Browser has http://ehttp.cc/?

Computing.Net > Forums > Security and Virus > Browser has http://ehttp.cc/?

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Browser has http://ehttp.cc/?

Name: mer
Date: December 7, 2003 at 17:29:48 Pacific
OS: Windows XP Version 2002
CPU/Ram: 256

Comment:

Ok I am not a computer expert or anything of the sort, I purchased a laptop for school becasue my major required one. I use it for papers, email, surfing the net nothing to serious however I have a feeling sonething is not right. About a week or so ago I noticed the drop down list in Internet Explorer, where it shows the webpages Ive been to, there is htt://ehttp.cc/? before all of the web sites. I think I have a virus or some kind of problem. I have reaf through many posts and decided to download and run CWShredder, Spybot Search and destroy which found a bunc of stuff I got rid of, I have used Lavasoft Adaware 6.0, and of course Mcafee Virus Scan. I still have this problem as well as pop ups, and at times I cannot use my eudora emai. Have I been hacked? I also ran Hijack this and here is the log:
Logfile of HijackThis v1.97.7
Scan saved at 10:38:04 PM, on 12/5/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\QCONSVC.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\NWTRAY.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Student\Local Settings\Temp\Rar$EX0s.v20\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clemson.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
Could you direct me as to what to do next? I would really appreciate it, if you need any addtional info let me know. Thanks in advance for any advice
Mike

Sponsored Link

Ads by Google

Response Number 1

Name: Abnormal
Date: December 7, 2003 at 20:05:38 Pacific

Reply:

You need to post the full log, got
to be more after the first run line(04).

Response Number 2

Name: Imp
Date: December 7, 2003 at 21:59:44 Pacific

Reply:

Hello mar,
As you are runing AOL as your provider, I don't understand how you can have this problem ? are you sure you are not corrupted into your internet explorer program ?
Try a "repair" first to see it's coming from there:
Go to Control Panel, when not connected to internet, find program "add & remove programs", find line "internet explorer and his tools", open it, 3 options, one is "repair", send the procedure, your computer will need a reboot when procedure done....
Let's see if it help...

Response Number 3

Name: www
Date: December 7, 2003 at 23:13:03 Pacific

Reply:

http://ehttp.cc/uninstall.reg
will uninstall http://ehttp.cc/
from: http://www.computing.net/security/wwwboard/forum/7297.html

Response Number 4

Name: mer
Date: December 8, 2003 at 10:20:47 Pacific

Reply:

Sorry about the shortened log before, dont know how i skipped over the rest. Well here is the full report:
Logfile of HijackThis v1.97.7
Scan saved at 1:15:19 PM, on 12/8/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\QCONSVC.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\NWTRAY.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Student\LOCALS~1\Temp\Rar$EX0k.q30\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clemson.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.exe
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.6\taumon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\netware\nwws2nds.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned35.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37909.7485300926
O17 - HKLM\System\CCS\Services\Tcpip\..\{C957DC63-88CE-4C92-A461-03379108D79F}: NameServer = 205.188.199.134
Thanks for the suggestions guys, ill give it a try!!!

Response Number 5

Name: Athanasios from Mace
Date: December 14, 2003 at 12:42:24 Pacific

Reply:

Erase the file Addclass.exe which is in C:\WINDOWS. Then download http://ehttp.cc/uninstall.reg and run it.
Reboot.
That's the only procedure that seem to work.

A461-L00 A461-L00 cisco 350 aironet driver xp java40.jar mailx cc cc compiler curl https http://www.computing.net/unix/wwwboard/forum/5648.html http://pachome1.pacific.net.sg/~novelway/MEW2/lesson1.html telnet over http	http://www.computing.net/unix/wwwboard/forum/5992.html http://www.computing.net/unix/wwwboard/forum/5223.html http://acts.poly.edu/~chlam/Download/MSDOS622 SUNWspro cc dom.jar WINDOWS 2008 NETWARE Windows CIFS Netware windows mount netware webmin HTTP tunnel mars-nwe
See More

Response Number 6

Name: Valter Wolf
Date: December 19, 2003 at 10:01:53 Pacific

Reply:

Thanks to Athanasios from Mace
It�s really works!
Erase the file Addclass.exe which is in C:\WINDOWS. Then download http://ehttp.cc/uninstall.reg and run it.
Reboot.
That's the only procedure that seem to work.
Thank you so much!!!!

Response Number 7

Name: Jinxer
Date: January 21, 2004 at 14:13:41 Pacific

Reply:

I am having same problem but the link to the uninstall doesnt work. Can someone give me a workable link?
Jinxer

Sponsored Link

Ads by Google

Toolbar called eedrdrllue...

hijack this

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Browser has http://ehttp.cc/?

How to remone ehttp.cc/?

Summary

www.computing.net/answers/security/how-to-remone-ehttpcc/7297.html

Finf 4u has got me

Summary

www.computing.net/answers/security/finf-4u-has-got-me/11082.html

tdss-trojan, black screen/safe mode

Summary

www.computing.net/answers/security/tdsstrojan-black-screensafe-mode/23854.html

From the Geek Dictionary
graphics card - Graphics cards are PCBs (printed circuit boards) that perform the dual role...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
Internet Connection

My Computer won't let me into the properties

Please can someone read my Hijackthis log?

End Program - n

ssid code

All Awaiting Reply

Tom's News
Xbox Live Marketplace Getting Pets

Snoop Dogg Lends His Voice to GPS Navigation

Roomba Saves Family From Poisonous Snake

New Super Mario Bros. Wii Looks Great in 1080p

AT&T's Case Against Verizon Dismissed

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE