To talk on Icrontic, just register!

It only takes 30 seconds.

Have an account? Sign in:

Forgot?

To reopen your thread, send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own thread instead.

 
Reply to Discussion Options
tbone46135
New to the neighborhood
tbone46135
3 Posts
9 May 2006, 1:36am

getting popups from yieldmanager, mediafastclick and others

Hoping some of you can help me out here, here is my log file from hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 8:00:39 PM, on 5/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: BHObj Class - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem218.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize314.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/...L_DownLoad.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2B4E3AB-4B2D-40E5-BE47-8A7EBDF5B47A}: NameServer = 209.132.160.4 209.132.160.5
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE




any ideas on how to get rid of these popups.

thank you in advance


feel free to e-mail me tbone@nospamccrtc.com remove the nospam

Travis Asbery
chiaz
Spyware Mod
chiaz
1,218 Posts
9 May 2006, 9:43am
Please launch HijackThis and check the following entries:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: BHObj Class - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem218.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer. As the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.

Once in safe mode, navigate to and delete the following files:
C:\WINDOWS\wsem303.dll
C:\WINDOWS\nem218.dll

Then restart the computer back to normal mode.


Then run Panda ActiveScan.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report, as well as a new HijackThis log.
tbone46135
New to the neighborhood
tbone46135
3 Posts
9 May 2006, 11:31pm
ok, I have done everything you said, and so far (knock on wood, no popups)

here is the results of the panda scan

Incident Status Location

Adware:adware/coolsavings Not disinfected c:\windows\downloaded program files\CpnMgr.dll
Dialer:dialer generic Not disinfected c:\program files\dialers
Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts
Adware:adware/dyfuca Not disinfected c:\program files\Internet Optimizer
Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
Potentially unwanted tool:application/spywarestormer Not disinfected c:\program files\Spyware Stormer
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@as-us.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@as1.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@bluestreak[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@burstnet[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@centrport[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@counter.hitslink[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@doubleclick[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@entrepreneur[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@errorsafe[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@fastclick[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@fortunecity[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@go[2].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@hotlog[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@mediaplex[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@microsofteup.112.2o7[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@revenue[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@serving-sys[2].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@spylog[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@statcounter[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@targetnet[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@tribalfusion[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@www.burstbeacon[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@www.errorsafe[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@zedo[1].txt
Adware:Adware/Dyfuca Not disinfected C:\Program Files\dialers\stmtdlr.exe
Adware:Adware/Dyfuca Not disinfected C:\Program Files\HijackThis\backups\backup-20060509-165817-764.dll
Adware:Adware/Dyfuca Not disinfected C:\Program Files\HijackThis\backups\backup-20060509-165817-794.dll
Adware:Adware/Dyfuca Not disinfected C:\Program Files\Internet Optimizer\actalert.exe
Adware:Adware/Dyfuca Not disinfected C:\Program Files\Internet Optimizer\optimize.exe
Adware:Adware/Dyfuca Not disinfected C:\Program Files\Internet Optimizer\update\actalert.exe
Adware:Adware/Dyfuca Not disinfected C:\Program Files\Internet Optimizer\update\optimize.exe
Potentially unwanted tool:Application/SpywareStormer Not disinfected C:\Program Files\Spyware Stormer\Setup.exe[SpywareStormer.exe]
Adware:Adware/Dyfuca Not disinfected C:\RECYCLER\S-1-5-21-3755221034-2340547281-2749801740-500\Dc1.dll
Adware:Adware/Dyfuca Not disinfected C:\WINDOWS\nem214.dll
Adware:Adware/Dyfuca Not disinfected C:\WINDOWS\wsem216.dll
Adware:Adware/Dyfuca Not disinfected C:\WINDOWS\wsem217.dll

here is the new hijackthis scan


Logfile of HijackThis v1.99.1
Scan saved at 6:34:21 PM, on 5/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\CallWave\IAM.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize314.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/...L_DownLoad.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2B4E3AB-4B2D-40E5-BE47-8A7EBDF5B47A}: NameServer = 209.132.160.4 209.132.160.5
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

thank you again, it has been about 2 hours since I started doing what you suggested, and no popups.

Travis Asbery
chiaz
Spyware Mod
chiaz
1,218 Posts
10 May 2006, 2:35pm
Let's use an automated tool called Ad-aware to get rid of some of the spyware/adware you currently have residing in your computer.

Please download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

1) Run Ad-Aware, and click Check for updates now.

2) Select Configurations (click the Gear wheel at the top) as follows:
  • General Button > Safety & Settings: Check (Green) all three.
  • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Click Proceed.

3) To start the scan, Click > "Scan Now" at left
  • Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
  • Select "Search for low-risk threats"
  • Select "Perform full system scan"
  • Click Next
4) When the scan has completed, select Next.
  • In the Scanning Results window, select the "Critical Objects" tab.
  • Right-click on the screen and choose "Select all objects"
  • Click Next to remove the infections found, and click OK to the prompt.
  • Restart the computer.

Now rescan with Panda ActiveScan and post a new log. You should see a shorter log now, which means that some of the pests in your computer have been removed.
tbone46135
New to the neighborhood
tbone46135
3 Posts
10 May 2006, 8:05pm
ohh yeah, a very shorter log , here it is


Incident Status Location

Dialer:dialer generic Not disinfected c:\program files\dialers
Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts
Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
Adware:adware/dyfuca Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@ad.yieldmanager[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@burstnet[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@dist.belnk[2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@entrepreneur[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@errorsafe[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@go[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@microsofteup.112.2o7[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@www.burstbeacon[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\charlie\Cookies\charlie@www.errorsafe[2].txt
Adware:Adware/Dyfuca Not disinfected C:\Program Files\dialers\stmtdlr.exe
thank you again,

paypal froze my account over 3 years ago, send me a e-mail with your address and I will be more then happy to send you a donation.

Travis Asbery
chiaz
Spyware Mod
chiaz
1,218 Posts
11 May 2006, 9:45am
Click on Start, Settings, Control Panel. Double click on Add/Remove Programs. Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts.
  • My Web Search (Smiley Central or FWP product as applicable)
  • My Way Speedbar (Smiley Central or other FWP as applicable)
  • My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
  • My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
  • Search Assistant - My Way

Boot to safe mode again. Then delete the following files/folders if present:
c:\program files\dialers
c:\program files\MyWebSearch


Now rescan with both Panda ActiveScan and HijackThis. You should be more or less cleaned up now.


P.S. I don't live anywhere near you, so it will be expensive shipping money. What about creating a new pay-pal account? Otherwise, it's OK. My help here is purely voluntary.
Go Back   Icrontic Forums > Malware Help > Spyware & Virus Removal > Resolved / Inactive
Reload this Page getting popups from yieldmanager, mediafastclick and others
Jump to
This Thread Search this Thread
Search this Thread:

Advanced Search

Today's Posts - Mark All Read - Contact Us - Icrontic.com - Archive - Top

Current time: 7:28am (GMT)
Powered by vBulletin®
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Get Vanilla instead. Trust me.