TomServo92
1 Nickel

HijackThis Log - Please Review

I've been having problems with IE 6 locking up when I go to http://www.edealinfo.com.  Here's my HijackThis Log:
 
Logfile of HijackThis v1.99.0
Scan saved at 9:14:11 AM, on 12/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Downloads\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O23 - Service: InCD Helper - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
 
0 Kudos
13 Replies
zbestwun2001
6 Gallium

Re: HijackThis Log - Please Review

Before we do anything can you do a couple things first?
Go to this sight http://www.trendmicro.com/en/home/us/enterprise.htm and do an online scan and delete whatever it finds. Be sure to highlight the drives you want to have searched.

After that could you please go to http://www.majorgeeks.com/download506.html and download AdAwareSE and delete what it finds. Then while using AdAware, click on add-ons and get their plug-in for the VX2 variant, and run that and delete what it finds.
After that go to http://www.majorgeeks.com/download2471.html and download SpyBot and run that and delete what it finds.


Thanks
Steve

 

Dell Forum Member Since 2004 but not an employee of Dell

If this answers your question, click
  Yes  

0 Kudos
Midnight Star
5 Rhenium

Re: HijackThis Log - Please Review

TomServo,

That webpage took forever to load up, even on DSL - looks like it was locked up, but wasn't. Is that the only page that 'locks' up? It seems to do alot of redirecting - perhaps it's trying to load something from a third party site that's getting blocked?

Is that the only webpage that 'locks' up when trying to load?

Mike.
0 Kudos
TomServo92
1 Nickel

Re: HijackThis Log - Please Review

Steve,
 
Already been done (except I used the Symantec web AV scanner).  It found and removed the following:
 
C:\Documents and Settings\Mark\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-28e8d1c5-1a211021.zip is infected with Trojan.ByteVerify
 
Everything else was clean.
 
Mark 

Message Edited by TomServo92 on 12-26-2004 12:38 PM

0 Kudos
TomServo92
1 Nickel

Re: HijackThis Log - Please Review

Mike,

I have two other computers in my house and both load this page without a problem.  The computer that's having the problem is the brand new Inspiron laptop.  The main difference between the boxes is that the laptop is running McAfee and the other two are running Norton.

One other note:  I installed Opera on the laptop and it has no problem with this page.  Only IE has a problem.  I left it sitting for over an hour and the only way to get it back is to power it off.

Mark

Message Edited by TomServo92 on 12-26-2004 12:39 PM

Message Edited by TomServo92 on 12-26-2004 01:29 PM

0 Kudos
TomServo92
1 Nickel

Re: HijackThis Log - Please Review

New information:  This laptop is new and up until now I had only connected via wireless.  I decided to try the wired connection and sure enough, the website that was causing me problems loads just fine.  The exact configuration that causes the lock-up is using the wireless connection (802.11g) and Internet Explorer 6.  Using Opera with the wireless connection or IE with a wired connection, everything works fine.  I have the latest drivers for the wireless card.  Very weird....

0 Kudos
Midnight Star
5 Rhenium

Re: HijackThis Log - Please Review

Tom,

After lunch, i'll try my wireless connection and IE and see what happens.

Mike.
0 Kudos
TomServo92
1 Nickel

Re: HijackThis Log - Please Review

Thanks Mike!  My name is actually Mark BTW.
0 Kudos
Midnight Star
5 Rhenium

Re: HijackThis Log - Please Review

Mark,

It works just fine on a wireless 5150 running Nortons NIS Pro 2004. So, as your thinking, it must be something with McAfee - not quite sure what though.

Mike.

0 Kudos
TomServo92
1 Nickel

Re: HijackThis Log - Please Review

Well, I have an extra copy of NAV 2005 I can install.  I may give that a try tomorrow.  Also, my daughter has a C600 with the same wireless card that I have and she'll be at my house this Wednesday.  I'm going to try her laptop with this web page and see what happens.  This seems like alot of trouble for one web page but it's gotten under my skin and I just have to solve it now.

I appreciate your help with this and I'll keep posting as I get more info or (hopefully) a solution.

0 Kudos