to follow the thread and if I find anytrhing will jump in. Will fololw Joe's suggestions and let everybody know the results. Bill

0

These files are not in the registry: (iicc6.exe, foontext.dll, etc. These files are....... HKEY_CLASSES_ROOT \ clsid {029e02f0-a0e5-4b19-b958-7bf2db29fb13} HKEY_CLASSES_ROOT \ clsid {37b9ff8c-01d9-4fdc-a6a2-08183915c71d} HKEY_CLASSES_ROOT \ clsid {98349900-adc7-11d7-8515-0040050362d3} HKEY_CLASSES_ROOT \ clsid {a3a3043d-749e-433f-a26e-6227d5e9bfcd} HKEY_CLASSES_ROOT \ clsid {a94b52a0-0863-11d8-99de-444553540000} HKEY_CLASSES_ROOT \ clsid {d3512525-e159-421f-a154-a60a738f7f6d} HKEY_CLASSES_ROOT \ clsid {f53d14a9-c1e7-409d-8521-99032d94b1ba} HKEY_CLASSES_ROOT \ clsid {fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa} HKEY_CLASSES_ROOT \ ypelib {98349900-adc7-11d7-8515-0040050362d3} HKEY_CLASSES_ROOT \ ypelib {a3a3043d-749e-433f-a26e-6227d5e9bfcd} HKEY_CLASSES_ROOT \ ypelib {d212259d-4648-4903-9fbd-02e88785d33c} HKEY_LOCAL_MACHINE \ clsid {029e02f0-a0e5-4b19-b958-7bf2db29fb13} HKEY_LOCAL_MACHINE \ software \ classes \ clsid {3182c8ab-5a3e-4644-80da-647417799b11} HKEY_LOCAL_MACHINE \ software \ classes \ clsid {37b9ff8c-01d9-4fdc-a6a2-08183915c71d} HKEY_LOCAL_MACHINE \ software \ classes \ clsid{a94b52a0-0863-11d8-99de-444553540000} HKEY_LOCAL_MACHINE \ software \ classes \ clsid {d3512525-e159-421f-a154-a60a738f7f6d} HKEY_LOCAL_MACHINE \ software \ classes \ clsid {fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{37b9ff8c-01d9-4fdc-a6a2-08183915c71d} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{a94b52a0-0863-11d8-99de-444553540000} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{d3512525-e159-421f-a154-a60a738f7f6d} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{fad0b5cb-1ec4-4f37-8ecb-520faf3b9afa} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ explorer \ browser helper objects{3182c8ab-5a3e-4644-80da-647417799b11} HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ unplathping.exe

0

Tommyo or bill,if you confirm any of these files, only 1,Then ill tell you exactly what you have.Thats why im asking you guys to search for them.All i need is 1 confirmatiom of 1 file.

0

I understand.. i will search, but I'll need some time though, as I've got a ton of searching to do. Is there a way I can search those through my search companion; or do I have to read the entire registry?? I ask because I am not very good with the registry at all... Hi colors, glad you're here too; yes, I did clean out all off-line content, history, cookies, I purged/cleaned out the prefetch files, also I run scandisk once a month as normal maintenance, and I defragged monthly too. If I make another reg back-up, I think I'll be backing up the fastclick also; as I did a back-up a few days ago, and when searching with search companion, fastclick shows in the registry backup....so I'm led to believe it is indeed hidden inside my registry somewhere. Joe, I will start the process of searching all those things you listed...wow, this is gonna take some time, but I will start. Would you folks maybe want to start another thread, as this is getting rather long??? I don't think Kevin or Justin will mind starting a new one, as there is a lot of scrolling here....let me know... thanks.. ~Tommyo

0

CWShredder v1.59.1 scan only report Please understand that a CWShredder 'Scan only' report might not be sufficient to troubleshoot an infected system. You can use HijackThis for that: http://www.merijn.org/files/hijackthis.zip http://www.spywareinfo.com/~merijn/files/hijackthis.zip Windows XP (5.01.2600 SP1) Windows dir: C:\WINDOWS Windows system dir: C:\WINDOWS\System32 AppData folder: C:\Documents and Settings\Thomas Orzech\Application Data Username: Thomas Orzech Found Hosts file: C:\WINDOWS\System32\drivers\etc\hosts (74 bytes, A) Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe, Found Win.ini file: C:\WINDOWS\win.ini (554 bytes, -) Found System.ini file: C:\WINDOWS\system.ini (435 bytes, -) - END OF REPORT - I did a scan last evening; is there anything here that shows anything wrong??

0

When your dealing with a new variant with no updated defs for removers,you will have to do it the hard way.Your log looks clean. Too use the regedit: Click START,then RUN,and type in regedit,then click OK.When your in the registry,click the CTrl key,and F key at the same time,and then you will recieve a search popup.Type in those registry files in the search area,and click FIND SEARCH.It will look for those files.If it finds them it will highlight them in blue,but make sure that its the exact file names that i provided.

0

O.K. Joe, I will do.... Please bear with me, as it will take me some time....this is very new to me.. Also, for the hell of it, I just ran Pest Patrol, and it turned up this.... CWS.GoogleMS.3 - hijacker the location was given as this.... HKEY_current_user\software windows\current version\internet settings\zonemap\domains\xxxtoolbar,com I remember reading somewhere, that some false positives were being reported on Pest patrol, and people who use McAfee (which I do); it's unknown to me if in fact I do have this CWS or not, but thought I'd mention it in case it's important. I will now start that search, Joe..it's gonna take me some time...I will be back.

0

I also have read about the false positive that pestpatrol reports,but its better to be safe,then sorry.I would check to see if its there,and if it is?i would delete it.Take your time,ill get back to you in a few years..LOL!!

0

Thank you, my friend LOL !!! It's probably gonna take that long! Maybe we'll set a record for # of posts, but something tells me many people are reading and/or learning along with us, and hopefully we'll also help others too. I'll return, maybe much later, but I'll return...

0

Tommyo, Just adding, a little to what JOE said. And don't use the whole thing Joe wrote, just the last part of each one. In regedit, click "Edit", then "Find..." Then mark(check), Keys, Values, Data, and Match whole string only. Then, put what you're looking for, in the box. e.g.; {029e02f0-a0e5-4b19-b958-7bf2db29fb13} Then click the "Find Next" (button). That's a generic description, yours may differ. About the second link you gave, and what I said. This, will help explain. I'm also wondering, well, thinking, if you disabled Active scripting in IE, it wouldn't appear. If there was a script, on a page (what am I saying, a lot of pages), for a popunder, and it's getting done that way. Sorry about that ;-) got to thinking out loud again :-) And about leaving the modem on. Yes, what you were told, is what I would of said. Well, back to the grind stone, hehe. Later, CrazyOne

0

Hi again.. I did the registry search for all of those in responses # 39, and # 46. Every one of them came up with nothing; I hope I did it correctly. Can you tell me if it was o.k. to "copy & paste" each item? If that was o.k., the reg search did not turn up anything; after I pasted the entire string into "find box", I hit "find next", and in about 2 seconds, another little pop-up box reported "finished seaeching through the registry". That's all it said, so I'm assuming that it found nothing on each search. I have not searched the dll's in response # 39 yet.. I will do this after dinner here tonight. Is there a faster way to search these? As it takes forever for search companion to seach the entire comp for each individual one. I'll resume after dinner. Thanks again, very much!!

0

To Joe rewgarding response #39. I did a search of the reg using regedit. NOTHING. The search of the PCfound "atkctirs.dll" in C;/windows/system32. Now what? Bill

0

Well gentlemen, I am very close to throwing in the towel here. The very first website that I just went to, yup, you guessed it. I searched all of those dll's, and came up blank. So this thing is imbedded somewhere, probably deep in the registry. I am out of ideas, as probably you are too. The funny thing is, maybe this thing is totally harmless, and just an annoyance. but, if I do banking or other business, now I've got to worry if the friggin' thing is tracking info. What would you guys do in a case like this?? As I said, my comp is running fine, and fortunately I do not get any pop-ups, just the damn "fastclick" in the small box in the taskbar. I'm still open for ideas, but I realize we tried just about everything here. Please feel free to offer any additional insight if you can think of anything that hasn't been tried yet. I can't say thank you enough.....I am so grateful for your help, and willingness to stick with me and try new solutions. Thank You!!! That's what makes this forum the best of its' kind; great people here! Some day, as I learn more about computers, I hope I too can help some folks out also, but as I'm still learning my first comp here, I've got a ways to go. Thanks again.... I'll keep on searching for a while longer, and if I spot anything that could be beneficial info, I will post it on this thread.. ~Tommyo

0

Hi Bill, didn't know you were still here... At least you found something LOL ! I come up blank no matter what I do !!! I'll stick around for a bit, and see how you make out. Goog luck, Bill...

0

Tommyo,are you sure you dont have those files i submitted?Did you make sure you showed hidden files and folders? Bill,that file belongs to one of the nastiest spyware around,and it confirms my suspicion,and hopefully this is not a coincidence .The file belongs to ADGOBLIN.I know for a fact that spybot has this nasty in its defs to detect it,but this must be a new variant with very limited info,and until spybot,or Ad-Aware come up with defs to detect it it has to be removed the hard way. Bill,is it a file or folder?If it is a folder click on it and tell me if there is any files,names?If it is a file only,right click on the file,and select PROPERTIES,and post back with all the info on it.

0

Bill while you are searching enter task manager by clicking CTRL,ALT, and DELETE at the same time and tell me if this file is in there? file: plathping.exe

0

Hi Joe; yes, I did scan all hidden files and folders. I am going to try again, though. When you search with search companion, and it asks you where you want to look for an item, I usually check-off "my computer". Is this the best/most thorough way??

0

Go to START,then click SEARCH,then select ALL FILES AND FOLDERS,and search for those files.

0

I dont no what os your running but just incase here is how to show hidden files and folders. Windows ME Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Click Start, Programs and Accessories and open Windows Explorer. Select a hard drive from the left hand side of the Windows Explorer window. Select View the Entire contents of this drive. Windows 2000 Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Windows XP Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.

