• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
Gabriele Hauschild

Unvisited web-site constantly in IE History

8 posts in this topic

I have read your forum's FAQ document.

I have a stand-alone PC Pentium 3 running Windows 98 second edition with Internet Explorer 6, SP1 which is Microsoft-patched up-to-date.

I have run with up-to-date updates: AdAware 6.181, SpybotSD 1.3 (inoculate enabled), CWShredder 1.59.0. I have SpywareBlaster 3.1 loaded and up-to-date and Norton Internet Security 2001.

 

Whenever I connect to the Internet using Internet Explorer 6, SP1 ("IE") I can see in its "History" the following one URL:

 

"http://media47.fastclick.net/w/safepop.cgi?mid=23313&sid=5543&id=101132&len=0&c=10&nfcp=1&fp=1&top=234&left=152&pop=slider"

 

This is despite having previously deleted that item and never having visited such a URL. When I close IE there remains minimised to the Desktop Taskbar, the following: "http://media47.fast..."

If I leave the cursor on the latter, a yellow note appears showing the above-mentioned URL.

 

I have made a "HijackThis Startup Log" to submit only if requested.

I assume the unwanted URL may be the result of malware and would like to remove the malware. I hope you can assist.

Regards,

Gabriele Hauschild

 

The following is the "HijackThis Log File":

 

Logfile of HijackThis v1.97.7

Scan saved at 22:01:04, on 09/06/2004

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE

C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\NISSERV.EXE

C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\IAMAPP.EXE

C:\PROGRAM FILES\NORTON INTERNET SECURITY FAMILY EDITION\NISUM.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\E_S10IC2.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\GSICON.EXE

C:\WINDOWS\SYSTEM\DSLAGENT.EXE

C:\PROGRAM FILES\EXIF LAUNCHER\QUICKDCF.EXE

C:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE

C:\PROGRAM FILES\ADOBE\ACROBAT 4.0\DISTILLR\ACROTRAY.EXE

C:\PROGRAM FILES\ONE GUY CODING\AUTOMACHRON\ACHRON.EXE

C:\PROGRAM FILES\PSION\PSIWIN\PSCONSV.EXE

C:\PROGRAM FILES\PSION\PSIWIN\ELOGERR.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\SCREEN THIEF 98\ST98.EXE

C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cybersleuth-kids.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;127.0.0.1

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"

O4 - HKLM\..\Run: [NAV DefAlert] c:\PROGRA~1\NORTON~2\DEFALERT.EXE

O4 - HKLM\..\Run: [Norton Auto-Protect] c:\PROGRA~1\NORTON~2\NAVAPW32.EXE /LOADQUIET

O4 - HKLM\..\Run: [Norton eMail Protect] c:\Program Files\Norton AntiVirus\POPROXY.EXE

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun

O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [RemHelp] remhelp.exe

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [RNBOStart] c:\WINDOWS\SYSTEM\sentstrt.exe

O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Roxio\GoBack\GBPoll.exe

O4 - Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe

O4 - Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe

O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: Automachron.lnk = C:\Program Files\One Guy Coding\Automachron\achron.exe

O4 - Startup: PsiWin 2.3 Connection Server .lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe

O4 - User Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe

O4 - User Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe

O4 - User Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe

O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - User Startup: Automachron.lnk = C:\Program Files\One Guy Coding\Automachron\achron.exe

O4 - User Startup: PsiWin 2.3 Connection Server .lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe

O8 - Extra context menu item: Send Image to Photo Library - file://C:\WINDOWS\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html

O9 - Extra button: Net2Phone (HKLM)

O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7906.5492939815

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/region/reg_.../ActiveData.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?316

Share this post


Link to post
Share on other sites

Thank you Mike for your response of Jun 9 2004, 07:02 PM.

 

Please could you explain how to "rebuild the cache folders" as I could not find that as a subject in the document/URL that you mentioned. Does it mean I should delete any folders and then remake them?

 

Did you also intend I should carry out any of the deletion procedures covered in the document/URL you mentioned?

Share this post


Link to post
Share on other sites

Thank you Mike for your response of Jun 9 2004, 09:09 PM.

 

I carried out your suggestions to resize the browser cache and to rebuild the cache folders, but unfortunately this has not resolved the problem.

 

When I close IE there remains minimised to the Desktop Taskbar, the following: "http://media47.fast..." which can be closed by right-clicking and then clicking on "X Close".

 

Should I make further attempts to solve this or if it is not significant, just accept this IE error? Is there a solution to it?

 

Regards,

Share this post


Link to post
Share on other sites

Hi,

"media47.fastclick.net" is not adware or a hijacker, it's simply an ad server.

Run another scan with Ad-Aware and see if that shows up as a Cookie.

 

If not you can add that entry to the IE "Restricted Zone"

http://www.mvps.org/winhelp2002/restricted.htm

 

Internet Options | Security [tab] | Restricted icon (highlight)

Click the Sites button and add the following:

 

*.fastclick.net

 

 

Reconfigure Ad-Aware for Full Scan:

Please update the reference file following the instructions here:

http://www.lavahelp.com/howto/updref/index.html

 

Launch the program, and click on the Gear at the top of the start screen.

 

Click the "Scanning" button.

Under Drives & Folders, select "Scan within Archives".

Click "Click here to select Drives + folders" and select your installed hard drives.

 

Under Memory & Registry, select all options.

Click the "Advanced" button.

Under "Log-file detail", select all options.

Click the "Tweaks" button.

 

Under "Scanning Engine", select the following:

"Include additional Ad-aware settings in logfile" and

"Unload recognized processes during scanning."

Under "Cleaning Engine", select the following:

"Let Windows remove files in use after reboot."

Click on 'Proceed' to save these Preferences.

Please make sure that you activate IN-DEPTH scanning before you proceed.

 

If that still comes up post a fresh log after the above ...

 

See section: How To: Prevent this from happening again?

http://www.mvps.org/winhelp2002/unwanted.htm

Share this post


Link to post
Share on other sites

Thank you Mike for your response of Jun 12 2004, 07:26 PM.

 

However, I believe I have now discovered the reason for the occurances of "http://media47.fast..." .

 

I had looked for a search engine to use as my Home Page " which would be "content-safe" for my children and found: "http://cybersleuth-kids.com/".

 

When connected to "cybersleuth-kids.com", the IE "Privacy Report" shows that "http://media47.fast..." is a web site "with content on the current page" and that the setting is already set to block cookies from "media47. fast...".

 

Therefore I suppose I can either leave the "cybersleuth-kids.com" site as the Home Page or change to another.

 

I hope this information may be of use to others and want to thank you for your assistance.

 

However, perhaps you could let me know if you believe I have misunderstood the position.

 

Regards,

Share this post


Link to post
Share on other sites

Hi,

I just looked at "cybersleuth-kids.com" and they do "track" everything you do while there. Plus they use several different ad servers for pop-ups and Cookies, etc.

 

Thanks for the feedback ... :wave:

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0