Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie6 Is Broken, Add/remove Programs Has Issues, But Firefox Is Okay


  • This topic is locked This topic is locked
2 replies to this topic

#1 rclowe

rclowe

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 13 November 2006 - 02:49 AM

The homepage loads for IE6 but no other page will.
Add/Remove programs works for most apps, but not for "Weather Center". [Note: when I try to remove this app, Rundll32.exe pins the CPU at 90-100% until I kill it.]
Firefox is fine.
Used Adaware, Spybot, CWShredder, Spyware X-Terminator and even a 30 day trial of Trend Micro's "new" Malware tool. Spybot and Trend found some stuff and removed, but still the same issues.

Any and all assistance much appreciated. Here is the HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:05:07 AM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Columbia University\COLUMBIA_HS\cvpnd.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Mixer.exe
D:\WINDOWS\system32\atiptaxx.exe
D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
D:\Program Files\Lexmark 6200 Series\lxbumon.exe
D:\Program Files\Lexmark 6200 Series\ezprint.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
D:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
D:\WINDOWS\System32\lxbucoms.exe
D:\WINDOWS\system32\taskmgr.exe
D:\PROGRA~1\STOMPS~1\SPYWAR~1\ppmemcheck.exe
D:\PROGRA~1\STOMPS~1\SPYWAR~1\cookiepatrol.exe
D:\PROGRA~1\STOMPS~1\SPYWAR~1\ppcontrol.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\rundll32.exe
D:\Temp\Cullen-SysTools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iKeyWorks] D:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] D:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] D:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] D:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
O4 - HKLM\..\Run: [LXBUCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbumon.exe] "D:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "D:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "D:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [DW4] "D:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Global Startup: VPN,(COLUMBIA UNIVERSITY HEALTH SCIENCES) VPN CLIENT.lnk = C:\Program Files\Columbia University\COLUMBIA_HS\vpngui.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = D:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: D:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wmv: D:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Columbia University\COLUMBIA_HS\cvpnd.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - D:\WINDOWS\System32\ImapiRox.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - D:\WINDOWS\System32\lxbucoms.exe
O23 - Service: Reflection Servers - WRQ, Inc. - D:\Program Files\Reflection\rninetd.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: ZipToA - Iomega Corporation - D:\WINDOWS\System32\ZipToA.exe
everyone has to be somewhere, you might as well be here

BC AdBot (Login to Remove)

 


#2 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 25 November 2006 - 01:20 PM

Hey rclowe

Sorry about the delay - the forums have been swamped with logs recently.

If you still need help please could you post a fresh Hijackthis log.
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#3 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 29 November 2006 - 04:53 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users