0

O.K. Joe, I did do it correctly; and I re-searched again just to make certain. Still no sign of atkctirs.dll anywhere. Well folks, I am blurry eyed here, and must get up early in the morning, but I will resume again tomorrow for one last try. Maybe I'll be forced to wait until either Spybot or Adaware updates the proper definition for it; I sure hope it is soon LOL ! I'll check in again tomorrow morning just in case some new thoughts or ideas come up. Thanks again so much, everyone... and have a nice evening. Maybe tomorrow will be the day! ~Tommyo

0

http://www.securemost.com/articles/trou_5_mydoomb.htm Before I hit the hay for the night; I stumbled onto this ; but it pertains to MyDoom virus. There is mention of fastclick here, and about the hosts files. Tomorrow, I'll have to figure out how to view the hosts files and/or scan for MyDoom. All my McAfee definitions are always up to date, but I'll re-scan again tomorrow morning. Goog night all... I must wake up very early in the morning..thank you again! ~Tommyo

0

My error ,Joe. When I searched I entered "atkctrs "instead "atkctirs", so I gave you bad info. Sorry. Bill I thought we might be getting somewhere.

0

Hello all...just an update here. I have just spent the last 4 hours searching the following, and all in safe mode.... CWShredder McAfee Virus Scan McAfee Stinger Spybot Adaware Spy Sweeper All find nothing, so I am at a loss here, gentlemen. Today, there was a McAfee update for their Virus Scan, so I "crossed-my-fingers" hoping it would detect something...nope. It appears that I'll just have to put up with the annoyance, and hope it does not track any personal business. Perhaps this is some kind of new variant, and the exact definition has not yet come out in Adaware and Spybot. Thank you all so much, for your patience and help; I am very grateful!! At least we can say that "we threw everything possible at it"..... Should anything change, or if I finally do get lucky and figure this out, I will post it and keep you informed. Thank you again, Joe, colors, and CrazyOne! Bill, good luck with yours, too...keep me posted if you get lucky, o.k.? Take care.. ~Tommyo

0

Tommyo,Bill.Were you guys ever infected with the mydoom virus?I found some interesting info at this link about mydoom redirecting ip address to fastclick.net. INFO FOR TOMMYO AND BILL

0

Hello Joe... No, I have not had any type of virus infection; I have been doing daily scans with McAfee, as well as many other free virus, trojan, and spyware scans I could find. I also just did the Panda virus scan at the link you provided. I also read a few days ago, that there could be a connection between MyDoom and "fastclick", but every type of scan shows the comp is clean. As of this typing, I have not yet had a chance to do much web surfing, as I really spent over four hours today, scanning everyplace, with everything I could think of. I even disabled system restore, deleted the registry back-up that I made weeks ago, and also scanned in safe mode....all to no avail. Today, I did install something called "cookie wall", so I am going to see if at least I can obtain some info, when and if the "fastclick" shows up. The cookie wall has options to always block, or prompt, so I'll see if I can obtain some info through it. I can't think of anything else, Joe.. I am really baffled here... Today, I was so disgusted, I almost felt like re-installing from scratch. But, that is way beyond my expertise here; I would have to get my nephew to help with that. Then there is the though of backing up all my documents, photos, ect...... A really big procedure. Dell did supply me with a re-installation CD, and other CD's for drivers and such, but I've necer did anything of that magnitude before. I kind of think I'll have to wait this thing out, and hope that Adaware or Spybot will soon detect it. Maybe it is something new. Oh, I forgot to mention... I did repeated port scan tests on that Shields-Up Port Scanner site; and all my service ports are fully stealthed, so that is good news at least. I'll let you know if I discover anything new, Joe. Maybe this "cookie wall" will at least prompt me to block the damn thing; I hope LOL!!! I'll let you know, if not by this evening, then tomorrow when I have a good chance to surf. Thank you, Joe, for your continued help!! ~Tommyo

0

Is the fastclick in your trusted zone in zonealarm?If you find it you can place it in your restricted zone,and see if that helps.

0

Hi Joe, yeah, I checked everywhere in Zone Alarm, and it is not there anywhere. Neither in trusted or restricted zones; there is no reference to it anywhere. Tomorrow, I'll have a better chance to do some more testing/searching as I'm gonna have to retire for the evening. I had a busy day today, and can't keep my eyes open (yawn!) Where abouts are you located, Joe? I am in Massachusetts. You've been a tremendous help to me..just curious where you are located. Have a nice night, Joe... I'll talk to you tomorrow. Good night.. ~Tommyo

0

Im near buffalo Newyork.Give it a week or 2 and more info will emerge on the fastclick.I viewed a hijack this log with fastclick right in it,and yours and bills is know were to be found.I havent given up,and i wont until i figure out what this thing is,and were it is.just post back with any info that can help me to track down this nasty.

0

I forgot to ask you,and you forgot to submitt a hijack this log when hidden files and folders is applied.When you have a chance,submitt a new log.First show hidden files and folders,then paste back a new log.

0

No, Joe, I haven't had any virus's. I agree that somebody will probably find the answer to this. I'm waiting. By the way, I am in Fresno, California and 73 years old. Boy is it hot here. Bill

0

Tommyo & Bill, Can/would either one of you, do as I said about the HOST file? Maybe you have, but I can't find where either of you said you had. If you are using spybot s&d, you would just add them after; # End of entries inserted by Spybot - Search & Destroy Put these following things, right before, and after the stuff you add. That way, you can keep track of your additions, and can change, if need be. # Things I added to my host file # End of the things I added Now, again, if you're using spybot s&d, and you're going to use the HOST file, at the link I provided. Download it, unzip it, open it in wordpad (or any text editor), then copy & paste the contents of it, into your HOST file. After what I said previously. Also, your HOST file will be "Read-only" (Well it should be). So to do these changes. You have to right-click the HOST file, then click Properties, and uncheck the Read-only, click OK. Now, after you've made your changes. Go back and do the same, but check the Read-only. As I asked before, does this appear, if you open IE up (running), and don't go to any more sites. That's stay at the startpage, homepage. And about the active scripting. I know all things on different sites won't work with out it. (some, won't work at all) But, try disabling it, and see if appears. Later, CrazyOne

0

Also, I forgot to ask. Did either one of you, take a screen shot. So you could write all it says, when you hover your pointer over it. Thanks, CrazyOne

0

Hi CrazyOne...I'm a little ashamed to say, but I don't really know how to view the hosts files.... I did look everywhere, but I can't seem to find where they are stored. I also don't yet have it figured out how to post a screenshot. That's because I am still learning my first computer here. Even though I am 49 years old, my nephews finally convinced me to buy one LOL !!! So, I guess I'm a "late-bloomer" ! But, I am trying to learn everything I can, and I am still determined to troubleshoot this too. Shortly, I will run another HijackThis log, and I will try to post it here. Might have to be this afternoon though, as I have a t.v. repairman coming any time know, to look at my t.v.; so I might be a little tied up for a while....but I will re-post. I will also try to figure out what you mean re Spybot and the adding hosts. Many thanks! ~Tommyo

0

Logfile of HijackThis v1.97.7 Scan saved at 11:38:55 AM, on 7/1/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\DSentry.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\Thomas Orzech\Local Settings\Temporary Internet Files\Content.IE5\UPE7EHUR\HijackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thebostonchannel.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [WorkFlo(1)] E:\BrdJmp\WorkFlow.exe O4 - HKLM\..\Run: [WorkFlo] D:\BrdJmp\WorkFlow.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: TREND MICRO HouseCall (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37872.6596412037 O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

0

Here's a screen shot showing the fastclick stuff. OH OH, Tried to paste it in and it won't paste. Will paste to WordPerfect though. HOW? Bill

0

Tommyo,and Bill.Here is a link and follow the instructions,you can paste back a copy of your host files,and you can block certain host like fastclick.Let me know after your done?Im gonna find this pest if it takes me 2 years.Momma always said im stuborn like a mule.LOL!! TOMMYO AND BILL CLICK HERE"

0

Hi Joe...I will go to that site right after I post this. I just opened my Task Manager, and in the "processes" part, there is this entry....... cookie.exe I don't recall that bieng there before, but I could be wrong. It is not taking any CPU usage; and the mem usage is 2,780K Is this a legit entry? I tried searching for info on the site "answers that work", but there is no info on it. Maybe it is a legit entry, I don't know; but thought I'd mention it. I'll now go to that site you provided above. Be back soon...I hope, as I'm still waiting for a t.v. repairman to arrive today. ~Tommyo

0

Joe, please excuse my ignorance!! I just remembered that I installed Cookie Wall last night.... that's probably what that entry is.... sorry; I'm trying' to learn, but I've got some ways to go LOL !

0

Your welcome! (Response to #67) Adaware update give it a try:-) I wonder if the fastclick icon is just a piece of crapware from what ever tried to load on your pc and failed?? Just a thought...

0

Not much luck in downloading that hosts file, Joe. It appears to download, seems to create a compressed file, and when I open it, it appears to be an outdated file from June..... does not appear to be mine. The size is mammoth and appears to be a library of all types of hosts...does not appear to be mine at all. I tried downloading this 4 times; each time with the same result. If I were to try and copy/paste it here, the thread would extend to "China"... I did quite a bit of experimenting this morning; and I wonder if this will be of any help. The "fastclick" would always appear when I opened Internet Expolrer. For the heck of it, I changed my homepage, and put in google. I then noticed that the next few times I opened Internet Explorer, the "fastclick" did not appear. Now, I got to wondering why... so I went to the website that I used to have as my homepage, and sure as s---, the "fastclick" appeared. The homepage that I had for over a year, was WWLP t.v., ch. 22 news, here in Springfield, MA. There is one more website that brings on this "fastclick". It is "jigzone"; which is a site to do puzzles. If I browse google searches, or other websites that I have in my favorites folder, "fastclick" does not show up. This must explain why I always saw "fastclick" so often, before I changed my homepage. Because I had WWLP ch. 22 news as my homepage, it would always open as soon as I opened Internet Explorer. I hope I didn't confuse you, Joe.... I tried to explain it the best I could. Does any of this make sense to you? At this point, I guess the obvious answer is to stay away from those two know sites that bring on "fastclick". But, of course it still is a mystery as to whether or not it is secretly imbedded in my registry. I probably wont be able to re-post for a little bit, as I have a t.v. tech coming to adjust the color of my new widescreen t.v. But I will check back in asap, o.k.? Thanks very much, Joe. I think we are gonna set a record for the number of posts LOL !!! Maybe kevin or Justin will save this one for the archives!!! I'll be back asap... ~Tommyo

0

Your log looks clean.Too add to what colors said,set your settings in Adaware to scan Memory$Registry,and drives and folders.Make sure they are all checkmarked in green before you scan.After your done you can post a Adaware log,and ill take a peek in there.

0

Lavasoft Ad-aware Personal Build 6.181 Logfile created on :Thursday, July 01, 2004 4:13:07 PM Created with Ad-aware Personal, free for private use. Using reference-file :01R325 27.06.2004 ______________________________________________________ Reffile status: ========================= Reference file loaded: Reference Number : 01R325 27.06.2004 Internal build : 257 File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref Total size : 1274298 Bytes Signature data size : 1253786 Bytes Reference data size : 20448 Bytes Signatures total : 27864 Target categories : 10 Target families : 507 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:31 % Total physical memory:260592 kb Available physical memory:80692 kb Total page file size:641080 kb Available on page file:456028 kb Total virtual memory:2097024 kb Available virtual memory:2050208 kb OS: Ad-aware Settings ========================= Set : Activate in-depth scan (Recommended) Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-aware Settings ========================= Set : Unload recognized processes during scanning Set : Include basic Ad-aware settings in logfile Set : Include additional Ad-aware settings in logfile Set : Let windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Always back up reference file, before updating Set : Play sound if scan produced a result 7-1-2004 4:13:07 PM - Scan started. (Custom mode) Listing running processes ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ #:1 [smss.exe] FilePath : \SystemRoot\System32\ ThreadCreationTime : 7-1-2004 5:22:35 PM BasePriority : Normal #:2 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ThreadCreationTime : 7-1-2004 5:22:40 PM BasePriority : High #:3 [services.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-1-2004 5:22:42 PM BasePriority : Normal FileSize : 99 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe OriginalFilename : services.exe ProductName : Microsoft Created on : 8/29/2002 10:00:00 AM Last accessed : 7/1/2004 8:13:07 PM Last modified : 8/29/2002 10:00:00 AM #:4 [lsass.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-1-2004 5:22:42 PM BasePriority : Normal FileSize : 11 KB FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe OriginalFilename : lsass.exe ProductName : Microsoft Created on : 8/29/2002 10:00:00 AM Last accessed : 7/1/2004 8:13:07 PM Last modified : 8/29/2002 10:00:00 AM #:5 [svchost.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-1-2004 5:22:44 PM BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 8/29/2002 10:00:00 AM Last accessed : 7/1/2004 8:13:07 PM Last modified : 8/29/2002 10:00:00 AM #:6 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 7-1-2004 5:22:44 PM BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 8/29/2002 10:00:00 AM Last accessed : 7/1/2004 8:13:07 PM Last modified : 8/29/2002 10:00:00 AM #:7 [lexbces.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-1-2004 5:22:48 PM BasePriority : Normal FileSize : 296 KB FileVersion : 7.4 ProductVersion : 7.4 Copyright : (C) 1993 - 2002 Lexmark International, Inc. CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service OriginalFilename : LexBceS.exe ProductName : MarkVision for Windows (32 bit) Created on : 10/14/2002 8:03:18 PM Last accessed : 7/1/2004 8:13:07 PM Last modified : 10/14/2002 8:03:18 PM #:8 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-1-2004 5:22:49 PM BasePriority : Normal FileSize : 50 KB FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe OriginalFilename : spoolsv.exe ProductName : Microsoft Created on : 8/29/2002 10:00:00 AM Last accessed : 7/1/2004 8:13:07 PM Last modified : 8/29/2002 10:00:00 AM #:9 [lexpps.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-1-2004 5:22:49 PM BasePriority : Normal FileSize : 170 KB FileVersion : 7.4 ProductVersion : 7.4 Copyright : (C) 1993 - 2002 Lexmark International, Inc. CompanyName : Lexmark International, Inc. FileDescription : LEXPPS.exe InternalName : LEXPPS OriginalFilename : LEXPPS.exe ProductName : MarkVision for Windows (32 bit) Created on : 10/14/2002 8:00:41 PM Last accessed : 7/1/2004 8:13:07 PM Last modified : 10/14/2002 8:00:41 PM #:10 [explorer.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 7-1-2004 5:22:50 PM BasePriority : Normal FileSize : 980 KB FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer OriginalFilename : EXPLORER.exe ProductName : Microsoft Created on : 8/29/2002 10:00:00 AM Last accessed : 7/1/2004 7:49:47 PM Last modified : 8/29/2002 10:00:00 AM #:11 [hkcmd.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 7-1-2004 5:22:55 PM BasePriority : Normal FileSize : 112 KB FileVersion : 3,0,0,2023 ProductVersion : 7,0,0,2023 Copyright : Copyright 1999-2002, Intel Corporation CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD OriginalFilename : HKCMD.exe ProductName : Intel(R) Common User Interface Created on : 1/1/1980 5:00:00 AM Last accessed : 7/1/2004 8:13:08 PM Last modified : 1/13/2003 6:53:10 PM #:12 [dsentry.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 7-1-2004 5:22:55 PM BasePriority : Normal FileSize : 28 KB FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 Copyright : Copyright CompanyName : Dell - Advanced Desktop Engineering FileDescription : DVDSentry InternalName : DVDSentry OriginalFilename : DSentry.exe ProductName : Dell - DVDSentry Created on : 8/14/2002 11:22:52 PM Last accessed : 7/1/2004 8:13:08 PM Last modified : 8/14/2002 11:22:52 PM #:13 [mcagent.exe] FilePath : C:\PROGRA~1\mcafee.com\agent\ ThreadCreationTime : 7-1-2004 5:22:55 PM BasePriority : Normal FileSize : 240 KB FileVersion : 4, 3, 0, 27 ProductVersion : 4, 3, 0, 0 Copyright : Copyright CompanyName : Networks Associates Technology, Inc FileDescription : McAfee SecurityCenter Agent InternalName : mcagent OriginalFilename : mcagent.exe ProductName : McAfee SecurityCenter Created on : 6/24/2004 12:33:45 PM Last accessed : 7/1/2004 8:13:08 PM Last modified : 12/8/2003 7:38:52 PM #:14 [directcd.exe] FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\ ThreadCreationTime : 7-1-2004 5:22:56 PM BasePriority : Normal FileSize : 668 KB FileVersion : 5.3.5.10 ProductVersion : 5.3.5.10 Copyright : Copyright (c) 2001-2003, Roxio, Inc. CompanyName : Roxio FileDescription : DirectCD Application InternalName : DirectCD OriginalFilename : Directcd.exe ProductName : DirectCD Created on : 12/17/2002 5:28:00 PM Last accessed : 7/1/2004 8:13:08 PM Last modified : 7/20/2003 12:20:18 AM #:15 [support.exe] FilePath : C:\Program Files\Common Files\Dell\EUSW\ ThreadCreationTime : 7-1-2004 5:22:56 PM BasePriority : Normal FileSize : 288 KB FileVersion : 2, 0, 0, 34 ProductVersion : 1, 0, 0, 1 Copyright : Copyright CompanyName : Dell FileDescription : Support InternalName : Support OriginalFilename : Support.exe ProductName : Dell Support Created on : 12/13/2002 9:05:08 PM Last accessed : 7/1/2004 8:13:08 PM Last modified : 9/19/2003 7:46:26 PM #:16 [cisvc.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-1-2004 5:22:57 PM BasePriority : Normal FileSize : 5 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe OriginalFilename : cisvc.exe ProductName : Microsoft Created on : 8/29/2002 10:00:00 AM Last accessed : 7/1/2004 8:13:08 PM Last modified : 8/29/2002 10:00:00 AM #:17 [mcvsshld.exe] FilePath : C:\PROGRA~1\mcafee.com\vso\ ThreadCreationTime : 7-1-2004 5:22:58 PM BasePriority : Normal FileSize : 160 KB FileVersion : 8, 0, 0, 15 ProductVersion : 8, 0, 0, 0 Copyright : Copyright CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan ActiveShield Resource InternalName : msvcshld OriginalFilename : mcvsshld.exe ProductName : McAfee VirusScan Created on : 10/3/2003 8:36:18 PM Last accessed : 7/1/2004 8:13:08 PM Last modified : 8/18/2003 1:50:34 AM #:18 [notifyalert.exe] FilePath : C:\Program Files\Dell\Support\Alert\bin\ ThreadCreationTime : 7-1-2004 5:22:58 PM BasePriority : Normal FileSize : 344 KB FileVersion : 2.1.0.64 ProductVersion : 2.1.0.64 InternalName : NotifyAlert.exe OriginalFilename : NotifyAlert.exe Created on : 9/19/2003 7:45:42 PM Last accessed : 7/1/2004 8:13:08 PM Last modified : 9/19/2003 7:45:42 PM #:19 [mcvsescn.exe] FilePath : c:\progra~1\mcafee.com\vso\ ThreadCreationTime : 7-1-2004 5:22:58 PM BasePriority : Normal FileSize : 408 KB FileVersion : 8, 0, 0, 30 ProductVersion : 8, 0, 0, 0 Copyright : Copyright CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan E-mail Scan Module InternalName : mcvsescn OriginalFilename : mcvsescn.exe ProductName : McAfee VirusScan Created on : 5/27/2004 10:26:02 PM Last accessed : 7/1/2004 7:38:56 PM Last modified : 4/28/2004 9:55:12 PM #:20 [winampa.exe] FilePath : C:\Program Files\Winamp\ ThreadCreationTime : 7-1-2004 5:22:59 PM BasePriority : Normal FileSize : 33 KB Created on : 12/13/2003 12:50:34 AM Last accessed : 7/1/2004 8:13:08 PM Last modified : 12/13/2003 12:50:34 AM #:21 [mcvsrte.exe] FilePath : c:\PROGRA~1\mcafee.com\vso\ ThreadCreationTime : 7-1-2004 5:23:00 PM BasePriority : Normal FileSize : 104 KB FileVersion : 8, 0, 0, 12 ProductVersion : 8, 0, 0, 0 Copyright : Copyright CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan Real-time Engine InternalName : mcvsrte OriginalFilename : mcvsrte.exe ProductName : McAfee VirusScan Created on : 10/3/2003 8:36:18 PM Last accessed : 7/1/2004 8:13:08 PM Last modified : 8/8/2003 10:04:38 PM #:22 [lxbbbmgr.exe] FilePath : C:\Program Files\Lexmark X74-X75\ ThreadCreationTime : 7-1-2004 5:23:00 PM BasePriority : Normal FileSize : 56 KB FileVersion : 1.0.6.0 ProductVersion : 1.0.6.0 Copyright : (C) 2002 Lexmark International, Inc. CompanyName : Lexmark International, Inc. FileDescription : Lexmark X74-X75 Button Manager InternalName : lxbbbmgr.exe OriginalFilename : lxbbbmgr.exe ProductName : Button Manager Executable Created on : 10/14/2002 7:09:12 PM Last accessed : 7/1/2004 7:23:11 PM Last modified : 10/14/2002 7:09:12 PM #:23 [lxbbbmon.exe] FilePath : C:\Program Files\Lexmark X74-X75\ ThreadCreationTime : 7-1-2004 5:23:00 PM BasePriority : Normal FileSize : 48 KB FileVersion : 1.0.6.0 ProductVersion : 1.0.6.0 Copyright : (C) 2002 Lexmark International, Inc. CompanyName : Lexmark International, Inc. FileDescription : Lexmark X74-X75 Button Monitor InternalName : lxbbbmon.exe OriginalFilename : lxbbbmon.exe ProductName : Button Monitor Executable Created on : 10/14/2002 7:22:04 PM Last accessed : 7/1/2004 8:13:08 PM Last modified : 10/14/2002 7:22:04 PM #:24 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 7-1-2004 5:23:00 PM BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 8/29/2002 10:00:00 AM Last accessed : 7/1/2004 8:13:07 PM Last modified : 8/29/2002 10:00:00 AM #:25 [vsmon.exe] FilePath : C:\WINDOWS\SYSTEM32\ZoneLabs\ ThreadCreationTime : 7-1-2004 5:23:01 PM BasePriority : Normal FileSize : 901 KB FileVersion : 3.7.211 ProductVersion : 3.7.211 Copyright : Copyright CompanyName : Zone Labs Inc. FileDescription : TrueVector Service InternalName : vsmon OriginalFilename : vsmon.exe ProductName : TrueVector Service Created on : 9/23/2003 8:48:09 PM Last accessed : 7/1/2004 8:13:08 PM Last modified : 9/4/2003 11:37:06 PM #:26 [dlg.exe] FilePath : C:\Program Files\Digital Line Detect\ ThreadCreationTime : 7-1-2004 5:23:02 PM BasePriority : Normal FileSize : 24 KB FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 Copyright : Copyright CompanyName : BVRP Software FileDescription : Digital Line Detection InternalName : TestLine OriginalFilename : TestLine.exe ProductName : BVRP Software TestLine Created on : 4/12/2003 9:50:06 PM Last accessed : 7/1/2004 8:13:09 PM Last modified : 9/12/2002 2:28:14 PM #:27 [zonealarm.exe] FilePath : C:\Program Files\Zone Labs\ZoneAlarm\ ThreadCreationTime : 7-1-2004 5:23:03 PM BasePriority : Normal FileSize : 609 KB FileVersion : 3.7.211 ProductVersion : 3.7.211 Copyright : Copyright CompanyName : Zone Labs Inc. FileDescription : ZoneAlarm InternalName : zonealarm OriginalFilename : zonealarm.exe ProductName : ZoneAlarm Created on : 5/13/2003 8:53:06 PM Last accessed : 7/1/2004 8:13:09 PM Last modified : 9/4/2003 11:38:08 PM #:28 [mcshield.exe] FilePath : c:\PROGRA~1\mcafee.com\vso\ ThreadCreationTime : 7-1-2004 5:23:25 PM BasePriority : High FileSize : 220 KB Created on : 1/22/2004 2:36:48 PM Last accessed : 7/1/2004 8:13:09 PM Last modified : 3/13/2002 1:50:34 PM #:29 [wmiapsrv.exe] FilePath : C:\WINDOWS\System32\wbem\ ThreadCreationTime : 7-1-2004 5:23:25 PM BasePriority : Normal FileSize : 114 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : WMI Performance Adapter Service InternalName : WmiApSrv.exe OriginalFilename : WmiApSrv.exe ProductName : Microsoft Created on : 8/29/2002 10:00:00 AM Last accessed : 7/1/2004 8:13:09 PM Last modified : 8/29/2002 10:00:00 AM #:30 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 7-1-2004 5:24:25 PM BasePriority : Normal FileSize : 145 KB FileVersion : 5.4.3790.20 built by: lab04_n ProductVersion : 5.4.3790.20 CompanyName : Microsoft Corporation FileDescription : Windows Update AutoUpdate Client InternalName : wuauclt.exe OriginalFilename : wuauclt.exe ProductName : Microsoft Created on : 8/29/2002 10:00:00 AM Last accessed : 7/1/2004 8:13:09 PM Last modified : 2/10/2004 2:09:02 AM #:31 [cookie.exe] FilePath : C:\Program Files\AnalogX\CookieWall\ ThreadCreationTime : 7-1-2004 5:24:57 PM BasePriority : Normal FileSize : 95 KB Created on : 6/30/2004 10:37:00 PM Last accessed : 7/1/2004 8:13:09 PM Last modified : 6/30/2004 10:37:00 PM #:32 [cidaemon.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-1-2004 5:30:33 PM BasePriority : Idle FileSize : 8 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe OriginalFilename : cidaemon.exe ProductName : Microsoft Created on : 8/29/2002 10:00:00 AM Last accessed : 7/1/2004 8:13:09 PM Last modified : 8/29/2002 10:00:00 AM #:33 [cidaemon.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 7-1-2004 5:30:35 PM BasePriority : Idle FileSize : 8 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe OriginalFilename : cidaemon.exe ProductName : Microsoft Created on : 8/29/2002 10:00:00 AM Last accessed : 7/1/2004 8:13:09 PM Last modified : 8/29/2002 10:00:00 AM #:34 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-aware 6\ ThreadCreationTime : 7-1-2004 8:04:17 PM BasePriority : Normal FileSize : 668 KB FileVersion : 6.0.1.181 ProductVersion : 6.0.0.0 Copyright : Copyright CompanyName : Lavasoft Sweden FileDescription : Ad-aware 6 core application InternalName : Ad-aware.exe OriginalFilename : Ad-aware.exe ProductName : Lavasoft Ad-aware Plus Created on : 9/23/2003 9:27:28 PM Last accessed : 7/1/2004 8:04:17 PM Last modified : 7/13/2003 2:00:20 AM Memory scan result : ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 0 Started registry scan ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Registry scan result : ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 0 Started deep registry scan ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Deep registry scan result : ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 0 Deep scanning and examining files (C:) ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Disk scan result for C:\ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 0 Deep scanning and examining files (E:) ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Disk scan result for E:\ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 0 Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts) ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Hosts file scan result: ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ 1 entries scanned. New objects :0 Objects found so far: 0 4:23:12 PM Scan complete Summary of this scan ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Total scanning time :00:10:04:515 Objects scanned :111904 Objects identified :0 Objects ignored :0 New objects :0

0

--- Search result list --- Congratulations!: No immediate threats were found. () Adobe Acrobat Reader 6: Recent file #5 (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles\c5 Adobe Acrobat Reader 6: Recent file #1 (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles\c1 Adobe Acrobat Reader 6: Recent file #2 (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles\c2 Adobe Acrobat Reader 6: Recent file #3 (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles\c3 Adobe Acrobat Reader 6: Recent file #4 (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles\c4 Canon ZoomBrowser EX: Last opened folder (Registry value, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Canon\ZoomBrowser Ex\Settings\LastSelectedKey Common Dialogs: History (63 files) (Registry key, nothing done) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU Cookie: Cookie (31) (Cookie, nothing done) Internet Explorer: AutoComplete data (1 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Internet Explorer\IntelliForms\SPW Internet Explorer: Download directory (Registry change, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Internet Explorer\Download Directory!= Internet Explorer: URL history #1 (1 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Internet Explorer\TypedURLs Internet Explorer: User agent (Registry change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32) Internet Explorer: User agent (Registry change, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32) Internet Explorer: User agent (Registry change, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32) Internet Explorer: User agent (Registry change, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32) Internet Explorer: User agent (Registry change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32) Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done) C:\WINDOWS\System32\wbem\logs\wmiprov.log Log: Activity: COM+.log (Backup file, nothing done) C:\WINDOWS\COM+.log Log: Activity: imsins.log (Backup file, nothing done) C:\WINDOWS\imsins.log Log: Activity: ntbtlog.txt (Backup file, nothing done) C:\WINDOWS\ntbtlog.txt Log: Activity: OEWABLog.txt (Backup file, nothing done) C:\WINDOWS\OEWABLog.txt Log: Activity: SchedLgU.Txt (Backup file, nothing done) C:\WINDOWS\SchedLgU.Txt Log: Install: comsetup.log (Backup file, nothing done) C:\WINDOWS\comsetup.log Log: Install: Directx.log (Backup file, nothing done) C:\WINDOWS\Directx.log Log: Install: DtcInstall.log (Backup file, nothing done) C:\WINDOWS\DtcInstall.log Log: Install: ocgen.log (Backup file, nothing done) C:\WINDOWS\ocgen.log Log: Install: setupact.log (Backup file, nothing done) C:\WINDOWS\setupact.log Log: Install: setupapi.log (Backup file, nothing done) C:\WINDOWS\setupapi.log Log: Install: setuperr.log (Backup file, nothing done) C:\WINDOWS\setuperr.log Log: Install: setuplog.txt (Backup file, nothing done) C:\WINDOWS\setuplog.txt Log: Install: wmsetup.log (Backup file, nothing done) C:\WINDOWS\wmsetup.log Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done) C:\WINDOWS\System32\wbem\logs\mofcomp.log Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done) C:\WINDOWS\System32\wbem\logs\setup.log Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done) C:\WINDOWS\System32\wbem\logs\wbemcore.log Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done) C:\WINDOWS\System32\wbem\logs\wbemess.lo_ Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done) C:\WINDOWS\System32\wbem\logs\wbemess.log Log: Shutdown: System32\wbem\logs\wbemsnmp.log (Backup file, nothing done) C:\WINDOWS\System32\wbem\logs\wbemsnmp.log Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done) C:\WINDOWS\System32\wbem\logs\winmgmt.log Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done) C:\WINDOWS\System32\wbem\logs\wmiadap.log MS Direct3D: Most recent application (Registry change, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name!= MS Direct3D: Most recent application (Registry change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!= MS DirectDraw: Most recent application (Registry change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!= MS DirectInput: Most recent application ID (Registry change, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\DirectInput\MostRecentApplication\Id!= MS DirectInput: Most recent application (Registry change, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\DirectInput\MostRecentApplication\Name!= MS Management Console: Recent command list (4 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Microsoft Management Console\Recent File List MS Media Player: Last CD record path (Registry change, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\MediaPlayer\Preferences\CDRecordPath!= MS Media Player: Application data file (global) () (File, nothing done) C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db MS Media Player: Last opened playlist (Registry value, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist MS Media Player: Last selected track index (Registry value, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex MS Media Player: Recent file list (3 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\MediaPlayer\Player\RecentFileList MS Regedit: Recent open key (Registry change, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!= MS Search Assistant: Typed search terms history (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Search Assistant\ACMru MS Wordpad: Recent file list (1 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List Paint Shop Pro 7: Browse directory (Registry change, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\JASC\Paint Shop Pro 7\Browser\BrowseDir!= Windows Explorer: Last Copy/MoveTo folder (Registry value, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder Windows Explorer: Last visited history (18 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU Windows Explorer: Recent file global history (Registry key, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: Recent file global history (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: Recent file global history (Registry key, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: Recent file global history (Registry key, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: Recent file global history (Registry key, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: Stream history (5 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: User Assistant history files (1 files) (Registry key, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: User Assistant history files (346 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: User Assistant history files (1 files) (Registry key, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: User Assistant history IE (1 files) (Registry key, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: User Assistant history IE (291 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: User Assistant history IE (1 files) (Registry key, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Media SDK: Volume serial number (Registry value, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Windows Media SDK: Computer name (Registry change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName Windows Media SDK: Computer name (Registry change, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName Windows Media SDK: Computer name (Registry change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName Windows Media SDK: Unique ID (Registry change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000} Windows Media SDK: Unique ID (Registry change, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000} Windows Media SDK: Unique ID (Registry change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000} Windows Media SDK: Volume serial number (Registry value, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Windows Media SDK: Volume serial number (Registry value, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Windows.OpenWith: Open with list - .CSS extension (2 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList Windows.OpenWith: Open with list - .ABM extension (2 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ABM\OpenWithList Windows.OpenWith: Open with list - .ASF extension (2 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList Windows.OpenWith: Open with list - .ASX extension (3 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\OpenWithList Windows.OpenWith: Open with list - .AVI extension (2 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList Windows.OpenWith: Open with list - .BMP extension (3 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList Windows.OpenWith: Open with list - .CDA extension (2 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList Windows.OpenWith: Open with list - .CLASS extension (2 files) (Registry key, nothing done) HKEY_USERS\S-1-5-21-3161889547-3925485858-1837457529-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CLASS\OpenWithList Windows: Drivers installation paths (Registry change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources!= --- Spybot - Search && Destroy version: 1.3 --- 2004-06-16 Includes\Cookies.sbi 2004-06-16 Includes\Dialer.sbi 2004-06-17 Includes\Hijackers.sbi 2004-06-16 Includes\Keyloggers.sbi 2004-05-12 Includes\LSP.sbi 2004-06-16 Includes\Malware.sbi 2004-06-16 Includes\Revision.sbi 2004-06-16 Includes\Security.sbi 2004-06-16 Includes\Spybots.sbi 2004-06-16 Includes\Tracks.uti 2004-06-16 Includes\Trojans.sbi --- System information --- Windows XP (Build: 2600) Service Pack 1 / .NETFramework / 1.0: Microsoft .NET Framework Service Pack 2 / DataAccess: Security update for Microsoft Data Access Components / DataAccess: Security Update for Microsoft Data Access Components / DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643 / Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information] / Windows Media Player: Windows Media Update 817787 / Windows Media Player: Windows Media Update 819639 / Windows Media Player: Windows Media Update 828026 / Windows XP / SP2: Windows XP Hotfix - KB821253 / Windows XP / SP2: Windows XP Hotfix - KB821557 / Windows XP / SP2: Windows XP Hotfix - KB823182 / Windows XP / SP2: Windows XP Hotfix - KB823559 / Windows XP / SP2: Windows XP Hotfix - KB823980 / Windows XP / SP2: Windows XP Hotfix - KB824105 / Windows XP / SP2: Windows XP Hotfix - KB824141 / Windows XP / SP2: Windows XP Hotfix - KB824146 / Windows XP / SP2: Windows XP Hotfix - KB825119 / Windows XP / SP2: Windows XP Hotfix - KB828028 / Windows XP / SP2: Windows XP Hotfix - KB828035 / Windows XP / SP2: Windows XP Hotfix - KB828741 / Windows XP / SP2: Windows XP Hotfix - KB835732 / Windows XP / SP2: Windows XP Hotfix - KB837001 / Windows XP / SP2: Windows XP Hotfix - KB840374 / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information] / Windows XP / SP2: Windows XP Hotfix (SP2) Q327979 / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q328213 for more information] / Windows XP / SP2: Windows XP Hotfix (SP2) Q328310 / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329048 for more information] / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information] / Windows XP / SP2: Windows XP Hotfix (SP2) Q329170 / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329390 for more information] / Windows XP / SP2: Windows XP Hotfix (SP2) Q329441 / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329834 for more information] / Windows XP / SP2: Windows XP Hotfix (SP2) Q329909 / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q331060 for more information] / Windows XP / SP2: Windows XP Hotfix (SP2) Q331953 / Windows XP / SP2: Windows XP Hotfix (SP2) Q810565 / Windows XP / SP2: Windows XP Hotfix (SP2) Q810577 / Windows XP / SP2: Windows XP Hotfix (SP2) Q810833 / Windows XP / SP2: Windows XP Hotfix (SP2) Q811493 / Windows XP / SP2: Windows XP Hotfix (SP2) Q811630 / Windows XP / SP2: Windows XP Hotfix (SP2) Q814033 / Windows XP / SP2: Windows XP Hotfix (SP2) Q815021 / Windows XP / SP2: Windows XP Hotfix (SP2) Q817287 / Windows XP / SP2: Windows XP Hotfix (SP2) Q817606 / Windows XP / SP2: Windows XP Hotfix (SP2) Q819696 --- Startup entries list --- Located: HK_LM:Run, AdaptecDirectCD command: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe file: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe size: 684032 MD5: bfa83b551abd8084b4623887d0e3b53c Located: HK_LM:Run, DVDSentry command: C:\WINDOWS\System32\DSentry.exe file: C:\WINDOWS\System32\DSentry.exe size: 28672 MD5: 3bc0b332cac05c40a0c42122a6c4bfc0 Located: HK_LM:Run, DwlClient command: C:\Program Files\Common Files\Dell\EUSW\Support.exe file: C:\Program Files\Common Files\Dell\EUSW\Support.exe size: 294912 MD5: dd2a25128cff60860930f2feeb6cf968 Located: HK_LM:Run, HotKeysCmds command: C:\WINDOWS\System32\hkcmd.exe file: C:\WINDOWS\System32\hkcmd.exe size: 114688 MD5: 00dd2a87e62c1277f44d421650078024 Located: HK_LM:Run, IgfxTray command: C:\WINDOWS\System32\igfxtray.exe file: C:\WINDOWS\System32\igfxtray.exe size: 155648 MD5: e4d1da7a6dedee53a81681821183d110 Located: HK_LM:Run, Lexmark X74-X75 command: "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" file: C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe size: 57344 MD5: a77b760979886af0be13d2ef5dc404bf Located: HK_LM:Run, MCAgentExe command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe file: c:\PROGRA~1\mcafee.com\agent\mcagent.exe size: 245760 MD5: 11d3b8d5275dd8ca25200e9b8434e2fc Located: HK_LM:Run, MCUpdateExe command: C:\PROGRA~1\mcafee.com\agent\McUpdate.exe file: C:\PROGRA~1\mcafee.com\agent\McUpdate.exe size: 180224 MD5: 15c3944c4b220962c8f5fab20e1ee375 Located: HK_LM:Run, VirusScan Online command: "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" file: c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe size: 163840 MD5: 3fe1e841ed8483f7a75a1e86f6fc2216 Located: HK_LM:Run, VSOCheckTask command: "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask file: c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe size: 122880 MD5: 90cf41e5d4e8d3a88d8630da5c3b7a3a Located: HK_LM:Run, WinampAgent command: C:\Program Files\Winamp\winampa.exe file: C:\Program Files\Winamp\winampa.exe size: 33792 MD5: 11aa6662a1be30375afd1a8407811e7e Located: HK_LM:Run, WorkFlo command: D:\BrdJmp\WorkFlow.exe Located: HK_LM:Run, WorkFlo(1) command: E:\BrdJmp\WorkFlow.exe Located: Startup (common), Digital Line Detect.lnk command: C:\Program Files\Digital Line Detect\DLG.exe file: C:\Program Files\Digital Line Detect\DLG.exe size: 24576 MD5: d59b254a0d0d3456c9e522e65d662777 Located: Startup (common), ZoneAlarm.lnk command: C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe file: C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe size: 623720 MD5: 90be7a2507c42b616e0f0bd1d9bced3a Located: Startup (user), Starter.lnk command: C:\Program Files\CodeStuff\Starter\Starter.exe file: C:\Program Files\CodeStuff\Starter\Starter.exe size: 405504 MD5: cf11786889174ba7514aa3d69f5744bb --- Browser helper object list --- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) BHO name: CLSID name: AcroIEHlprObj Class description: Adobe Acrobat reader classification: Legitimate known filename: ACROIEHELPER.OCX info link: http://www.adobe.com/products/acrobat/readstep2.html info source: TonyKlein Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\ Long name: AcroIEHelper.dll Short name: ACROIE~1.DLL Date (created): 5/15/2003 12:47:54 AM Date (last access): 7/1/2004 3:39:06 PM Date (last write): 5/15/2003 12:47:54 AM Filesize: 50376 Attributes: archive MD5: 0C0E1B2BCAED8DF401BE94D538BCB412 CRC32: 1D771322 Version: 0.6.0.0 {53707962-6F74-2D53-2644-206D7942484F} () BHO name: CLSID name: description: Spybot-S&D IE Browser plugin classification: Legitimate known filename: SDHelper.dll info link: http://spybot.eon.net.au/ info source: Patrick M. Kolla Path: C:\PROGRA~1\SPYBOT~1\ Long name: SDHelper.dll Short name: Date (created): 5/12/2004 1:03:00 AM Date (last access): 7/1/2004 3:39:06 PM Date (last write): 5/12/2004 1:03:00 AM Filesize: 744960 Attributes: archive MD5: ABF5BA518C6A5ED104496FF42D19AD88 CRC32: 5587736E Version: 0.1.0.3 --- ActiveX list --- DirectAnimation Java Classes (DirectAnimation Java Classes) DPF name: DirectAnimation Java Classes CLSID name: description: classification: Legitimate known filename: %WINDIR%\Java\classes\dajava.cab info link: info source: Patrick M. Kolla Microsoft XML Parser for Java (Microsoft XML Parser for Java) DPF name: Microsoft XML Parser for Java CLSID name: description: classification: Legitimate known filename: %WINDIR%\Java\classes\xmldso.cab info link: info source: Patrick M. Kolla {00000075-9980-0010-8000-00AA00389B71} () DPF name: CLSID name: description: Microsoft Audio Codec classification: Legitimate known filename: VOXACM.CAB info link: info source: Patrick M. Kolla {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) DPF name: CLSID name: Support.com Configuration Class Path: C:\WINDOWS\Downloaded Program Files\ Long name: tgctlcm.dll Short name: Date (created): 2/20/2002 4:14:50 AM Date (last access): 7/1/2004 3:50:14 PM Date (last write): 2/20/2002 4:14:50 AM Filesize: 200704 Attributes: archive MD5: BA653CCE1544A8224B5134B68D1AA5BE CRC32: D781FF6D Version: 0.5.0.5 {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) DPF name: CLSID name: SysProWmi Class Path: C:\WINDOWS\System32\Dell\SystemProfiler\ Long name: SysPro.ocx Short name: Date (created): 1/23/2003 2:23:18 PM Date (last access): 7/1/2004 3:52:38 PM Date (last write): 1/23/2003 2:23:18 PM Filesize: 86016 Attributes: archive MD5: 2EE3E0AE6AA35F135CAE24DF2DA9B172 CRC32: A76A5BDA Version: 0.2.0.0 {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) DPF name: CLSID name: DD_v4.DDv4 Path: C:\WINDOWS\Downloaded Program Files\ Long name: DD_v4.ocx Short name: Date (created): 5/10/2003 8:20:58 AM Date (last access): 7/1/2004 3:50:14 PM Date (last write): 5/10/2003 8:20:58 AM Filesize: 71128 Attributes: archive MD5: CDBFC7876BEBADF6690E1D9201509652 CRC32: 3A23D59F Version: 0.4.0.0 {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) DPF name: CLSID name: BrowseFolderPopup Class description: McAfee classification: Legitimate known filename: MGBRWFLD.DLL info link: info source: Patrick M. Kolla Path: C:\WINDOWS\MCBin\Shared\ Long name: MGBrwFld.dll Short name: Date (created): 11/19/1999 7:06:54 PM Date (last access): 7/1/2004 3:57:38 PM Date (last write): 11/19/1999 7:06:54 PM Filesize: 94208 Attributes: archive MD5: BE3CA757FB644CDF0A3CC0F6BCDF3803 CRC32: E67A73A4 Version: 0.1.0.0 {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) DPF name: CLSID name: Microsoft.WinRep Path: C:\WINDOWS\System32\ Long name: Winrep.dll Short name: Date (created): 9/6/2002 6:07:56 PM Date (last access): 7/1/2004 3:57:38 PM Date (last write): 9/6/2002 6:07:56 PM Filesize: 434176 Attributes: archive MD5: 99D4CC36B0B504B4B0C60BE21189BE1D CRC32: AEE58997 Version: 0.3.0.1 {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) DPF name: CLSID name: McAfee.com Operating System Class Path: C:\WINDOWS\System32\ Long name: mcinsctl.dll Short name: Date (created): 3/11/2004 2:11:54 PM Date (last access): 7/1/2004 3:50:14 PM Date (last write): 6/9/2004 6:24:10 PM Filesize: 341088 Attributes: archive MD5: 51C1F2F0034A18C9CB562F12CD392A30 CRC32: 904D5FFB Version: 0.4.0.0 {556DDE35-E955-11D0-A707-000000521957} () DPF name: CLSID name: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) DPF name: CLSID name: HouseCall Control description: Trend Micro Antivirus online scanner classification: Legitimate known filename: XSCAN53.OCX info link: info source: Patrick M. Kolla Path: C:\WINDOWS\DOWNLO~1\ Long name: xscan53.ocx Short name: Date (created): 3/24/2004 7:22:12 PM Date (last access): 7/1/2004 3:50:14 PM Date (last write): 3/24/2004 7:22:12 PM Filesize: 435712 Attributes: archive MD5: 99A67AEE9A6E3EFD2126AFA0840ECBED CRC32: 9198FA39 Version: 0.5.0.70 {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) DPF name: CLSID name: Update Class description: Windows Update classification: Legitimate known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll info link: info source: Patrick M. Kolla Path: C:\WINDOWS\System32\ Long name: iuctl.dll Short name: Date (created): 8/25/2003 6:06:50 PM Date (last access): 7/1/2004 3:50:14 PM Date (last write): 2/9/2004 10:08:30 PM Filesize: 115480 Attributes: archive MD5: 93628C692BD71908AC511BE011C142C4 CRC32: 48902AA4 Version: 0.5.0.4 {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) DPF name: CLSID name: WebResponseAttachments Control Path: C:\WINDOWS\DOWNLO~1\ Long name: FileTransfer.ocx Short name: FILETR~1.OCX Date (created): 12/13/1999 1:57:10 PM Date (last access): 7/1/2004 3:50:14 PM Date (last write): 12/13/1999 1:57:10 PM Filesize: 62768 Attributes: archive MD5: 08D332C2C2928300265D8D061EE8D303 CRC32: B906AEE3 Version: 0.6.0.0 {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) DPF name: CLSID name: SassCln Object Path: C:\WINDOWS\Downloaded Program Files\ Long name: SassCln.dll Short name: Date (created): 5/11/2004 1:15:20 PM Date (last access): 7/1/2004 3:50:14 PM Date (last write): 5/11/2004 1:15:20 PM Filesize: 118784 Attributes: archive MD5: A41CA01D1F7E6F64BCD08C88FAEAF85F CRC32: B5166F79 Version: 0.1.0.0 {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) DPF name: CLSID name: DwnldGroupMgr Class Path: C:\WINDOWS\System32\ Long name: McGDMgr.dll Short name: Date (created): 3/11/2004 1:14:30 PM Date (last access): 7/1/2004 3:50:14 PM Date (last write): 6/14/2004 5:02:08 PM Filesize: 279640 Attributes: archive MD5: E8074DB73A77854CD588B08398BE4FC2 CRC32: C5AFD416 Version: 0.1.0.0 {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) DPF name: CLSID name: Symantec RuFSI Registry Information Class description: Symantec RuFSI Registry Information Class classification: Legitimate known filename: RUFSI.DLL info link: info source: Patrick M. Kolla Path: C:\WINDOWS\Downloaded Program Files\ Long name: rufsi.dll Short name: Date (created): 5/26/2004 7:34:44 PM Date (last access): 7/1/2004 3:50:14 PM Date (last write): 5/26/2004 7:34:44 PM Filesize: 160928 Attributes: archive MD5: 7737AC0FDCF3B5B8E8027E13A4F58C0C CRC32: D19288E7 Version: 7.212.0.5 {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) DPF name: CLSID name: Shockwave Flash Object description: Macromedia Shockwave Flash Player classification: Legitimate known filename: info link: info source: Patrick M. Kolla Path: C:\WINDOWS\System32\Macromed\Flash\ Long name: Flash.ocx Short name: Date (created): 2/24/2003 4:20:36 PM Date (last access): 7/1/2004 3:52:32 PM Date (last write): 2/24/2003 4:20:36 PM Filesize: 827392 Attributes: archive MD5: E61DB5468D6CCC46397C1A918C1A1AA4 CRC32: 9B8420BD Version: 0.6.0.0 --- Process list --- Spybot - Search && Destroy process list report, 7/1/2004 4:52:51 PM PID: 0 ( 0) [System] PID: 4 ( 0) System PID: 160 (1660) C:\Program Files\Winamp\winampa.exe PID: 172 ( 692) c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe PID: 176 (1660) C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe PID: 188 ( 176) C:\Program Files\Lexmark X74-X75\lxbbbmon.exe PID: 192 ( 692) C:\WINDOWS\System32\svchost.exe PID: 244 ( 692) C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe PID: 260 (1660) C:\Program Files\Digital Line Detect\DLG.exe PID: 372 (1660) C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe PID: 520 ( 692) C:\WINDOWS\System32\wbem\wmiapsrv.exe PID: 552 ( 4) \SystemRoot\System32\smss.exe PID: 616 ( 552) CSRSS.exe PID: 648 ( 552) \??\C:\WINDOWS\system32\winlogon.exe PID: 692 ( 648) C:\WINDOWS\system32\services.exe PID: 704 ( 648) C:\WINDOWS\system32\lsass.exe PID: 872 ( 692) C:\WINDOWS\system32\svchost.exe PID: 972 ( 692) C:\WINDOWS\System32\svchost.exe PID: 1152 ( 692) SVCHOST.exe PID: 1172 ( 692) SVCHOST.exe PID: 1408 ( 692) C:\WINDOWS\system32\LEXBCES.exe PID: 1448 ( 692) C:\WINDOWS\system32\spoolsv.exe PID: 1460 (1408) C:\WINDOWS\system32\LEXPPS.exe PID: 1620 ( 692) c:\PROGRA~1\mcafee.com\vso\mcshield.exe PID: 1808 (1660) C:\WINDOWS\System32\hkcmd.exe PID: 1816 (1660) C:\WINDOWS\System32\DSentry.exe PID: 1824 (1660) C:\PROGRA~1\mcafee.com\agent\mcagent.exe PID: 1864 (1660) C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe PID: 1884 (1660) C:\Program Files\Common Files\Dell\EUSW\Support.exe PID: 1972 ( 692) C:\WINDOWS\system32\cisvc.exe PID: 1984 (1660) C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe PID: 2000 (1884) C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe PID: 2036 (1984) c:\progra~1\mcafee.com\vso\mcvsescn.exe PID: 2264 ( 972) C:\WINDOWS\System32\wuauclt.exe PID: 2468 (1660) C:\Program Files\AnalogX\CookieWall\cookie.exe PID: 2720 (1972) C:\WINDOWS\system32\cidaemon.exe PID: 2740 (1972) C:\WINDOWS\system32\cidaemon.exe PID: 3304 ( 648) C:\WINDOWS\explorer.exe PID: 3960 (3304) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe --- Browser start & search pages list --- Spybot - Search && Destroy browser pages report, 7/1/2004 4:52:51 PM HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL http://www.google.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\System32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.google.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.thebostonchannel.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://www.dellnet.com/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://www.dellnet.com/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://www.dellnet.com/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- Protocol 0: MSAFD Tcpip [TCP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 1: MSAFD Tcpip [UDP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 2: MSAFD Tcpip [RAW/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip [*] Protocol 3: RSVP UDP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 4: RSVP TCP Service Provider GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\rsvpsp.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{13FEDEA7-F366-4B6E-A48E-E3D8A0B7A3C4}] SEQPACKET 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{13FEDEA7-F366-4B6E-A48E-E3D8A0B7A3C4}] DATAGRAM 1 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{90A12C86-709D-42C9-88FE-C4E0511E3012}] SEQPACKET 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{90A12C86-709D-42C9-88FE-C4E0511E3012}] DATAGRAM 0 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] SEQPACKET 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] DATAGRAM 2 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] SEQPACKET 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] DATAGRAM 3 GUID: {8D5F1830-C273-11CF-95C8-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS * Namespace Provider 0: Tcpip GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IP Namespace Provider 1: NTDS GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC} Filename: %SystemRoot%\System32\winrnr.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDS Namespace Provider 2: Network Location Awareness (NLA) Namespace GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Filename: %SystemRoot%\System32\mswsock.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace

0

I went to your 'WWLP ch. 22 news' homepage and 'jigzone' links and had no problem with the fastclick icon.I ran adaware and spybot afterwards and fastclick was not there. Can you drag the fastclick icon off the taskbar onto your desktop-right click on it then properties (for an addy) and delete it?

0

Tommyo,i looked at your log and it was also clean.Too add to what colors has said,can you right click on the fastclick icon,and select properties,and see if that will give you any info?If it does let me no everything that is in there.

0

Hi Joe. I have tried that many times. The onlt options when right clicked are to....move, minimize, maximize, restore. close. there are no properties, and no delete. I'm not sure if this will help, but when the "fastclick" is in my taskbar, and if I hover my pointer over it, the following appear rather briefly (I had to do this many, many times to be able to write it down in its' entirety)..... http://media75fastclick.net/w/safepop.cgi?mid=35288&sid=16503&id=103022&len=0& That's what is listed there. I carefully wrote it down, and am certain of it all, except maybe the very last "0"... I am not sure if it is a "zero", or the letter "o" I'll try to return here later, but will be going to bed early tonight... so if you do respond joe, please do not rush because I might not be able to return until early to mid morning, o.k.? Thanks very much!~Tommyo

0

http://www.computing.net/windows95/wwwboard/forum/159465.html http://www.google.com/search?q=safepop.cgi&hl=en&lr=&ie=UTF-8&start=0&sa=N

0

Holy s---! Thank you colors, for posting that info. That does make sense, because I too did go to the Drudge Report website. I also recall that Bill had gone there too. Now it is getting a little more clearer. Did you also get the impression from those posts, that I should re-run HijackThis again? If I read that correctly, maybe HijackThis should be put into a folder?? I didn't quite thoroughly understand what the post meant.... did it mean to run HijackThis in safe mode?? To tell you the truth, I have run so many, many scans that I do not even remember which ones I ran in safe mode; perhaps I will try again. Thanks so much colors, for that info. I will post back here later on, after I run HijackThis again. Thank you! ~Tommyo

0

Response Number 80 Name: JOE Date: July 01, 2004 at 11:00:59 Pacific Subject: Fastclick all ther time Reply: Tommyo,and Bill.Here is a link and follow the instructions,you can paste back a copy of your host files,and you can block certain host like fastclick.Let me know after your done?Im gonna find this pest if it takes me 2 years.Momma always said im stuborn like a mule.LOL!! TOMMYO AND BILL CLICK HERE" That link, is the one I provided already.(Response Number 54) I also explain, about adding it's entries to your HOSTS file. Because, you're both using spyot s&d, I didn't know if you'd used the hosts file feature. That's why I said about spybot s&d. On that link, it shows the address of the HOSTS file. I also said, to use any text editor (notepad, wordpad, word, ect.) to open this file. If using the text editor, is what needs explained, ask, thanks. The screen shot, as I said before, didn't have to be posted. It would of been an easier way to read the popup description, and write it here. (explained, how that was done earlier) If you haven't used the hosts file feature of spybot s&d. Just follow the directions, on that site. That would block, all known fastclick stuff, servers and all. If you just wanted the the fastclick stuff in it. Erase/delete everything in the downloaded HOSTS, but that, and the; 127.0.0.1 localhost and save it. Then mark it Read-only, ect. Well, have a lot to do. Better get back to it. Will look in later CrazyOne

0

Hello CrazyOne... I will check that out this afternoon; thanks for additional info. This morning, I have been surfing around, and luckily the factclick has not yet appeared. However, I know it will if I click onto that WWLP t.v. station site; that seems to be what brings it to my taskbar. There was more site that would also bring it, and I can't remember the site. I have also removed the Drudge Report from my favorites column and computer. As of this writing, fastclick has not yet appeared, but of course, that does not mean it probably isn't lurking somewhere on my comp. I will look into that recommendation re the hosts files. I'll need a little time with this, as I tried to view it yesterday, but could not locate where the hosts files are kept. I googled everywhere for an answer, but came up dry. I'll continue probing here...gonna take me a little time to figure it out, but I will post back in a while. Many thanks!!!! ~Tommyo

0

"but could not locate where the hosts files are kept." Response Number 93 "On that link, it shows the address of the HOSTS file." The link again ;-) save some scrolling. Here it be. If one hasn't been made/added, you wouldn't have.... got a run I'll chedck back

0

Here is a little more info on fastclick.When you click on the link... http://media41.fastclick.net/w/safepop.cgi?mid=38469&sid=8627&id=108650&len=0&c Another address appears which is.. http://z1.adserver.com/w/cp.x;rid=1;tid=2;ev=1;dt=3;ac=14;c=98;;nc=1 And when you go a little further you get one of the nastiest and elusive spyware around, which is...MyWeb Searchbar.From the info i have gathered this is possibly a new variant/Affiliate of MyWeb searchbar.From the hijackthis logs i have seen the fastclick is almost 100% of the time in the host files.So if we can get a copy of that im almost certain that will emerge its ugly head.Follow the instructions in response 93,95.There is no rush so take your time.Ill check back soon.Tommyo,did i mention i charge 25.00 a post..LOL!!!!!!!

0

Tommyo, Do as JOE and CrazyOne suggested and if you don't understand something don't be afraid to ask:-) I still think you just have a piece of the crapware and that's why it's so hard to locate?? I would drag that puppy (icon) to the recycle bin and dork it... If I'm wrong someone please correct me. I will be signing off ~colors waving good bye~ and wishing you luck.

0

Hello all; Thanks all, for the responses...I was tied up for a bit this afternoon (it's now 4:30 EST here); but I will scope out what you have advised.. I will post again soon. just to update, I just came out of safe mode again; I ran Stinger, Adaware, Spybot, CWShredder, and HijachThis...all in safe mode, and all is clean. So, I do think I am free of viri anyways. I also ran disk cleanup, and defragged while I was in safe mode. Yesterday, I ran the microsoft scandisk, and all was well too. So, it appears that I maybe just have this damn spyware thing, that is very elusive. This morning, I did do a little surfing, but I did not go to that WWLP news, as that is what appears to bring up fastclick. I am also staying away from the Drudge Report. So far today, there have been no signs of fastclick, but I'm sure it is still lurking somewhere. Thank you all for your continued help... I will post again later, and try to do as you requested re hosts. This part is new to me, so it will take me a little time, but I will be back. Oh, I just thought of something. When I right-click onto it, there are no properties; but only options to move, minimimize, maximize, or close. I have also tried to "drag" to recycle bin with no luck. Thanks again; I will return.

0

Hi guys, I'm all confused here... I looked in Spybot for hosts; and I finally found it (I think). Nothing was listed there in the box. All it said was..."localhost", and over on the right hand side was "destination address 127.0.0.1 I noticed two check-boxes on top; for "add" or "remove" When I clicked "add", many entries were displayed. Is this supposed to be added?? I don't ever recall checking any checkboxes there; maybe it is in the norm default setting; by being set to "remove"? Right now, I left it on "remove" until I hear from you, as I don't know what to put this setting on.

