Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE corrupted


  • Please log in to reply

#1
jfish06

jfish06

    New Member

  • Member
  • Pip
  • 1 posts
Hi GTG Team,
I really hope that you can help me. I already performed all of your suggestions from page: http://www.geekstogo..._Log-t2852.html

...yet I'm still having issues.

I constantly get pop-ups when using my IE and I also get redirected to websites soliciting my business when I try to go to other sites. These are my two major issues and I think my system is corrupted with a Spyware or HiJackThis file. I believe this is slowing down my system as well. I watch other people search the web on the came network connection yet it takes my system much longer to toggle from page to page.

I also go to web pages and the browser message in the lower, left-hand corner will say "Done" yet my page is blank. I have to refresh my screen and home that the contents are then visible.

These issues have made surfing the web a real pain-in-the-butt and I'd just like to get them resolved. Nothing that I try seems to work. The only pages that I really go to are my bank's homepage, Yahoo!, ESPN, Google, and the occasional travel website like Travelocity or Expedia.

Attached is my log file from HiJackThis. Please advise.
Regards,
jfish06

Logfile of HijackThis v1.99.1
Scan saved at 10:06:58 PM, on 04/26/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\DefWatch.exe
C:\WINNT\System32\Hummingbird\Connectivity\7.11\Inetd\inetd32.exe
C:\Program Files\NavNT\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
C:\winnt\system32\htipuz.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINNT\system32\RunDLL32.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\winnt\system32\packager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\ms20939\Local Settings\Temporary Internet Files\Content.IE5\MR03YXO5\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...39928868&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...39928868&id=5.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://healthcare.home.ge.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Http://healthcare.home.ge.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...39928868&id=5.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...39928868&id=5.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...39928868&id=5.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...39928868&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GE Healthcare
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gems.setpac.ge.com:1533/pac.pac
R3 - URLSearchHook: (no name) - {AAE55BA1-28C4-9892-96E1-360A12D03944} - (no file)
O1 - Hosts: 3.184.16.24 globalapp04.ge.com
O1 - Hosts: 3.184.200.15 geshare.ge.com GESHARE.GE.COM
O1 - Hosts: 3.184.16.21 globalapp01.ge.com GLOBALAPP01.GE.COM
O1 - Hosts: 3.184.16.22 sametime01.ge.com SAMETIME01.ge.com
O1 - Hosts: 3.184.124.202 medmeeting01.ge.com MEDMEETING01.GE.COM
O1 - Hosts: 3.184.124.203 medmeeting01c.ge.com MEDMEETING01C.GE.COM
O1 - Hosts: 3.184.112.21 admeeting01.ge.com AEMEETING01.GE.COM
O1 - Hosts: 3.184.156.21 HKSHRPL01RSGE
O1 - Hosts: 3.184.156.22 HKSHSTM01RSGE
O1 - Hosts: 3.184.156.23 HKSHSTC01RSGE
O1 - Hosts: 3.184.160.22 TKSHSTM01RSGE
O1 - Hosts: 3.184.160.23 TKSHSTC01RSGE
O1 - Hosts: 3.184.168.5 UKSHRPL01RSGE
O1 - Hosts: 3.184.168.10 ukmeeting01c UKSHSTC01RSGE
O1 - Hosts: 3.184.168.15 ukmeeting01 UKSHSTM01RSGE
O1 - Hosts: 3.184.168.20 UKSHQPC01RSGE
O1 - Hosts: 3.184.124.171 medquickplace01.ge.com
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINNT\enhtb.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINNT\Helper101.dll
O2 - BHO: SDWin32 Class - {0761938E-37C1-441A-96FD-E6445869E583} - C:\WINNT\system32\wuesb.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: SDWin32 Class - {0D80B798-EBBA-45EC-9EFC-E976E795C3C9} - C:\WINNT\system32\rdskt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CPortPatch] C:\WINNT\DockQuickInstall\cppch.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [htipuz] c:\winnt\system32\htipuz.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINNT\enhupdt.exe
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINNT\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RealSecure Desktop Protector.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - FTP Prefix:
O14 - IERESET.INF: START_PAGE_URL=Http://healthcare.home.ge.com
O16 - DPF: Sametime Meeting Room Client ST25DEV9 - http://medmeeting01....gRoomClient.cab
O16 - DPF: Sametime Meeting Room Client ST30EMS - http://medmeeting01c...gRoomClient.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://medquickplace02.ge.com/qp2.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www.snapfish....tlookImport.cab
O16 - DPF: {24CEC0BF-C8BC-4BCB-B804-226326B319EF} (JNILoader Control) - http://medmeeting01c...STJNILoader.cab
O16 - DPF: {6576D070-ECD7-4E33-B162-B859975DB144} (SalesMenu.MenuControl) - http://gemsifs1.med....ales_menu47.CAB
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A4E84B61-1174-4309-87F0-E795A64158CC} (JNILoader Control) - http://medmeeting01....STJNILoader.cab
O16 - DPF: {CAFECAFE-0013-0001-0014-ABCDEFABCDEF} (JInitiator 1.3.1.14) - http://erpglprod.med...tor/oajinit.exe
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = am.med.ge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = am.med.ge.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = am.med.ge.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\ms20939\Local Settings\Temporary Internet Files\Content.IE5\MR03YXO5\CWShredder214[1].exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINNT\System32\Hummingbird\Connectivity\7.11\Inetd\inetd32.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Unknown owner - C:\WINNT\system32\cba\pds.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\Rtvscan.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\RapApp.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\wltrysvc.exe
  • 0

Advertisements


#2
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
jfish06,

Sorry for the delayed reply, the board has been very busy lately.
If you are still looking to resolve this issue:

Please run through all the steps outlined in this Topic

Post back a new HijackThis log by using "Add Reply" to this thread.

If you have resolved this issue please let us know.

Thanks, and again sorry for the delayed reply,
rstones12
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP