Jump to content

Recommended Posts

dds.txtattach.txt Sometimes I can stay connected to the Internet for a few hours. Most times it is only minutes. This morning I got on the Internet okay but as soon as I opened email, it crashed. However, most times I can get email but not the net. At times while on email only, it will stay connected for a few minutes then lose it but then sometimes it comes back if I leave it alone. That has not happened in the Internet. I use Firefox running Windows XP media edition. When I ran malwarebytes it did find 2 problems in the resistry which were then deleted. It worked for only a few days.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by HP_Administrator at 13:06:20 on 2012-02-25

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1102 [GMT -5:00]

.

AV: AVG Premium Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Enabled*

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Dyyno\Dyyno Broadcaster\launcherd.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\ARPWRMSG.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe

svchost.exe

C:\Program Files\Belkin Bulldog Plus\MUPS.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Belkin Bulldog Plus\upsd.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\IncrediMail\Bin\ImApp.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Saginaw&state=MI&site=DTX&textField1=43.4196&textField2=-83.9495&e=1

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uInternet Settings,ProxyServer = http=localhost:1032

uInternet Settings,ProxyOverride = <local>;;cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapsody_app*.listen.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

mURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll

BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Dyyno Launcher] "c:\program files\dyyno\dyyno broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104

mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"

mRun: [CTSysVol] c:\program files\creative\sbaudigy4\surround mixer\CTSysVol.exe /r

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTDVDDET] "c:\program files\creative\sbaudigy4\dvdaudio\CTDVDDET.EXE"

mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [<NO NAME>]

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mups.lnk - c:\program files\belkin bulldog plus\MUPS.exe

IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

Trusted Zone: trymedia.com

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204138278984

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{61802495-2648-4B1E-AD19-3EE9D0207DAF} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\729g9uz9.default\

FF - prefs.js: browser.startup.homepage - hxxp://forecast.weather.gov/MapClick.php?CityName=Saginaw&state=MI&site=DTX&textField1=43.4196&textField2=-83.9495&e=1

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bff3ddb70-aa05-4c77-8032-73fd304be02d%7D&mid=23f7e2019b502b57f8f57c7682fe837d-7bdd1ff84fa76c86f99b7fa8938d1f362aac76c5&ds=AVG&v=10.0.0.7〈=en&pr=pr&d=2012-02-23%2016%3A43%3A36&sap=ku&q=

FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\729g9uz9.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\729g9uz9.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\RadioWMPCore.dll

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 Dyyno Launcher;Dyyno Service;c:\program files\dyyno\dyyno broadcaster\launcherd.exe [2011-1-20 415072]

R2 Freemake Improver;Freemake Improver;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2011-12-9 74752]

R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2011-12-9 8704]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-10 652360]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-2-23 909152]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-10 20464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 135664]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

S3 CXPLRCAP;Capture Device;c:\windows\system32\drivers\CxPlrCap.sys [2011-8-9 187776]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 135664]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-02-23 21:44:22 -------- d-----w- c:\documents and settings\hp_administrator\application data\AVG2012

2012-02-23 21:43:37 -------- d-----w- c:\documents and settings\hp_administrator\application data\AVG Secure Search

2012-02-23 21:43:37 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search

2012-02-23 21:43:34 -------- d-----w- c:\program files\common files\AVG Secure Search

2012-02-23 21:43:32 -------- d-----w- c:\program files\AVG Secure Search

2012-02-23 21:42:51 -------- d-----w- c:\windows\system32\drivers\AVG

2012-02-23 21:42:51 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2012-02-22 21:06:17 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-02-22 21:06:17 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-16 01:21:21 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-16 01:21:21 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-02-15 17:31:47 -------- d-----w- c:\program files\AVAST Software

2012-02-15 17:31:47 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-02-10 21:07:50 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes

2012-02-10 21:07:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-10 21:07:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-10 21:07:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-01-27 19:28:22 -------- d-----w- c:\program files\HOJY TECH

.

==================== Find3M ====================

.

2012-02-23 01:30:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-02-23 01:30:10 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys

2012-01-12 00:19:16 4448256 ----a-w- c:\windows\system32\GPhotos.scr

2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec

2011-12-02 17:33:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

1999-10-05 06:20:06 868160 ----a-w- c:\program files\BKUPLITE.EXE

.

============= FINISH: 13:08:53.89 ===============

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.