0

Tommyo,i have a tool that i want you to download,but copy and paste the log and send it to me by email if you can.When you have downloaded the tool,click SCAN for HOSTS,it will take a couple of minutes to scan,but be patient.When it is has completed its job, i want you to double click on file below,and click USENOTEPAD,and this will make a copy of your host files,then copy it and paste it and send it to me by email.Send me your email and i will send you the link for the tool. Windows XP -> C:\Windows\System32\Drivers\etc\hosts

0

http://www.javacoolsoftware.com/mrublaster.html Hello everyone. Well, maybe some reason for a celebration here, as I was able to view my favorite website today, without that damn "fastclick" showing up. I don't want to get too jubilant yet, as I have been disappointed before. This afternoon, I downloaded MRU Blaster and ran it. It found 847 pieces of junk, and being in a rather tee'd off mood because of this "fastclick", I deleted all the junk found. Then, I ran Adaware, and it found one bad file. When I clicked the info about it, it was an ad-tracker type thing from Lycos. I deleted this also. Now, I then did some surfing around, and went to my favorite WWLP news site, and to my surprise, "fastclick" did not show up. I did not get too excited yet, but I returned to the site numerous times, even after a few re-boots, and it did not appear then either. So, I don't know if the MRU Blaster finally found some spyware or junk, or if the problem was connected to the Lycos tracking cookie that Adaware found. Bill, if you are still following these posts, and if you are still having the trouble with "fastclick", you might wish to try the MRU Blaster too. I put the download address at the beginning of this post, in case you want it. I must admit that I was a little leary about deleting 847 pieces of (junk?)... but I did, and I notice no problems with anything yet. So, I'll know more later on as I continue surfing and browsing around, to see if "fastclick" is indeed gone, or it is just "taking a break"... Certainly, my fingers are crossed here, but I have been disappointed before, so I can't get too jubilant yet. I will let you know later on, or maybe even tomorrow, if this damn thing is finally resolved. I sure hope so... Thank you all, for your continued help, and your willingness to stay with me on this. I will post again with more test results later on or tomorrow. Thank you, everyone!! See you tomorrow.. ~Tommyo

0

Well tommyo. I just downloaded MRU and installed. Did a scan and found 1012 items. Deleted them and went to WND site and immediately got the "fastclick". At least it didn't work for me. Bill

0

Hi Bill..... you're not alone, my friend....I too have it back!!! I am throwing in the towel with this one, and will hope that either Spybot or Adaware come out with some new definitions that detect it. Even though we had excellent help from some fine folks, this thing is quite elusive. I don't know anything about looking through the registry for it, as I'm still learning my computer here. I am also seriously thinking of doing a fresh install of XP, but I will have to wait for my nephew to help me with that, as I don't know how. My comp is a Dell, and came bundled up with some software programs that I didn't want anyway. Maybe a new, fresh install is a good idea. I've got many blank CD-R disks here to copy my photos and other important things, so I'll ask my nephew if a new install is recommended. Nice talking to you, Bill. If by chance anything new comes up, I will post the findings here on this same thread, and let you know. Joe, colors CrazyOne... how and where do I begin to say thanks!! I can't thank you fine folks enough!! I've been reading this forum for about a year, and I've never seen such dedication to stick with a problem and try to solve it. Many, many thanks to you!!! If anything should change here, I will gladly post the findings here. I'll do a little more google searching today, but I am not very optimistic. Thanks so much!! ~Tommyo

0

Tommyo & Bill, Have a download for you. Before you pull all your hair out, and blow the mercury out of the blood pressure tester :-) Give it a try, thanks. By clicking this, it will start a download. In that compressed folder, are two (2) files. (HOSTS, Read-Me) Extract them, and follow the directions, in the Read-Me. Good Luck, CrazyOne

0

Crazy One, I downloaded,unzipped, installed the hosts file you sent in windows/system32/drivers/etc folder and marked as Read Only. I guess I just wait to see if anything happens. Will get to you in a couple of days if things are OK but sooner if I get IT again. Thanks, Bill

0

Been 24 hours and so far OK. Bill

0

Bill, Thanks for the update, and you're welcome. If things work good this way, will have you download the other HOSTS file, and combine the two. But, that's something to think about, for now. Good Luck, CrazyOne

0

Bill, I forgot to say, that at the drudgereport (sp) they use a popunder (fastclick), by use of scripting. That's why you got/get it there. CrazyOne

0

48 hours and all OK. What is that other host file "Crazy One"? Bill

0

Bill, The other HOSTS file, is the one that was talked about earlier. This one, to be more precise. It is talked about, and linked on this page. Let's try this, ok. Go to the HOSTS file you've been using, and rename it "HOSTS.old" You will get warnings, and asked if you want to do this. Answer Yes. If it wont let you rename it. Uncheck the read-only, and try. Now, extract the HOSTS file, from that download to the proper folder. Also, as before mark it "Read-only", and restart the computer. There's more info on that/those page(s), and also if you open it (HOSTS file), with a text editor. Make SURE, you read the page I linked. I'll even give it again, this be the one :-) Feeling a lit... That's off subject ;-) If you have any more questions, or problems with this matter, start a new question, and copy & paste the address of this page (from the address bar)into it. That way, everyone knows what has been done, and tried. Thanks Bill, and you're most welcome, for the thanks given me and others. Good Luck, and Happy Surfing. CrazyOne

0

Tommyo,or Bill.There is only 2 ways to stop this thing until spybot,or Ad-aware are able to detect it and remove it.Follow the advice that Crazyone gave you,and 2 - Open IE and click on Tools, then Internet Options. Then hit the Security tab, then click the red Restricted icon, then sites. Then type in *.fastclick.net into the ADD this site to the zone and click Ok to everything. also add these to your restricted zone... FASTCLICK.COM:205.180.85.15 adserver.com:205.180.85.15 z1.adserver.com:205.180.85.126 fastclick.com.edgesuite.net:63.111.71.206

0

JOE (LUKE), There isn't anything on their computer, for Ad-Aware, or Spybot S&D to detect, and/or remove. Well, that is, if they use the HOSTS file. As I explained/said, the one website that I was informed of, that was causing this, was using a popunder. If they would have "Disabled" "Active scripting", in the security settings of IE. They wouldn't have received it. By using the HOSTS file, to block the sites/servers. It is gone, as Bill said. By 'gone', I mean it's not able to get on to the computer, by visiting the site(s). The other HOSTS file, will even block more nasties. But, I wanted to make sure, it was something being put on the computer (only temporarily, until the cache and cookies were cleaned 'deleted'), by a website, before I .... You know, I said about the HOSTS file, way back. Also said about the Active scripting, in IE. The reason I said about opening one IE window, and go no further. Is to see if it was on the computer, and activated by IE (powered). But, enough of memory lane ;-) Bill, I'll say it again, in closing. If you have any more questions, or problems with this matter. Start a new question, and copy & paste the address of this page, into the question. Thanks, and Good Luck, CrazyOne

0

QUOTE:JOE (LUKE)??? QUOTE:There isn't anything on their computer, for Ad-Aware, or Spybot S&D to detect, and/or remove. The last time i recall was that spybot and adaware are able to detect and remove tracking cookies.A cookie you may ask?Most cookies are not executable,and Cookies are stored as a text file,and because of the recent IE bugs,the cookie can be executed and used to allow a spyware,adware,etc to run an "application" on your pc via popups,icons etc.This is a reason on why Spybot,Spysweeper,Adaware, implements this in there detection and removal of tracking cookies.I believe this is were Tommyo,and Bills headaches came from. Furthermore,I come on computing.net to help people,and to be helped if i need it,or if im unsure on a matter.I don`t claim to know everything about pc security and i never will,and i believe there is no one person that does no it all,but what i do no is thats were a site like computing.net comes in so that everyone can share there knowledge and come to a civil conclusion on a specific matter to help out a less knowledgeable person.What i dont do is disect and target other members advice. Tommyo,and Bill.You can also set your Ie on high to block third party cookies,or if your using MFF?you can set it so that it asks your permission for each cookie.Let me know how you guys made out? PEACE!!

0

Its been three days now since I put in the Host file and so far no fastclick. Maybe thats what stopped it. I thank everybody for their help. Bill

0

JOE, "QUOTE:JOE (LUKE)???" What's the question marks for, after the quote. Are you asking a question? Because, that's not what I typed. That being said, it wouldn't have been a quote, would it. And your second quote. It's the first sentence, of a paragraph (a particular point, thought). Go back and read it ALL together, thanks. Pay attention, to the second, and last sentence of that paragraph, thanks. I'll quote myself, from the second paragraph. "But, I wanted to make sure, it was something being put on the computer (only temporarily, until the cache and cookies were cleaned 'deleted'), by a website, before I ...." That goes back, to all the cleaning they did, and what was cleaned when they did. The reason I pointed out, that there wasn't anything on there computer. Was to let them (and you) know this. Tommyo, I think was about ready to format, and start fresh. That being said, it still would of happened. No bisecting ... Was just trying to give helpful info. And for, "...and target other members advice.". I'm not targeting anyone. The only bisecting, "disect"ing, of something, was by you, of my paragraph. That one sentence, by itself. Can mean something different, then when it's in the paragraph. Bill, Thanks for the update, and you're welcome. CrazyOne (a.k.a. the smartass, wiseguy, idiot, hot head, the one the moderators love to hate ;-)) p.s. If the "???" was about the (LUKE) part. It's because, that was the username you were using, at the begining of this question. That's the way it appears/seems, anyway. Later;-)

0

QUOATE: (a.k.a. the smartass, wiseguy, idiot, hot head, the one the moderators love to hate ;-))This is exactly my point."

0

JOE, Ok JOE, you just proved my point. I put that on there as a joke, and to see what you would do, or not do. Or I should say, what I thought you were thinking. Tell me, and/or show me. Where I mistreated, harassed, "disected", bisected, your advise, or yourself. On THIS forum/site. And that targeting thing. I was asked, to help with this problem. I came to help with the problem. Not to target the/your advise, you were giving. If I gave advise, to help clarify yours. That in NO way, was anything bad. A quote, from yourself; "...to help out a less knowledgeable person." To help them understand, the advise given. To clarify it. Make it easier to understand, to do, what was asked of them. As I said, and you also stated. That's a good thing, yes. Justin has my e-mail address. If Justin thinks, I was doing those things to you. I'm sure, I would of heard, or been blocked by Justin and/or Kevin. Kevin/Justin, could of even private messaged me, if Kevin/Justin thought I was out of line. If you feel, I've done something wrong towards you. E-mail Justin or Kevin, and explain it to them. If they feel the same way. They can contact me. No need, to be band, I'll just continue helping, in the other forums. To clarify, by other forums, I mean other sites. Later, CrazyOne

0