RedNaPP

Hi

Past few weeks I have been suffering from several XP lockups / Freezes.
During the OS freeze ( lasting from 5 - 15 mins) I am unable to do anything....Cntl-Alt-Del just seems to spawn off a new task manager icon in my toolbar but no readings. Every time i do a Cntl-alt-del i get multiple task bar icons appearing in toolbar but with no live data...CPU seems to be at 100 per cent usage but without a working task manager i am unable to pinpoint exact culprit...

The freezing is random and unpredictable.

I have followed the 5 step guide and am attaching my logs for analysis and review. I need to eliminate spyware related issues before I go down the hardware diagnostic route. Recently I also lost connectivity to my DVD drive..not sure if this is related or a genuine hardware failure...

Any advice and guidance will be greatly appreciated.

My system details are as below

Manufacturer MedionPc
Processor Intel Pentium 4 CPU 2.66Ghz
Mainboard Micro-star MS-6701
Memory 2GB DDR SDRAM
Graphics Medion GeForce4-8X Ti 4200
Chipset Silicon Intergrated Systems (SIS) Si648 CPU to PCI Bridge
NIC SiS 900- Based PCI Fast Ethernet Adapter
Operating System MS Windows XP Home 5.01.2600 SP2
CPU temp Avge 42.5 deg C

I use this PC to VPN into work and need to have Norton Antivirus and blackIce installed ( not out of choice ).

BTW....
Step 4 windows update failed on the following item
Security Update for Microsoft .NET Framework, Version 1.0 Service Pack 3 (KB928367)

Here is my Log file....Let me know if i have missed anything...

Deckard's System Scanner v20070905.67
Run by RedNapp on 2007-09-19 09:41:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
50: 2007-09-19 08:41:52 UTC - RP50 - Deckard's System Scanner Restore Point
49: 2007-09-19 08:37:39 UTC - RP49 - Software Distribution Service 3.0
48: 2007-09-18 06:20:37 UTC - RP48 - Software Distribution Service 3.0
47: 2007-09-18 01:22:29 UTC - RP47 - System Checkpoint
46: 2007-09-17 00:28:05 UTC - RP46 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-09-13 14:00:52 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 5.23 GiB (less than 15%) free.


-- HijackThis (run as RedNapp.exe) -------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-19 09:43:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ntl\broadband medic\bin\mad.exe
C:\Program Files\Motive\Common\MotiveDirectory.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\RedNapp\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: bigmaq - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - C:\Program Files\bigmaq\tbbigm.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: bigmaq - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - C:\Program Files\bigmaq\tbbigm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: bigmaq - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - C:\Program Files\bigmaq\tbbigm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [POINTER] "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKEY_LOCAL_MACHINE\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O9 - Extra 'Tools' menuitem: (no name) - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://datacave.co.uk (HKCU)
O15 - Trusted Zone: https://thindesk.jpmorganchase.com (HKCU)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/msaudio.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} () - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...?1189899775312
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.co...7862.488587963
O17 - HKLM\Software\..\Telephony: DomainName = uk.jpmorgan.com
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = uk.jpmorgan.com
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: SearchList = europe.nortel.com
O17 - HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: Domain = uk.jpmorgan.com
O17 - HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: SearchList = europe.nortel.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = uk.jpmorgan.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: SearchList = europe.nortel.com
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: ServiceLayer - Nokia. - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"


-- HijackThis Fixed Entries (C:\DOWNLO~1\Spyware\backups\) ---------------------

backup-20070916-151907-203 O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
backup-20070916-151907-231 O2 - BHO: (no name) - {3A9821B3-47BF-474D-9B8B-C2C0845E9AC9} - (no file)
backup-20070916-151907-286 O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
backup-20070916-151907-373 O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
backup-20070916-151907-378 O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
backup-20070916-151907-451 O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
backup-20070916-151907-492 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070916-151907-525 O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
backup-20070916-151907-572 O2 - BHO: (no name) - {64B94229-7967-860A-A0C2-034C02BA876B} - (no file)
backup-20070916-151907-609 O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
backup-20070916-151907-623 O2 - BHO: (no name) - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - (no file)
backup-20070916-151907-721 O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
backup-20070916-151907-767 O2 - BHO: (no name) - {7B1ADBDD-4014-4E97-6520-4D71B37294CA} - (no file)
backup-20070916-151907-828 O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
backup-20070916-151907-835 O2 - BHO: (no name) - {632AB9DB-EE1E-43B0-AA06-4DD209EE33BF} - (no file)
backup-20070916-151907-894 O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
backup-20070916-151907-900 O2 - BHO: (no name) - {46C1B65E-48C9-4C87-B0CD-57EFB8ABF0D4} - (no file)
backup-20070916-151907-949 O2 - BHO: (no name) - {DAFDE950-B2B0-4266-B2D7-F02D9103CA8C} - (no file)
backup-20070916-151907-958 O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
backup-20070916-151907-980 O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
backup-20070916-151907-983 O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - (no file)
backup-20070916-151908-115 O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe (file missing)
backup-20070916-151908-183 O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20070916-151908-190 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20070916-151908-247 O20 - Winlogon Notify: mllmk - C:\WINDOWS\system32\mllmk.dll (file missing)
backup-20070916-151908-277 O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20070916-151908-604 O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20070916-151908-987 O11 - Options group: [INTERNATIONAL] International*
backup-20070916-152447-104 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070916-152447-502 O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
backup-20070916-152447-608 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20070916-152447-897 O20 - Winlogon Notify: rqrsstr - C:\WINDOWS\
backup-20070916-152447-945 O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20070916-152510-408 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
backup-20070916-152510-605 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20070916-152510-675 O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
backup-20070916-152510-874 O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R2 DLPortIO (DriverLINX Port I/O Driver) - c:\windows\system32\drivers\dlportio.sys
R3 Eacfilt (Eacfilt Miniport) - c:\windows\system32\drivers\eacfilt.sys <Not Verified; Nortel Networks; Filter Driver for CVC>
R3 IPSECSHM (Nortel IPSECSHM Adapter) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks; Contivity VPN Client>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R4 black (BlackICE driver, version 1.0, by Internet Security Systems, Inc.) - c:\windows\system32\drivers\blackdrv.sys <Not Verified; Internet Security Systems, Inc.; ICEpac>

S2 IPSECEXT (Nortel Extranet Access Protocol) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks; Contivity VPN Client>
S2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing)
S3 IIUSBISP (USB Mass Storage for USB ISP) - c:\windows\system32\drivers\iiusbisp.sys (file missing)
S3 INFUSB - c:\windows\system32\drivers\infusb.sys <Not Verified; WB Electronic; Infinity USB driver>
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 MXBULK (DualCam Still, MXBulk3.Sys) - c:\windows\system32\drivers\mxbulk3.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 MXCap (DSC-06 Video Camera) - c:\windows\system32\drivers\mxcap3.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 UWProSys (Process monitor.) - c:\program files\cyberdefender\antispyware\uwprosys.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlackICE - c:\program files\network ice\blackice\blackd.exe <Not Verified; Internet Security Systems, Inc.; Network ICE Corporation blackd>

S3 SandraDataSrv (SiSoftware Database Agent Service) - c:\program files\sisoftware\sisoftware sandra professional home xi.sp1\win32\rpcdatasrv.exe <Not Verified; SiSoftware; SiSoftware Sandra XI.SP1>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 FreePOPs - c:\program files\freepops\freepopsservice.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2007-09-19 09:37:00 278 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-09-18 07:00:00 294 --ah---c- C:\WINDOWS\Tasks\A7AEEB3B91859B2B.job
2007-09-14 20:00:10 550 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - RedNapp.job


-- Files created between 2007-08-19 and 2007-09-19 -----------------------------

2007-09-19 09:34:18 0 d-------- C:\ie-spyad_zo
2007-09-19 09:19:37 0 d-------- C:\Program Files\SpywareBlaster
2007-09-17 23:00:17 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-09-16 22:35:08 51733 --a------ C:\WINDOWS\system32\plugin1.dat
2007-09-16 20:23:11 0 d-------- C:\Program Files\Windows Installer Clean Up
2007-09-16 20:22:23 0 d-------- C:\Program Files\MSECACHE
2007-09-16 17:29:20 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-09-16 17:28:56 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-09-16 16:21:52 0 d-------- C:\Documents and Settings\RedNapp\Application Data\Lavasoft
2007-09-16 15:54:13 0 d-------- C:\Program Files\Lavasoft
2007-09-16 15:53:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-16 15:53:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-16 15:31:33 0 d-------- C:\Documents and Settings\RedNapp\Application Data\U3
2007-09-15 00:16:13 0 dr-h----- C:\Documents and Settings\RedNapp\Recent
2007-09-15 00:04:13 0 d-------- C:\Program Files\Modshack
2007-09-13 23:30:53 0 d-------- C:\Program Files\Norton AntiVirus
2007-09-13 23:29:23 0 d-------- C:\Program Files\Symantec
2007-09-13 23:29:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-13 23:28:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-13 16:15:17 0 d-------- C:\Documents and Settings\Elisha Neha Kambo\Application Data\Webroot
2007-09-13 16:11:12 0 d-------- C:\Documents and Settings\Ekisha Maya Kambo\Application Data\Google
2007-09-13 16:10:49 0 d-------- C:\Documents and Settings\Ekisha Maya Kambo\Application Data\Webroot
2007-09-13 14:50:40 0 d-------- C:\WINDOWS\Prefetch
2007-09-13 14:42:29 0 d-------- C:\Program Files\msn gaming zone
2007-09-13 14:39:57 0 d-------- C:\Program Files\Online Services
2007-09-13 00:00:36 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-09-13 00:00:35 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-09-13 00:00:35 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-09-13 00:00:35 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-11 07:04:11 2380 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-10 23:30:32 214 --a------ C:\WINDOWS\system32\drivers\pxfsf.dat
2007-09-09 23:11:59 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-09-09 22:59:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-09 22:58:28 76307 --a------ C:\Program Files\setup.exe
2007-09-09 22:57:53 21504 --a------ C:\WINDOWS\eventlowg.dll
2007-09-09 22:57:53 23552 --a------ C:\WINDOWS\daxtime.dll
2007-09-09 22:57:52 16384 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2007-09-09 22:57:52 15616 --a------ C:\WINDOWS\liqui.exe
2007-09-09 22:57:52 19712 --a------ C:\WINDOWS\liqui.dll
2007-09-09 22:57:52 17408 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2007-09-09 22:57:52 27648 --a------ C:\WINDOWS\fhfmm.exe
2007-09-09 22:57:51 20224 --a------ C:\WINDOWS\xadbrk_.exe
2007-09-09 22:57:51 20992 --a------ C:\WINDOWS\xadbrk.exe
2007-09-09 22:57:51 8960 --a------ C:\WINDOWS\xadbrk.dll
2007-09-09 22:57:51 25600 --a------ C:\WINDOWS\kkcomp.exe
2007-09-09 22:57:51 9728 --a------ C:\WINDOWS\kkcomp.dll
2007-09-09 22:57:51 14080 --a------ C:\WINDOWS\kkcomp$.exe
2007-09-09 22:57:50 11264 --a------ C:\WINDOWS\liqad.exe
2007-09-09 22:57:50 14336 --a------ C:\WINDOWS\liqad.dll
2007-09-09 22:57:50 22016 --a------ C:\WINDOWS\liqad$.exe
2007-09-09 22:57:49 23040 --a------ C:\WINDOWS\cbinst$.exe
2007-09-09 22:57:47 29696 --a------ C:\WINDOWS\adbar.dll
2007-09-09 22:57:46 19200 --a------ C:\WINDOWS\jd2002.dll
2007-09-09 22:57:45 19200 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2007-09-09 22:57:45 18432 --a------ C:\WINDOWS\spredirect.dll
2007-09-09 22:57:42 22016 --a------ C:\WINDOWS\ie_32.exe
2007-09-09 22:57:41 15872 --a------ C:\WINDOWS\xxxvideo.exe
2007-09-09 22:57:41 0 d-------- C:\WINDOWS\system32\acespy
2007-09-09 22:57:40 23296 --a------ C:\WINDOWS\ngd.dll
2007-09-09 22:57:40 15872 --a------ C:\WINDOWS\hotporn.exe
2007-09-09 22:57:40 23040 --a------ C:\WINDOWS\dp0.dll
2007-09-09 22:57:38 30720 --a------ C:\WINDOWS\vxddsk.exe
2007-09-09 22:57:37 8448 --a------ C:\WINDOWS\wml.exe
2007-09-09 22:57:36 25088 --a------ C:\WINDOWS\764.exe
2007-09-09 22:56:04 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-09-09 22:54:42 0 d-------- C:\WINDOWS\system32\okqipwgf
2007-09-09 22:54:36 0 d-------- C:\Program Files\?dobe
2007-09-09 20:54:13 44054 --a------ C:\WINDOWS\system32\gebxyab.dll
2007-09-09 20:41:48 44054 --a------ C:\WINDOWS\system32\jkkhebx.dll
2007-09-09 20:39:17 44054 --a------ C:\WINDOWS\system32\pmnllmj.dll
2007-09-09 20:38:34 44054 --a------ C:\WINDOWS\system32\efcddcc.dll
2007-09-09 17:16:45 91456 --a------ C:\Documents and Settings\RedNapp\Application Data\GDIPFONTCACHEV1.DAT
2007-09-09 17:04:49 0 d-------- C:\Program Files\Smart Projects


