Odd Problem

  1. 04-04-2005  #1
    Levrar
    Levrar is offline Newbie

    Odd Problem

    Ok, just the other day my computer quit working properly. I fixed most of the problems but now my user is the only one that can access the internet (Windows XP). I have no idea what I'm doing now, so any help would be appreciated. SP2 will not install on my computer, so I'm stuck with SP1. Also, services such as MSN Messenger will no longer run on my browser.

    EDIT: Scanned with latest version.

    HijackThis Log
    Logfile of HijackThis v1.99.1
    Scan saved at 4:16:57 PM, on 04/04/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\crypserv.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\winlogon.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\progra~1\intern~1\iexplore.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\PCRescue\PCRescue.exe
    C:\HijackThis\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fodfhseiywanmc.com/_DpgpV...w/AltowEcw.cgi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enca
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://start.shaw.ca/start/enca/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    F0 - system.ini: Shell=Explorer.exe C:\windows\system32\msiexec16.exe
    F1 - win.ini: run=C:\windows\system32\msiexec16.exe
    F2 - REG:system.ini: Shell=Explorer.exe
    O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
    O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: C:\WINDOWS\lbbho.dll - {5E063C53-B355-40CD-80AF-622A5940617B} - C:\WINDOWS\lbbho.dll
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll
    O2 - BHO: (no name) - {9392A337-3715-D893-7571-F620512416D5} - C:\DOCUME~1\Matthew\APPLIC~1\STOREF~1\eq real.exe
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Searchit Toolbar - {0E1230F8-EA50-42A9-983C-D22ABC2E0099} - C:\PROGRA~1\Searchit\searchit.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [explorer] C:\WINDOWS\System32\explorer.exe
    O4 - HKLM\..\Run: [GMTZDJQW] C:\WINDOWS\GMTZDJQW.exe
    O4 - HKLM\..\Run: [LSFMS] C:\WINDOWS\LSFMS.exe
    O4 - HKLM\..\Run: [zlilve] C:\WINDOWS\System32\lqbiads.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
    O4 - HKLM\..\Run: [OSS] C:\WINDOWS\SYSTEM32\ossproxy.exe -boot
    O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.ex e"
    O4 - HKLM\..\Run: [forshowonlineless] C:\Documents and Settings\All Users\Application Data\Storelocksforshow\Wait heart.exe
    O4 - HKLM\..\RunServices: [CMD] cmd32.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [Wait Corn] C:\DOCUME~1\Matthew\APPLIC~1\REFTHI~1\two platform.exe
    O4 - HKCU\..\Run: [KnightSpy] c:\program files\metal knights\knightspy.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029
    O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
    O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
    O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
    O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://game5.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
    O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
    O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://www.bullseye-network.com/cash...r_VENDARE3.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {3717DF57-0396-463D-98B7-647C7DC6898A} - http://toolbar.searchit.com/searchit_toolbar.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_41.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...1/mcinsctl.cab
    O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
    O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/...e/collapse.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...ed/install.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab31267.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...19/mcgdmgr.cab
    O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab
    O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
    O20 - Winlogon Notify: explorer - explorer.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    Last edited by Levrar; 05-04-2005 at 12:17 AM.
  2. 13-04-2005  #2
    owen
    owen is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    Hiya,
    Its clear what your problem is from the log, but due to a long response time from myself (apologies), I need a new log.
+ Reply to Thread
« Problems | Rebooting during virus scan »