Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services at 50%, IE locks Help a newbie HJ user!


  • This topic is locked This topic is locked
2 replies to this topic

#1 secbill

secbill

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 22 July 2009 - 10:57 PM

We have an XP box that recently started to lock up in IE (8) when going to https sites, or so it seems. I ran malwarebytes and it found 100 plus items and removed them, I have run again and AVG 8.5 Free and nothing is found. Services will go to 50% of the CPU and stay there, rebooting will come up to the same. In desperation I ran a Windows XP repair, and reinstalled IE8. Today they went into a site they have used for years and same thing, locked up, services went to 50% IE 39% they had to reboot. I have thought of reformatting but do not have some of the software they use nor licenses. Here is their DDS.txt and the attach.zip as an attachment.


DDS (Ver_09-06-26.01) - NTFSx86
Run by cpayne at 23:51:52.17 on Wed 07/22/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.199 [GMT -4:00]

AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ORL\VNC\WinVNC.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Olympus\DSSPlayer2002\DirectrecConfig.exe
C:\ftp\FTPServer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\cpayne\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: PrintMe: {97387e2b-b2fa-4e4a-a607-f3b5c134f71c} - c:\program files\efi\printmetoolbar\htpmcap.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: PrintMe: {97387e2b-b2fa-4e4a-a607-f3b5c134f71c} - c:\program files\efi\printmetoolbar\htpmcap.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WinVNC] "c:\program files\orl\vnc\WinVNC.exe" -servicehelper
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\cpayne\startm~1\programs\startup\quick'~1.lnk - c:\ftp\FTPServer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\direct~1.lnk - c:\program files\olympus\dssplayer2002\DirectrecConfig.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: navicure.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174322895484
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://eastflorida.clio.medcity.net/dana-cached/setup/JuniperSetupSP1.cab
TCP: {8FA684AB-DF81-4F15-9F49-A44EC8C325CE} = 172.16.4.10
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cpayne\applic~1\mozilla\firefox\profiles\kj9668gt.default\
FF - prefs.js: browser.startup.homepage - hxxp://msn.com/
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-10-30 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-30 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-30 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-30 108552]
R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys [2008-11-21 64480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-8 298776]
R3 Winacusb;Winacusb;c:\windows\system32\drivers\winacusb.sys [2008-7-31 794402]
S1 c454da3054f4292;c454da3054f4292;c:\windows\system32\drivers\c454da3054f4292.sys --> c:\windows\system32\drivers\c454da3054f4292.sys [?]
S1 f78c47e5f78cb552;f78c47e5f78cb552;c:\windows\system32\drivers\f78c47e5f78cb552.sys [2004-8-4 81920]
S1 NEOFLTR_600_12875;Juniper Networks TDI Filter Driver (NEOFLTR_600_12875);c:\windows\system32\drivers\NEOFLTR_600_12875.sys [2008-3-14 64160]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-28 40160]

=============== Created Last 30 ================

2009-07-21 22:05 3,249 a------- c:\windows\system32\wbem\Outlook_01ca0a70f3f71169.mof
2009-07-21 21:59 <DIR> --dsh--- c:\documents and settings\cpayne\PrivacIE
2009-07-21 21:59 <DIR> --dsh--- c:\documents and settings\cpayne\IECompatCache
2009-07-21 21:55 <DIR> --dsh--- c:\documents and settings\cpayne\IETldCache
2009-07-21 21:32 <DIR> -cd-h--- c:\windows\ie8
2009-07-21 15:36 <DIR> --d----- c:\program files\Trend Micro
2009-07-21 14:54 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-07-21 14:53 2,020,864 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-21 14:53 2,062,976 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-21 14:39 <DIR> --d----- C:\scans
2009-07-21 14:39 <DIR> --d----- C:\ftp
2009-07-21 14:26 61,440 ac------ c:\windows\system32\dllcache\acerscad.dll
2009-07-21 14:25 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-07-21 13:26 135,168 a------- c:\windows\system32\igfxres.dll
2009-07-21 12:42 <DIR> --d----- C:\DRConfig
2009-07-21 12:05 36,927 ac------ c:\windows\system32\dllcache\padrs411.dll
2009-07-21 12:04 13,463,552 ac------ c:\windows\system32\dllcache\hwxjpn.dll
2009-07-21 12:03 369,664 ac------ c:\windows\system32\dllcache\asp51.dll
2009-07-21 12:02 2,186,112 ac------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-21 12:00 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-07-21 12:00 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-07-21 12:00 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-07-21 12:00 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-07-21 12:00 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-07-21 12:00 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-07-21 12:00 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-07-21 11:45 1,086,058 a----r-- c:\windows\SETA7.tmp
2009-07-21 11:45 1,042,903 a----r-- c:\windows\SETA4.tmp
2009-07-21 07:33 1,063,428,096 a------- c:\windows\MEMORY.DMP
2009-07-21 07:33 <DIR> --d----- c:\windows\dell
2009-07-17 15:50 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-17 15:05 1,374 a------- c:\windows\imsins.BAK
2009-07-16 17:52 4,827 a------- c:\windows\setupapi.old
2009-07-16 17:29 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-07-16 14:52 <DIR> --d----- C:\ProcessExplorer
2009-07-14 23:16 <DIR> --d----- c:\program files\UPHClean
2009-07-13 07:52 20 a--sh--- C:\ntuser.ini
2009-07-08 13:23 199,784 a------- c:\docume~1\cpayne\applic~1\JuniperSetup.exe
2009-07-08 13:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Juniper Networks
2009-07-08 13:23 45,132 -------- c:\docume~1\cpayne\applic~1\JuniperExtXP.exe

==================== Find3M ====================

2009-07-22 07:49 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-21 11:58 23,428 ac------ c:\windows\system32\emptyregdb.dat
2009-07-07 09:44 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-04-30 09:15 11,952 a------- c:\windows\system32\avgrsstx.dll

============= FINISH: 23:52:10.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 secbill

secbill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 23 July 2009 - 09:16 AM

Disregard this post, I have decided to reformat and start fresh.

Thank you.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,719 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:03 PM

Posted 24 July 2009 - 07:28 PM

Hello

Thank you for letting us know. Since you have decided to reformat, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users