Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

media.fastclick.net [RESOLVED]

Started by craiggster123321 , Dec 11 2005 08:22 AM

  • This topic is locked This topic is locked

#1
craiggster123321
Posted 11 December 2005 - 08:22 AM

craiggster123321

    Member

  • Member
  • PipPip
  • 36 posts
hi.

can some1 plz help everytime I open my browser this media.fastclick.net popup appears
, I've tryed most spyware removers like spybot s&d , ad-ware SE, CW-shredder etc.
heres the hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 14:17:20, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Messenger\msmsgs.exe
C:\anti-spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129727807546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements

#2
greyknight17
Posted 14 December 2005 - 06:18 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Download AproposFix at http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then reboot your computer to Safe Mode by doing the following:
1) Restart your computer.
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear.
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
  • 0

#3
craiggster123321
Posted 20 December 2005 - 05:47 PM

craiggster123321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Ive tryed running the BAT but half way through it just says that the CPU has performed an illegal operation???
  • 0

#4
greyknight17
Posted 20 December 2005 - 09:00 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Try it again...

If it still won't work, then do this:

Please download and install the trial version of Webroot SpySweeper (8.3mg) http://www.webroot.c...4011&vcode=DT02

When SpySweeper starts, please accept any prompts to update definitions.
Configure it as follows:
*From the left pane, click Options
*Select the Sweep Options tab & ensure the following are ticked:
-Sweep Memory
-Sweep Registry
-Sweep Cookies
-Sweep All Users accounts
*Do Not Sweep System Restore Folder
*Enable Direct Disk Sweeping
*Sweep For Rootkits
After that's done, select Sweep from the left pane & click on the Start button

Allow Spysweeper to reboot your machine to remove the infected files.
*After rebooting, launch SpySweeper & select Results from the left pane
*Click the 'Session Log' tab & choose Save to File to create a log.

Post that in your next reply along with a new HijackThis log.
  • 0

#5
craiggster123321
Posted 21 December 2005 - 03:31 PM

craiggster123321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
heres the log:


