Thread: XP freezing /locking up.CPU running at 100%
View Single Post
Old 09-19-2007, 03:07 AM   #1 (permalink)
RedNaPP
Registered User
 
Join Date: Sep 2007
Posts: 4
OS: XP Home


XP freezing /locking up.CPU running at 100%
Hi

Past few weeks I have been suffering from several XP lockups / Freezes.
During the OS freeze ( lasting from 5 - 15 mins) I am unable to do anything....Cntl-Alt-Del just seems to spawn off a new task manager icon in my toolbar but no readings. Every time i do a Cntl-alt-del i get multiple task bar icons appearing in toolbar but with no live data...CPU seems to be at 100 per cent usage but without a working task manager i am unable to pinpoint exact culprit...

The freezing is random and unpredictable.

I have followed the 5 step guide and am attaching my logs for analysis and review. I need to eliminate spyware related issues before I go down the hardware diagnostic route. Recently I also lost connectivity to my DVD drive..not sure if this is related or a genuine hardware failure...

Any advice and guidance will be greatly appreciated.

My system details are as below

Manufacturer MedionPc
Processor Intel Pentium 4 CPU 2.66Ghz
Mainboard Micro-star MS-6701
Memory 2GB DDR SDRAM
Graphics Medion GeForce4-8X Ti 4200
Chipset Silicon Intergrated Systems (SIS) Si648 CPU to PCI Bridge
NIC SiS 900- Based PCI Fast Ethernet Adapter
Operating System MS Windows XP Home 5.01.2600 SP2
CPU temp Avge 42.5 deg C

I use this PC to VPN into work and need to have Norton Antivirus and blackIce installed ( not out of choice ).

BTW....
Step 4 windows update failed on the following item
Security Update for Microsoft .NET Framework, Version 1.0 Service Pack 3 (KB928367)

Here is my Log file....Let me know if i have missed anything...

Deckard's System Scanner v20070905.67
Run by RedNapp on 2007-09-19 09:41:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
50: 2007-09-19 08:41:52 UTC - RP50 - Deckard's System Scanner Restore Point
49: 2007-09-19 08:37:39 UTC - RP49 - Software Distribution Service 3.0
48: 2007-09-18 06:20:37 UTC - RP48 - Software Distribution Service 3.0
47: 2007-09-18 01:22:29 UTC - RP47 - System Checkpoint
46: 2007-09-17 00:28:05 UTC - RP46 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-09-13 14:00:52 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 5.23 GiB (less than 15%) free.


-- HijackThis (run as RedNapp.exe) -------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-19 09:43:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ntl\broadband medic\bin\mad.exe
C:\Program Files\Motive\Common\MotiveDirectory.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\RedNapp\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: bigmaq - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - C:\Program Files\bigmaq\tbbigm.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: bigmaq - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - C:\Program Files\bigmaq\tbbigm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: bigmaq - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - C:\Program Files\bigmaq\tbbigm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [POINTER] "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKEY_LOCAL_MACHINE\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O9 - Extra 'Tools' menuitem: (no name) - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://datacave.co.uk (HKCU)
O15 - Trusted Zone: https://thindesk.jpmorganchase.com (HKCU)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/msaudio.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} () - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1189899775312
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.co...7862.488587963
O17 - HKLM\Software\..\Telephony: DomainName = uk.jpmorgan.com
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = uk.jpmorgan.com
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: SearchList = europe.nortel.com
O17 - HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: Domain = uk.jpmorgan.com
O17 - HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: SearchList = europe.nortel.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = uk.jpmorgan.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: SearchList = europe.nortel.com
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: ServiceLayer - Nokia. - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"


-- HijackThis Fixed Entries (C:\DOWNLO~1\Spyware\backups\) ---------------------

backup-20070916-151907-203 O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
backup-20070916-151907-231 O2 - BHO: (no name) - {3A9821B3-47BF-474D-9B8B-C2C0845E9AC9} - (no file)
backup-20070916-151907-286 O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
backup-20070916-151907-373 O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
backup-20070916-151907-378 O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
backup-20070916-151907-451 O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
backup-20070916-151907-492 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070916-151907-525 O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
backup-20070916-151907-572 O2 - BHO: (no name) - {64B94229-7967-860A-A0C2-034C02BA876B} - (no file)
backup-20070916-151907-609 O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
backup-20070916-151907-623 O2 - BHO: (no name) - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - (no file)
backup-20070916-151907-721 O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
backup-20070916-151907-767 O2 - BHO: (no name) - {7B1ADBDD-4014-4E97-6520-4D71B37294CA} - (no file)
backup-20070916-151907-828 O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
backup-20070916-151907-835 O2 - BHO: (no name) - {632AB9DB-EE1E-43B0-AA06-4DD209EE33BF} - (no file)
backup-20070916-151907-894 O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
backup-20070916-151907-900 O2 - BHO: (no name) - {46C1B65E-48C9-4C87-B0CD-57EFB8ABF0D4} - (no file)
backup-20070916-151907-949 O2 - BHO: (no name) - {DAFDE950-B2B0-4266-B2D7-F02D9103CA8C} - (no file)
backup-20070916-151907-958 O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
backup-20070916-151907-980 O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
backup-20070916-151907-983 O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - (no file)
backup-20070916-151908-115 O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe (file missing)
backup-20070916-151908-183 O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20070916-151908-190 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20070916-151908-247 O20 - Winlogon Notify: mllmk - C:\WINDOWS\system32\mllmk.dll (file missing)
backup-20070916-151908-277 O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20070916-151908-604 O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20070916-151908-987 O11 - Options group: [INTERNATIONAL] International*
backup-20070916-152447-104 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070916-152447-502 O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
backup-20070916-152447-608 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20070916-152447-897 O20 - Winlogon Notify: rqrsstr - C:\WINDOWS\
backup-20070916-152447-945 O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20070916-152510-408 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
backup-20070916-152510-605 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20070916-152510-675 O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20070916-152510-874 O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R2 DLPortIO (DriverLINX Port I/O Driver) - c:\windows\system32\drivers\dlportio.sys
R3 Eacfilt (Eacfilt Miniport) - c:\windows\system32\drivers\eacfilt.sys <Not Verified; Nortel Networks; Filter Driver for CVC>
R3 IPSECSHM (Nortel IPSECSHM Adapter) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks; Contivity VPN Client>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R4 black (BlackICE driver, version 1.0, by Internet Security Systems, Inc.) - c:\windows\system32\drivers\blackdrv.sys <Not Verified; Internet Security Systems, Inc.; ICEpac>

S2 IPSECEXT (Nortel Extranet Access Protocol) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks; Contivity VPN Client>
S2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing)
S3 IIUSBISP (USB Mass Storage for USB ISP) - c:\windows\system32\drivers\iiusbisp.sys (file missing)
S3 INFUSB - c:\windows\system32\drivers\infusb.sys <Not Verified; WB Electronic; Infinity USB driver>
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 MXBULK (DualCam Still, MXBulk3.Sys) - c:\windows\system32\drivers\mxbulk3.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 MXCap (DSC-06 Video Camera) - c:\windows\system32\drivers\mxcap3.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 UWProSys (Process monitor.) - c:\program files\cyberdefender\antispyware\uwprosys.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlackICE - c:\program files\network ice\blackice\blackd.exe <Not Verified; Internet Security Systems, Inc.; Network ICE Corporation blackd>

S3 SandraDataSrv (SiSoftware Database Agent Service) - c:\program files\sisoftware\sisoftware sandra professional home xi.sp1\win32\rpcdatasrv.exe <Not Verified; SiSoftware; SiSoftware Sandra XI.SP1>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 FreePOPs - c:\program files\freepops\freepopsservice.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2007-09-19 09:37:00 278 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-09-18 07:00:00 294 --ah---c- C:\WINDOWS\Tasks\A7AEEB3B91859B2B.job
2007-09-14 20:00:10 550 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - RedNapp.job


