Verification... To every site?!

[bskillz]

Hi there, my first post on this awesome forum and I need help. Every website I visit gives me a popup such as the following:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Any help would be appreciated.

 

 

 

 

 

 

 

I use AVG, keep Windows Firewall turned ON and my computer is up-to-date.

 

 

 

 

 

 

 

I'll run a scan over night to see if this could be caused by spyware or adware.

 

 

 

 

 

 

 

Cheers,

 

 

 

Bskillz.

[Mementh]

totally weird.. probabbly is a adware or such

[Phil]

Have you read the stickies?

 

 

 

Scan with Adaware SE and spybot S&D, then post a hijackthis log.

[bskillz]

Will do, thanks for advice.

[indy500fan]

isnt that (burstnet) what handles the ads on these forums?

[weezcake]

Yeah, all the ads on these forums are from burstnet. Must be some kind of spyware trying to get your computer to connect to it..

[bskillz]

Here's the log you requested, I don't understand it but maybe you will. I've done an Ad-Aware scan and a SpyBot S&D scan, removed all threats. Am about to restart PC and scan again. Thanks.

 

 

 

 

 

 

 

 

 

 

I've restarted then scanned with Ad-Aware and SpyBot and updated the HijackThis log.. Still getting that annoying popup. Did find quite a few threats the first time, none the second time so the scanners seem to work. Any ideas?

 

 

 

 

 

 

 

 

 

 

 

 

 

Oh, incase you weren't sure; This problem happens on every site with ads, not just Tip.It.

 

 

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 5:53:55 p.m., on 30/11/2005

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\inetsrv\inetinfo[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\tcpsvcs[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\snmp[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile]

 

 

 

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK[Caution: ExecutableFile]

 

 

 

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD[Caution: ExecutableFile]

 

 

 

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

 

 

 

C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY[Caution: ExecutableFile]

 

 

 

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM[Caution: ExecutableFile]

 

 

 

C:\Compaq\EAKDRV\EAUSBKBD[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\RuneScape\Desktop\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

 

 

 

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

 

 

 

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

 

 

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

 

 

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

 

 

 

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP

 

 

 

O4 - HKCU\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL[Caution: ExecutableFile]/3000

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

 

 

 

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

 

 

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab

 

 

 

O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/cab/prod/DD_v4.CAB

 

 

 

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab

 

 

 

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

 

 

 

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

 

 

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab

 

 

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 

 

 

O20 - Winlogon Notify: iexplorer - iexplorer.dll (file missing)

 

 

 

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

 

 

 

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]

 

 

 

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc[Caution: ExecutableFile]

 

 

 

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

 

 

 

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

[Vape]

Do you get username/password requests in Internet explorer too? I'm guessing that burstnet has screwed up their server settings and might be serving your location with incorrect data :-?

[bskillz]

Actually, I had a browse on the net and discovered something unusual.

 

 

 

 

 

 

 

First when I scanned my PC I had found that JAVA had a malicious file, but I didn't delete it as it's required for RuneScape.

 

 

 

 

 

 

 

Second when I had a browse on the net I found that on the Java bug website they've posted that a verification box to every site containing ads would pop up due to an error in the Java programming.

 

 

 

 

 

 

 

They had some tips to solve this problem, such as pressing CTRL + ENTER and a few other hotkeys, though I didn't try any as I'm looking for a permanent solution.

 

 

 

 

 

 

 

Weird, huh?

[bskillz]

Uninstalled Java, still comes up :wall:

[bskillz]

All fixed :shock:

 

 

 

 

 

 

 

All I did was uninstall Java, downloaded it again, reinstall it and switched my browser to IE. Problem solved, though still get the popup in FireFox.

 

 

 

 

 

 

 

*Hits 'Uninstall FireFox button'*