********
20:53: | Start of Session, 21 December 2005 |
20:53: Spy Sweeper started
20:53: Sweep initiated using definitions version 589
20:53: Starting Memory Sweep
20:57: Found Adware: whenu savenow
20:57: Detected running threat: C:\Program Files\VVSN\VVSN.exe (ID = 188685)
20:57: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || VVSN (ID = 0)
20:57: Memory Sweep Complete, Elapsed Time: 00:04:13
20:57: Starting Registry Sweep
20:57: Found Adware: clickyes2enter dialer
20:57: HKLM\software\asdplugin\ (18 subtraces) (ID = 105886)
20:57: HKLM\software\microsoft\windows\currentversion\run\ || asdplugin (ID = 105887)
20:57: Found Adware: cnsmin
20:57: HKCR\clsid\{205ff73b-ca67-11d5-99dd-444553540006}\ (4 subtraces) (ID = 106160)
20:57: HKLM\software\classes\clsid\{205ff73b-ca67-11d5-99dd-444553540006}\ (4 subtraces) (ID = 106191)
20:57: HKLM\software\microsoft\windows\currentversion\run\ || vvsn (ID = 140442)
20:57: Found Adware: screensavers
20:57: HKLM\software\screensavers.com\ (ID = 140569)
20:57: Found Adware: searchrelevancy
20:57: HKCR\interface\{300fa067-9b94-45cf-a30b-cb5221eeb0c3}\ (8 subtraces) (ID = 141290)
20:57: HKLM\software\classes\interface\{300fa067-9b94-45cf-a30b-cb5221eeb0c3}\ (8 subtraces) (ID = 141293)
20:57: HKLM\software\classes\typelib\{65a6bb6d-78d0-4e0a-824d-2de1e0d154af}\ (9 subtraces) (ID = 141295)
20:57: HKLM\software\classes\updater.bho\ (5 subtraces) (ID = 141297)
20:57: HKCR\typelib\{65a6bb6d-78d0-4e0a-824d-2de1e0d154af}\ (9 subtraces) (ID = 141302)
20:57: HKCR\updater.bho\ (5 subtraces) (ID = 141303)
20:57: Found Adware: systemprocess
20:57: HKLM\software\microsoft\windows\currentversion\uninstall\startup\ (2 subtraces) (ID = 860412)
20:57: Found Adware: rx toolbar
20:57: HKU\S-1-5-21-1181107785-3248327332-464843530-1006\software\rx toolbar\ (1 subtraces) (ID = 140298)
20:57: Found Adware: begin2search
20:57: HKU\S-1-5-21-1181107785-3248327332-464843530-1006\software\_rtneg\ (4 subtraces) (ID = 639273)
20:57: HKU\S-1-5-21-1181107785-3248327332-464843530-1006\software\system process\ (1 subtraces) (ID = 860389)
20:57: HKU\S-1-5-21-1181107785-3248327332-464843530-1006\software\system process\ || lastptime (ID = 860390)
20:58: Registry Sweep Complete, Elapsed Time:00:00:41
20:58: Starting Cookie Sweep
20:58: Found Spy Cookie: a cookie
20:58: administrator@a[1].txt (ID = 2027)
20:58: Found Spy Cookie: 2o7.net cookie
20:58: craig@2o7[1].txt (ID = 1957)
20:58: Found Spy Cookie: about cookie
20:58: craig@about[2].txt (ID = 2037)
20:58: Found Spy Cookie: specificclick.com cookie
20:58: [email protected][1].txt (ID = 3400)
20:58: Found Spy Cookie: azjmp cookie
20:58: craig@azjmp[2].txt (ID = 2270)
20:58: craig@a[1].txt (ID = 2027)
20:58: Found Spy Cookie: bizrate cookie
20:58: craig@bizrate[2].txt (ID = 2308)
20:58: Found Spy Cookie: ccbill cookie
20:58: craig@ccbill[1].txt (ID = 2369)
20:58: Found Spy Cookie: cd freaks cookie
20:58: craig@cdfreaks[2].txt (ID = 2370)
20:58: [email protected][1].txt (ID = 1958)
20:58: [email protected][1].txt (ID = 2038)
20:58: Found Spy Cookie: fastclick cookie
20:58: craig@fastclick[2].txt (ID = 2651)
20:58: Found Spy Cookie: go.com cookie
20:58: craig@go[2].txt (ID = 2728)
20:58: [email protected][2].txt (ID = 2038)
20:58: [email protected][1].txt (ID = 2038)
20:58: Found Spy Cookie: howstuffworks cookie
20:58: craig@howstuffworks[2].txt (ID = 2805)
20:58: [email protected][2].txt (ID = 2038)
20:58: [email protected][1].txt (ID = 1958)
20:58: [email protected][1].txt (ID = 2652)
20:58: [email protected][2].txt (ID = 1958)
20:58: [email protected][1].txt (ID = 2729)
20:58: Found Spy Cookie: partypoker cookie
20:58: craig@partypoker[2].txt (ID = 3111)
20:58: Found Spy Cookie: rc cookie
20:58: craig@rc[1].txt (ID = 3231)
20:58: [email protected][1].txt (ID = 2729)
20:58: Found Spy Cookie: tracking cookie
20:58: craig@tracking[1].txt (ID = 3571)
20:58: Found Spy Cookie: clickzs cookie
20:58: [email protected][2].txt (ID = 2413)
20:58: Found Spy Cookie: xiti cookie
20:58: craig@xiti[1].txt (ID = 3717)
20:58: Found Spy Cookie: zedo cookie
20:58: craig@zedo[1].txt (ID = 3762)
20:58: Cookie Sweep Complete, Elapsed Time: 00:00:11
20:58: Starting File Sweep
20:58: c:\program files\searchrelevant (1 subtraces) (ID = -2147480349)
20:58: Found Adware: starware toolbar
20:58: c:\documents and settings\all users\application data\starware (ID = -2147480224)
20:58: c:\program files\vvsn (3 subtraces) (ID = -2147480376)
20:59: Found Adware: shopathomeselect
20:59: gah95on6.ini (ID = 75741)
21:00: ustart.exe (ID = 161346)
21:06: p1fumi62.dat (ID = 75843)
21:10: kdlmjh8r.dat (ID = 75808)
21:13: tm97pj39.dat (ID = 75969)
21:13: vvsninst.exe (ID = 74460)
21:13: vvsn.exe (ID = 188685)
21:13: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || VVSN (ID = 0)
21:19: bln02nqv.ini (ID = 75683)
21:19: 70tovmto.ini (ID = 75621)
21:19: Found System Monitor: potentially rootkit-masked files
21:19: !new versions! --- acoustica power pack full programs - (mp3-audio-suite)-mp3-audio-mixer 2.13 - dj remixer software, mp3 cd burner 1.48 (ID = 0)
21:19: !new versions! --- acoustica power pack full programs - (mp3-audio-suite)-mp3-audio-mixer 2.13 - dj remixer software, mp3 cd burner 1.48 (ID = 0)
21:19: File Sweep Complete, Elapsed Time: 00:21:04
21:19: Full Sweep has completed. Elapsed time 00:26:16
21:19: Traces Found: 144
21:23: Removal process initiated
21:23: Quarantining All Traces: potentially rootkit-masked files
21:23: potentially rootkit-masked files is in use. It will be removed on reboot.
21:23: !new versions! --- acoustica power pack full programs - (mp3-audio-suite)-mp3-audio-mixer 2.13 - dj remixer software, mp3 cd burner 1.48 is in use. It will be removed on reboot.
21:23: !new versions! --- acoustica power pack full programs - (mp3-audio-suite)-mp3-audio-mixer 2.13 - dj remixer software, mp3 cd burner 1.48 is in use. It will be removed on reboot.
21:23: Quarantining All Traces: begin2search
21:23: Quarantining All Traces: clickyes2enter dialer
21:23: Quarantining All Traces: cnsmin
21:23: Quarantining All Traces: starware toolbar
21:23: Quarantining All Traces: rx toolbar
21:23: Quarantining All Traces: screensavers
21:23: Quarantining All Traces: searchrelevancy
21:23: Quarantining All Traces: shopathomeselect
21:23: Quarantining All Traces: systemprocess
21:23: Quarantining All Traces: 2o7.net cookie
21:23: Quarantining All Traces: a cookie
21:23: Quarantining All Traces: about cookie
21:23: Quarantining All Traces: azjmp cookie
21:24: Quarantining All Traces: bizrate cookie
21:24: Quarantining All Traces: ccbill cookie
21:24: Quarantining All Traces: cd freaks cookie
21:24: Quarantining All Traces: clickzs cookie
21:24: Quarantining All Traces: fastclick cookie
21:24: Quarantining All Traces: go.com cookie
21:24: Quarantining All Traces: howstuffworks cookie
21:24: Quarantining All Traces: partypoker cookie
21:24: Quarantining All Traces: rc cookie
21:24: Quarantining All Traces: specificclick.com cookie
21:24: Quarantining All Traces: tracking cookie
21:24: Quarantining All Traces: whenu savenow
21:24: whenu savenow is in use. It will be removed on reboot.
21:24: vvsn.exe is in use. It will be removed on reboot.
21:24: Quarantining All Traces: xiti cookie
21:24: Quarantining All Traces: zedo cookie
21:24: Preparing to restart your computer. Please wait...
21:24: Removal process completed. Elapsed time 00:01:00
********
20:49: | Start of Session, 21 December 2005 |
20:49: Spy Sweeper started
20:51: Your spyware definitions have been updated.
20:53: | End of Session, 21 December 2005 |
  • 0