-- Files created between 2007-08-19 and 2007-09-19 -----------------------------

2007-09-19 09:34:18 0 d-------- C:\ie-spyad_zo
2007-09-19 09:19:37 0 d-------- C:\Program Files\SpywareBlaster
2007-09-17 23:00:17 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-09-16 22:35:08 51733 --a------ C:\WINDOWS\system32\plugin1.dat
2007-09-16 20:23:11 0 d-------- C:\Program Files\Windows Installer Clean Up
2007-09-16 20:22:23 0 d-------- C:\Program Files\MSECACHE
2007-09-16 17:29:20 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-09-16 17:28:56 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-09-16 16:21:52 0 d-------- C:\Documents and Settings\RedNapp\Application Data\Lavasoft
2007-09-16 15:54:13 0 d-------- C:\Program Files\Lavasoft
2007-09-16 15:53:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-16 15:53:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-16 15:31:33 0 d-------- C:\Documents and Settings\RedNapp\Application Data\U3
2007-09-15 00:16:13 0 dr-h----- C:\Documents and Settings\RedNapp\Recent
2007-09-15 00:04:13 0 d-------- C:\Program Files\Modshack
2007-09-13 23:30:53 0 d-------- C:\Program Files\Norton AntiVirus
2007-09-13 23:29:23 0 d-------- C:\Program Files\Symantec
2007-09-13 23:29:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-13 23:28:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-13 16:15:17 0 d-------- C:\Documents and Settings\Elisha Neha Kambo\Application Data\Webroot
2007-09-13 16:11:12 0 d-------- C:\Documents and Settings\Ekisha Maya Kambo\Application Data\Google
2007-09-13 16:10:49 0 d-------- C:\Documents and Settings\Ekisha Maya Kambo\Application Data\Webroot
2007-09-13 14:50:40 0 d-------- C:\WINDOWS\Prefetch
2007-09-13 14:42:29 0 d-------- C:\Program Files\msn gaming zone
2007-09-13 14:39:57 0 d-------- C:\Program Files\Online Services
2007-09-13 00:00:36 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-09-13 00:00:35 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-09-13 00:00:35 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-09-13 00:00:35 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-11 07:04:11 2380 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-10 23:30:32 214 --a------ C:\WINDOWS\system32\drivers\pxfsf.dat
2007-09-09 23:11:59 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-09-09 22:59:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-09 22:58:28 76307 --a------ C:\Program Files\setup.exe
2007-09-09 22:57:53 21504 --a------ C:\WINDOWS\eventlowg.dll
2007-09-09 22:57:53 23552 --a------ C:\WINDOWS\daxtime.dll
2007-09-09 22:57:52 16384 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2007-09-09 22:57:52 15616 --a------ C:\WINDOWS\liqui.exe
2007-09-09 22:57:52 19712 --a------ C:\WINDOWS\liqui.dll
2007-09-09 22:57:52 17408 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2007-09-09 22:57:52 27648 --a------ C:\WINDOWS\fhfmm.exe
2007-09-09 22:57:51 20224 --a------ C:\WINDOWS\xadbrk_.exe
2007-09-09 22:57:51 20992 --a------ C:\WINDOWS\xadbrk.exe
2007-09-09 22:57:51 8960 --a------ C:\WINDOWS\xadbrk.dll
2007-09-09 22:57:51 25600 --a------ C:\WINDOWS\kkcomp.exe
2007-09-09 22:57:51 9728 --a------ C:\WINDOWS\kkcomp.dll
2007-09-09 22:57:51 14080 --a------ C:\WINDOWS\kkcomp$.exe
2007-09-09 22:57:50 11264 --a------ C:\WINDOWS\liqad.exe
2007-09-09 22:57:50 14336 --a------ C:\WINDOWS\liqad.dll
2007-09-09 22:57:50 22016 --a------ C:\WINDOWS\liqad$.exe
2007-09-09 22:57:49 23040 --a------ C:\WINDOWS\cbinst$.exe
2007-09-09 22:57:47 29696 --a------ C:\WINDOWS\adbar.dll
2007-09-09 22:57:46 19200 --a------ C:\WINDOWS\jd2002.dll
2007-09-09 22:57:45 19200 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2007-09-09 22:57:45 18432 --a------ C:\WINDOWS\spredirect.dll
2007-09-09 22:57:42 22016 --a------ C:\WINDOWS\ie_32.exe
2007-09-09 22:57:41 15872 --a------ C:\WINDOWS\xxxvideo.exe
2007-09-09 22:57:41 0 d-------- C:\WINDOWS\system32\acespy
2007-09-09 22:57:40 23296 --a------ C:\WINDOWS\ngd.dll
2007-09-09 22:57:40 15872 --a------ C:\WINDOWS\hotporn.exe
2007-09-09 22:57:40 23040 --a------ C:\WINDOWS\dp0.dll
2007-09-09 22:57:38 30720 --a------ C:\WINDOWS\vxddsk.exe
2007-09-09 22:57:37 8448 --a------ C:\WINDOWS\wml.exe
2007-09-09 22:57:36 25088 --a------ C:\WINDOWS\764.exe
2007-09-09 22:56:04 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-09-09 22:54:42 0 d-------- C:\WINDOWS\system32\okqipwgf
2007-09-09 22:54:36 0 d-------- C:\Program Files\?dobe
2007-09-09 20:54:13 44054 --a------ C:\WINDOWS\system32\gebxyab.dll
2007-09-09 20:41:48 44054 --a------ C:\WINDOWS\system32\jkkhebx.dll
2007-09-09 20:39:17 44054 --a------ C:\WINDOWS\system32\pmnllmj.dll
2007-09-09 20:38:34 44054 --a------ C:\WINDOWS\system32\efcddcc.dll
2007-09-09 17:16:45 91456 --a------ C:\Documents and Settings\RedNapp\Application Data\GDIPFONTCACHEV1.DAT
2007-09-09 17:04:49 0 d-------- C:\Program Files\Smart Projects


