I have problems with IE and it all started with some virus I believe. I made the mistake of deleteing something that I didn't know what it was, I think. I couldn't use IE due to the pop-ups that kept popping up like about 16 in about 30 secs and I would close them and they would pop back up right away. Now my IE just locks up when ever I open it. I found IE7 (I had 6) and I thought it might fix my problems but it didn't. Here is my hijackthis log. I hope someone can help. By the way I know I have things on this computer that I don't need or even use but some of them I can't get rid of. Thanks for any help that I receive. I also have ewido so if you all want that also just let me know. Logfile of HijackThis v1.99.1 Scan saved at 11:37:00 PM, on 6/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5346.0005) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\WINDOWS\system32\hphmon04.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\arservice.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe c:\program files\mcafee.com\vso\mcmnhdlr.exe c:\program files\mcafee.com\shared\mghtml.exe C:\Documents and Settings\HP_Administrator\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID} O1 - Hosts: 216.19.0.250 idenupdate.motorola.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1DD26143-8FFE-4002-8A6D-110F10725499} - C:\Program Files\Movie Maker\mezojev.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: WCNetMon Class - {3BE313C3-DAD6-4da6-801D-75860118A0B5} - C:\Program Files\blcorp\WCCSC\WCPStop\wcpstop.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {8CA1F435-D71D-4064-A37A-B45FABB55292} - C:\Program Files\Movie Maker\mezojev.dll O2 - BHO: (no name) - {8F9239DA-3899-49AE-85F3-7BF96A984DEA} - \ O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {E6AE9BDE-2924-417B-B762-5746DA89C520} - C:\Program Files\Movie Maker\mezojev.dll O2 - BHO: (no name) - {FCB4A92A-E8A4-42E8-A1EC-BA31DD462DDE} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1143777578\ee\AOLSoftware.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [warez] "C:\Program Files\warez.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [VSL04.exe] C:\WINDOWS\system32\VSL04.exe O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm565YYUS O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141456950953 O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab O18 - Filter: text/html - {F977ADDC-8F15-42CF-A4D0-16A59026826E} - (no file) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe _____________________________________________________________________ I was doing some more reading on other post and this is my Rapport log if it would help anyone SmitFraudFix v2.63 Scan done at 1:49:07.66, Thu 06/22/2006 Run from C:\Documents and Settings\HP_Administrator\My Documents\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="C:\\Program Files\\Uninstall Information\\mefesol.html" "SubscribedURL"="" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="C:\\WINDOWS\\system32\\ad.html" "SubscribedURL"="" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
Some of this you may know... So ok you running an hp pavillion w/ media center, a dlink usb wifi adapter and your protection is mcaffee and hijack this ...ok. First off you need to shut That internet connection if you haven't already.Next go into your firewall and deny the suspects access next boot into safe mode and scan for viruses if any viruses are found Quaranteen them reboot ...then tell me what happens... The reason you do it in safe mode is because it only runs the nessesary files for your computer to run.Scanning in regular mode aint gonna do jack because the processes may be in use or the virus could be in memory.
a few potential problems I noticed as well some of these could be legit though: C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\RTHDCPL.EXE O2 - BHO: WCNetMon Class - {3BE313C3-DAD6-4da6-801D-75860118A0B5} - C:\Program Files\blcorp\WCCSC\WCPStop\wcpstop.dll O4 - HKCU\..\Run: [warez] "C:\Program Files\warez.exe" -h O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup ...etc Well buddy next time you surf porn(or whatever). Make sure it's with mozilla firefox and java disabled.If java had not been enabled this would not have happened.To disable it go into options on firefox and then content now uncheck the enable java box.If you need java sometime later you can enable it at anytime.It could have also been messenger.I don't know because I don't know what you were doing when you were infected. Next get ad-aware and or spybot if you don't already.Hijack this is lame.
well, I did that and i didn't find any viruses only about 14 more adware. My one big problem I have is IE. I can't update my programs due to the fact that everything uses IE to update. It locks up everytime I try to use it, Update or get online. I updated to IE7 thinking it might work but it didn't. Let me know what you need to help further and thanks for the help so far.
ok no viruses...that's a surprise! It's probably malware.It's still good you did it because now we know there not in memory or hiding in another active process.Let me ask do you have warez on your pc?This registry entry worries me. O4 - HKCU\..\Run: [warez] "C:\Program Files\warez.exe" -h warez(p2p) can quickly lead to viruses and spyware from downloaded apps.Actually warez it's self contains spyware too and uses it's p2p protocol to download more..But it's mostly adware NOT viruses. as well as these processes. C:\WINDOWS\RTHDCPL.EXE (this one bugs me the most) C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\arservice.exe That's not good.I know it has hijacked your browser.I wonder how your posting now you must be using IE right now.You can download mozilla ff here : http://www.mozilla.com/firefox/ Updating will do nothing. The only thing that will be helpful is this : When you went into the firwall did you see anything that isn't supposed to be there?Any entry that you don't know what it is? What were some of the adwares?It should have a log somewhere that would tell you if you forgot. What site were you on(beleive me Ive seen it all lol So I don't really care)when this happened... Do you yourself see any processes running and other crap you don't recognize? also If you need me to email you mozilla,anti-spyware apps... etc because you can't use the net easily.I can but send me a private message with your email address and what you want...And I will send it.
When I bought my computer it had aol internet browser on it but I have never used it till now. I have always heard that aol products have a mind of its own. I'll do some checking on my processess and let you know. A while back I found the ultimate trouble shooter and it kinda tells me what my processes are to a point. I got tired of looking them up online and still not really knowing what they are. This program isn't bad but there are things that are running that the program states there are many uses for the processes and I can't tell what they are for. The other thing is since all my anti- virus, asware, and spyware update useing IE they are out of date by like at least a month and I know with all this a month is kinda the same as years. Mcaffee told me that I have to have IE working in order to update. I don't know really when or were I picked up my problems at but I wish I did. I'll get the other information and post it on here shortly. Thanks
windows defender can tell you about your running processes just go to the software explorers section and then running processes. http://www.microsoft.com/downloads/...e7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en of coarse you will need IE to ge it... Yeah I dont use mcaffee I use avast antivirus,sunbelt kerio firewall,and adaware/trend micro anti-spyware.The only one that's not free is trend micro anti-spyware.
Hey thanks for the help!! I think I got most of everything taken care of at least my IE so I can update everything. Whatever it is that I had it wiped out some of my mcaffee. I loaded an older version of mcaffee but for some reason it had a conflict with my newer verson of my virus scan. I deleted it and now my IE works. I don't know why but it does. I had to load it and then uninstall it and now IE works. I did load fire fox and another program that you suggested Mainly for the malware scan. You said something in one post about sending you a private mess and maybe getting me a link to your virus scan that you use but I have been on this site long enough to know how to send a private mess yet. I might be interested in a couple of them but i think the avast(????) virus scan might be helpful. I did just find a trojon but i forgot what is was. It was z-bot or something close that nothing will get rid of but when I find out what it is I might have better luck with it lol. But like I said thanks for the help. If it wasn't for people like the ones on this site helping others out alot of people would be lost. Thanks again
