Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: media.fastclick.net

(New)
(!)

gopher85's Avatar
gopher85 gopher85 is offline
Member with 107 posts.
THREAD STARTER
 
Join Date: Dec 2004
Location: Illinois
Experience: always learning
24-Sep-2005, 11:03 PM #1
Solved: media.fastclick.net
I keep getting this pop behind along with others that are annoying.
This one on the header has

http://media.fastclick.ne(t) without the ()
warning your computer may be infected with harmful spyware programs. immediate removal may be required. to scan your computer click yes below

I get a few other pop behinds one about winning a laptop(like I believe that one).

Ran Adaware-spybot-ccleaner-microsoft spyware-beta, trend online scan and one panda scan. Also ran Ewido scan in safe mode a couple of days ago with the trial use(now removed due to 14 day limit)

Here's a hijact log

and wonder about the 08 and several 09 lines

also in msconfig there is one object that has no start up name just blank with a box and command is also blank but does have location in HKLM etc

thanks for any help

I redid the hijack this. Had some things turned off in msconfig

Logfile of HijackThis v1.99.1
Scan saved at 10:09:32 PM, on 9/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dslstart.verizon.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121652050593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Last edited by gopher85; 24-Sep-2005 at 11:09 PM..
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,435 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
24-Sep-2005, 11:17 PM #2
Nothing visible in the log.

Can you download and run Ewido again?

http://www.ewido.net/en/download/

Install Ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido.
It will prompt you to update click the OK button and it will go to the main screen.
On the left side of the main screen click update.
Click on Start and let it update.
DO NOT run a scan yet.

Boot into Safe Mode (start tapping the F8 key at Startup, before the Windows logo screen)

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot to Normal Mode.

You did this already too, but run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
Save the results from the scan.

Post a new Hijack This log, the Ewido scan results and the ActiveScan results
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
gopher85's Avatar
gopher85 gopher85 is offline
Member with 107 posts.
THREAD STARTER
 
Join Date: Dec 2004
Location: Illinois
Experience: always learning
25-Sep-2005, 12:43 AM #3
will do the ewido again. thanks
hewee's Avatar
Computer Specs
Member with 55,546 posts.
 
Join Date: Oct 2001
Location: Sacto. Ca.
25-Sep-2005, 01:01 AM #4
Good reason to get a good hosts file to block out at sites.
gopher85's Avatar
gopher85 gopher85 is offline
Member with 107 posts.
THREAD STARTER
 
Join Date: Dec 2004
Location: Illinois
Experience: always learning
25-Sep-2005, 11:28 AM #5
Completed ewido scan in safe mode found nothing. Ran panda active scan and it found nothing. I tried just for kicks to do the symantec online scan and it denied allowing an online scan. It came back saying IE needed to be 5.0 or larger but I'm running IE 6.0 with sp2 after checking. May be something blocking?
Still got a pop behind this morning again it's media-fastclick-net trying to sell or whatever computer registry cleaner.
Thanks for the help
MFDnNC's Avatar
Member with 49,015 posts.
 
Join Date: Sep 2004
25-Sep-2005, 11:31 AM #6
gopher85's Avatar
gopher85 gopher85 is offline
Member with 107 posts.
THREAD STARTER
 
Join Date: Dec 2004
Location: Illinois
Experience: always learning
25-Sep-2005, 11:56 AM #7
Thanks. The messenger was already disabled. I did it through gibson research but did go through your link just to make sure it was still disabled and it was.
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,435 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
25-Sep-2005, 12:34 PM #8
Could this be a Fastclick cookie? That shouldn't be that big of a deal. You don't want to get them really, but there shouldn't be any performance issues as a result of it. It's more a matter of privacy than anything else. If you would enable all of Spybot's Immunization features and get Spyware Blaster, they should block most of those cookies.
gopher85's Avatar
gopher85 gopher85 is offline
Member with 107 posts.
THREAD STARTER
 
Join Date: Dec 2004
Location: Illinois
Experience: always learning
25-Sep-2005, 01:12 PM #9
It pops up behind the page and appears on the task bar on the bottom. It seems to only happen when I'm on 2 or 3 sites such as rivals.com and my local newspaper site.No cookie etc is found on any adwaware scans after a popup either.
I've got spyware blaster and have spybot immunized. My biggest concern was why does Symantec online scan deny me stating I don't have IE 5 or above. Previously when this happened there was some sort of Browser hijacker or something.
Maybe I'm missing something.
How do you load and use the Hosts block list? I've been reading but haven't tried loading anything yet. Does it block these type of pop behinds?
Again thanks
hewee's Avatar
Computer Specs
Member with 55,546 posts.
 
Join Date: Oct 2001
Location: Sacto. Ca.
26-Sep-2005, 08:51 AM #10
Protecting Your Privacy & Security

https://netfiles.uiuc.edu/ehowes/www/main-nf.htm

Look under Browser Configuration and it will help you setup your Browser.
gopher85's Avatar
gopher85 gopher85 is offline
Member with 107 posts.
THREAD STARTER
 
Join Date: Dec 2004
Location: Illinois
Experience: always learning
26-Sep-2005, 09:35 AM #11
Thanks hewee. I'll run through the settings and post the results. I think this is what I was looking for.
gopher85's Avatar
gopher85 gopher85 is offline
Member with 107 posts.
THREAD STARTER
 
Join Date: Dec 2004
Location: Illinois
Experience: always learning
26-Sep-2005, 10:12 AM #12
I'm going to close this as this seems to be what I was looking for and is doing the trick. thanks a million for the help. This seems to have cured the problems and increased the speed a bunch. Could this link,provided by hewee be posted at the beginning of security like some of the other links for security tweeks? I think it could be helpful.
Thank you both for the help

Gopher

Last edited by gopher85; 26-Sep-2005 at 11:36 AM..
hewee's Avatar
Computer Specs
Member with 55,546 posts.
 
Join Date: Oct 2001
Location: Sacto. Ca.
26-Sep-2005, 08:46 PM #13
Your welcome

Good to hear things are working and working better now.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