-- Find3M Report ---------------------------------------------------------------

2007-09-19 09:21:33 0 d-------- C:\Program Files\RemoteConnect
2007-09-19 09:21:32 0 d-------- C:\Program Files\SecurID Software Token
2007-09-18 00:21:47 0 d-------- C:\Program Files\Windows Live Toolbar
2007-09-18 00:21:37 0 d-------- C:\Program Files\Windows Live Favorites
2007-09-18 00:05:22 0 d-------- C:\Program Files\Google
2007-09-18 00:01:19 0 d-------- C:\Program Files\bigmaq
2007-09-17 00:30:49 0 d-------- C:\Program Files\SecCenter
2007-09-16 15:53:42 0 d-a------ C:\Program Files\Common Files
2007-09-13 14:39:14 23680 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2007-09-13 12:31:43 0 d-------- C:\Program Files\SiSLan
2007-09-10 23:45:03 0 d-------- C:\Documents and Settings\RedNapp\Application Data\Registry Booster
2007-09-10 20:21:15 0 d-------- C:\Program Files\Ptjoeaxg
2007-09-10 20:21:14 0 d-------- C:\Program Files\?dobe
2007-09-09 20:38:38 0 d-------- C:\Program Files\FreePOPs
2007-09-09 16:15:43 0 d-------- C:\Program Files\Yahoo!
2007-08-01 15:02:32 0 d-------- C:\Program Files\JPMR
2007-07-26 16:37:24 0 d-------- C:\Program Files\Nortel Networks
2007-07-26 10:47:23 0 d-------- C:\Documents and Settings\RedNapp\Application Data\Nokia
2007-07-25 23:57:27 0 d-------- C:\Documents and Settings\RedNapp\Application Data\AdobeUM
2007-07-25 23:52:20 0 d-------- C:\Documents and Settings\RedNapp\Application Data\Adobe
2007-07-25 17:11:58 0 d-------- C:\Program Files\Java
2007-07-23 22:26:46 0 d-------- C:\Program Files\Plus!


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [27/08/2004 10:01]
"POINTER"="C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [23/08/2001 18:37]
"NvCplDaemon"="RUNDLL32.exe" [04/08/2004 06:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [30/07/2002 14:50 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [15/08/2002 11:46 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/09/2006 04:04]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [05/09/2006 22:22]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/09/2007 16:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [28/07/2007 18:53]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
broadband medic.lnk - C:\Program Files\ntl\broadband medic\bin\matcli.exe [11/10/2005 18:15:29]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [14/03/2007 12:02:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\mlljk

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c318e20-6461-11dc-8cc3-444553544200}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7efff2aa-b231-11db-8ba4-444553544200}]
AutoRun\command- G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]
C:\WINDOWS\system32\winupdate.exe s



-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost


-- End of Deckard's System Scanner: finished at 2007-09-19 09:46:35 ------------
Attached Files
File Type: txt extra.txt (31.6 KB, 1 views)
File Type: txt Activescan.txt (14.7 KB, 2 views)
File Type: txt hijackthis.txt (9.8 KB, 0 views)
RedNaPP is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here