#6
craiggster123321
Posted 21 December 2005 - 03:33 PM

craiggster123321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
hijacklog:

Logfile of HijackThis v1.99.1
Scan saved at 21:32:45, on 12/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\anti-spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129727807546
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#7
greyknight17
Posted 21 December 2005 - 10:15 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Still getting those popups now? If not, then:

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#8
craiggster123321
Posted 22 December 2005 - 04:41 AM

craiggster123321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
there still appearing when i run bearshare but not IE ?

Edited by craiggster123321, 22 December 2005 - 04:42 AM.

  • 0

#9
greyknight17
Posted 22 December 2005 - 10:18 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you have another browser like Firefox that you can use? If so, see if that has any problems. If not, then you know where the problem lies...it's BearShare.

Just to be sure it's not a hosts file problem:

Go to c:\windows\system32\drivers\etc and open up the hosts file (no extensions) up in Notepad. There should be a bunch of lines with a # in front of them followed by a single line like:

127.0.0.1 localhost

If you have anything after that, please post them here.
  • 0

#10
craiggster123321
Posted 23 December 2005 - 12:20 PM

craiggster123321

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
ive found the problem - the souce in the bearshare browser has a js that creates the pop-up , is there anyway of changing the source in bearshare?
  • 0

#11
greyknight17
Posted 23 December 2005 - 03:59 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
We don't support any Peer to Peer file sharing programs. You may try asking in the BearShare forums...
  • 0

#12
greyknight17
Posted 23 December 2005 - 03:59 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP