11-25-2003, 11:10 AM | #11 | |
Knight of the Rose
Join Date: April 8, 2003
Location: Arkansas
Age: 48
Posts: 4,442
|
Quote:
__________________
[url]\"http://stormymystic.deviantart.com/gallery/\" target=\"_blank\"> [img]\"http://img92.imageshack.us/img92/3968/stormyvx6.jpg\" alt=\" - \" /></a> |
|
11-25-2003, 11:18 AM | #12 | |
Harper
Join Date: October 2, 2001
Location: Aberdeen, Scotland
Age: 42
Posts: 4,774
|
Quote:
__________________
[img]\"http://www.sighost.us/members/Zvijer/andrewas.gif\" alt=\" - \" /> |
|
11-25-2003, 12:34 PM | #13 | |
Symbol of Cyric
Join Date: November 25, 2002
Location: NY
Age: 48
Posts: 1,190
|
Quote:
but there is still 32 processes running, not sure what they are, or how to get rid of them [/QUOTE]Stormy, what version of Windows are you running? I know Win2000 has all these stupid automatic "services" that run but that in real life you don't need most of them. If you go to the control panel and Administrative tools, you'll see "Services" in there. Sorry I can't tell you what you need and don't need, though, someone else here will have to answer that for you.
__________________
[img]\"http://www.bethspage.us/sig.jpg\" alt=\" - \" /> |
|
11-25-2003, 12:42 PM | #14 |
Knight of the Rose
Join Date: April 8, 2003
Location: Arkansas
Age: 48
Posts: 4,442
|
well, I did what Andrewas suggested, and found at least 1 hijacker, the problem is, it keeps coming back, even after I un-install the program, I have run Ad Aware 5 times now, and it keeps finding things [img]graemlins/crying.gif[/img] I am gonna go scream in a minute, I was planning on spending time with my kids, but if I do not get this fixed, and the computer crashes, my husband will go ballistic
Harley, I am on Windows XP and I have tried that as well, and it does basicly the same thing, I have no clue what should be, and what should not be on there, I keep getting confused on like MCagent, it keeps trying to change the spelling to msagent, and that is not what is showing up!, I also downloaded a hijack killer, called hijack this, and it found alot of stuff, but not sure how to procede from there
__________________
[url]\"http://stormymystic.deviantart.com/gallery/\" target=\"_blank\"> [img]\"http://img92.imageshack.us/img92/3968/stormyvx6.jpg\" alt=\" - \" /></a> |
11-25-2003, 01:51 PM | #15 |
Harper
Join Date: October 2, 2001
Location: Aberdeen, Scotland
Age: 42
Posts: 4,774
|
Mcagent is part of network versions of Mcaffe. Which sounds odd to find on a home system, but it is legit.
Edit] On hijack this, heres a tutorial on reading the logs: http://www.spywareinfo.com/~merijn/htlogtutorial.html Or post it here. Or ask on those forums. [ 11-25-2003, 01:59 PM: Message edited by: andrewas ] |
11-25-2003, 02:22 PM | #16 |
Dungeon Master
Join Date: May 19, 2003
Location: Woodstock, Ontario, Canada
Age: 50
Posts: 93
|
If you remove something and it comes back then something must be installing it. I used to use KaZaA and it kept installing stuff and I assume other software does this as well.
The first thing I would do is kill all non essential processes. I would then run your adaware and spybot and antivirus software. I know of some software which while it is running you can never get rid of it (viruses and maleware mostly). www.blackviper.com is a good site for help in determining what service/process does what. I would get rid of all the services/processes you absolutely don't need. You can then bring them back one at a time and see if this hijacker gets reinstalled. It's an annoying process but if you have no other choice. You could also check your registry to see what is being run at startup. Run regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run. I'm sure there is another way to find out what is run at startup but I'm unsure the correct winxp program to run. Anyway this will tell you all the programs that get run at start up. I don't go into the registry very often and I don't advise editing it. I have three things in my run and nothing in runonce. This might help in determining what is reinstalling the hijacker. I hope some of this helps. |
11-25-2003, 04:24 PM | #17 |
Knight of the Rose
Join Date: April 8, 2003
Location: Arkansas
Age: 48
Posts: 4,442
|
I will post it here Andrewas
Logfile of HijackThis v1.97.7 Scan saved at 10:54:32 AM, on 11/25/2003 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\taskmgr.exe C:\Program Files\Browser Hijack Blaster\bhblaster.exe C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us3.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O1 - Hosts: comments (such as these) may be inserted on individual O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_2_3_0. dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\DOWNLO~1\STUMBL~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_2_3_0. dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe O4 - HKLM\..\Run: [MSNSysRestore] C:\WINDOWS\System32\pc32.exe bg O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe" O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O9 - Extra button: ieSpell (HKLM) O9 - Extra 'Tools' menuitem: ieSpell (HKLM) O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O9 - Extra button: WeatherBug (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/game.../y/fltt3_x.cab O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/active...side_web18.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/fu...tup1.0.0.6.cab O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minib...ansporter.cab? O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...2/mcinsctl.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1475173e0e172f5...p/RdxIE601.cab O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://shizmoo.com/activex/web664.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/pcpowerscan.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...05/mcfscan.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab have fun
__________________
[url]\"http://stormymystic.deviantart.com/gallery/\" target=\"_blank\"> [img]\"http://img92.imageshack.us/img92/3968/stormyvx6.jpg\" alt=\" - \" /></a> |
11-25-2003, 05:29 PM | #18 | |
Harper
Join Date: October 2, 2001
Location: Aberdeen, Scotland
Age: 42
Posts: 4,774
|
Ouch. Longer than I expected. I'll mark down the instant-kill stuff that I can spot. Some of the lexmark stuff is possibly buggy, but it dosent cause internet weirdness, so leave it.
Quote:
[ 11-25-2003, 06:04 PM: Message edited by: andrewas ]
__________________
[img]\"http://www.sighost.us/members/Zvijer/andrewas.gif\" alt=\" - \" /> |
|
11-25-2003, 06:06 PM | #19 |
Knight of the Rose
Join Date: April 8, 2003
Location: Arkansas
Age: 48
Posts: 4,442
|
ok, I think that helped, so far no random weirdness, or change of sites,
now if it just does not come back :/ [ 11-25-2003, 06:36 PM: Message edited by: Stormymystic ]
__________________
[url]\"http://stormymystic.deviantart.com/gallery/\" target=\"_blank\"> [img]\"http://img92.imageshack.us/img92/3968/stormyvx6.jpg\" alt=\" - \" /></a> |
11-25-2003, 06:35 PM | #20 |
Knight of the Rose
Join Date: April 8, 2003
Location: Arkansas
Age: 48
Posts: 4,442
|
ok, I give up, I honestly do, the files are back on my system, no matter how I
go about removing them, they always come back [img]graemlins/crying.gif[/img] [ 11-25-2003, 06:36 PM: Message edited by: Stormymystic ]
__________________
[url]\"http://stormymystic.deviantart.com/gallery/\" target=\"_blank\"> [img]\"http://img92.imageshack.us/img92/3968/stormyvx6.jpg\" alt=\" - \" /></a> |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Small problem. | Bithron | General Discussion | 10 | 12-30-2005 06:48 PM |
Small Help | UFOsmurfCHILD | Icewind Dale | Heart of Winter | Icewind Dale II Forum | 4 | 09-20-2002 03:27 AM |
small problem with a Thief guild quest | slackerboy | Miscellaneous Games (RPG or not) | 15 | 05-30-2002 04:01 AM |
Melusine - it's a small, small world | Donut | General Conversation Archives (11/2000 - 01/2005) | 12 | 03-11-2002 06:54 AM |
A small problem! | dragonslayer | Icewind Dale | Heart of Winter | Icewind Dale II Forum | 7 | 08-22-2000 07:56 AM |