| View previous topic :: View next topic |
| Author |
Message |
swrighty
Newbie
Joined: 03 Apr 2005
Last Visit: 06 Apr 2005
Posts: 3
|
 Posted: Sun Apr 03, 2005 3:16 am Post subject: mediaplex driving me crazy. how do i get shot of it |
 |
|
Logfile of HijackThis v1.99.1
Scan saved at 11:39:33, on 03/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supanet.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104184802250
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
_________________
steve |
|
| Back to top |
|
 |
CalamityJane
Site Admin
Joined: 05 Feb 2004
Last Visit: 22 Sep 2009
Posts: 1020
Location: Central Florida, USA
|
| Posted: Mon Apr 04, 2005 1:16 pm Post subject: |
|
|
Hi swrighty
Can you be more specific as to the problems you are experiencing?
There is nothing bad showing on your HijackThis log and as far as I can tell by searching MediaPlex is a tracking cookie:
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453060841
_________________
Microsoft MVP 2003-2008, Windows - Security |
|
| Back to top |
|
|
swrighty
Newbie
Joined: 03 Apr 2005
Last Visit: 06 Apr 2005
Posts: 3
|
| Posted: Mon Apr 04, 2005 10:13 pm Post subject: mediaplex |
|
|
hi calamity,
keep getting message, the connection refused when attempting to connect altfarm.mediaplex .com , when clicking on some links. have removed mediaplex with spybot
thanks swrighty
_________________
steve |
|
| Back to top |
|
|
CalamityJane
Site Admin
Joined: 05 Feb 2004
Last Visit: 22 Sep 2009
Posts: 1020
Location: Central Florida, USA
|
| Posted: Tue Apr 05, 2005 7:07 am Post subject: |
|
|
Hi Steve,
Thanks for letting me know. Glad you got it sorted then 
Here are some more good free programs to get for prevention if you don't have them, I highly recommend them:
How to Stop Hijackers & Spyware Infections, And other malware too!
http://forum.gladiator-antivirus.com/index.php?showtopic=9857
I just updated that page to include the new Microsoft Antispyware Beta1. It has really good realtime prevention to prevent spyware from installing A good compliment to Spybot and it's teatimer.
The MSAS Beta doesn't do cookies though. Spybot and Adaware are good for that.
_________________
Microsoft MVP 2003-2008, Windows - Security |
|
| Back to top |
|
|
swrighty
Newbie
Joined: 03 Apr 2005
Last Visit: 06 Apr 2005
Posts: 3
|
| Posted: Tue Apr 05, 2005 1:08 pm Post subject: |
|
|
hi calamity,
sorry, we got wires crossed, i meant i still got the message after i'd removed mediaplex with spybot
thanks swrighty 
_________________
steve |
|
| Back to top |
|
|
CalamityJane
Site Admin
Joined: 05 Feb 2004
Last Visit: 22 Sep 2009
Posts: 1020
Location: Central Florida, USA
|
| Posted: Tue Apr 05, 2005 1:33 pm Post subject: |
|
|
Oh, sorry, I guess I misread that.
Try using a custom HOSTS file to block it. This is a very well known one:
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
You'll need to keep it up to date by checking the website for updates.
Spybot is another that has a custom HOSTS file option within the program.
_________________
Microsoft MVP 2003-2008, Windows - Security |
|
| Back to top |
|
|
|