-- Find3M Report ---------------------------------------------------------------

2007-09-19 09:21:33 0 d-------- C:\Program Files\RemoteConnect
2007-09-19 09:21:32 0 d-------- C:\Program Files\SecurID Software Token
2007-09-18 00:21:47 0 d-------- C:\Program Files\Windows Live Toolbar
2007-09-18 00:21:37 0 d-------- C:\Program Files\Windows Live Favorites
2007-09-18 00:05:22 0 d-------- C:\Program Files\Google
2007-09-18 00:01:19 0 d-------- C:\Program Files\bigmaq
2007-09-17 00:30:49 0 d-------- C:\Program Files\SecCenter
2007-09-16 15:53:42 0 d-a------ C:\Program Files\Common Files
2007-09-13 14:39:14 23680 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2007-09-13 12:31:43 0 d-------- C:\Program Files\SiSLan
2007-09-10 23:45:03 0 d-------- C:\Documents and Settings\RedNapp\Application Data\Registry Booster
2007-09-10 20:21:15 0 d-------- C:\Program Files\Ptjoeaxg
2007-09-10 20:21:14 0 d-------- C:\Program Files\?dobe
2007-09-09 20:38:38 0 d-------- C:\Program Files\FreePOPs
2007-09-09 16:15:43 0 d-------- C:\Program Files\Yahoo!
2007-08-01 15:02:32 0 d-------- C:\Program Files\JPMR
2007-07-26 16:37:24 0 d-------- C:\Program Files\Nortel Networks
2007-07-26 10:47:23 0 d-------- C:\Documents and Settings\RedNapp\Application Data\Nokia
2007-07-25 23:57:27 0 d-------- C:\Documents and Settings\RedNapp\Application Data\AdobeUM
2007-07-25 23:52:20 0 d-------- C:\Documents and Settings\RedNapp\Application Data\Adobe
2007-07-25 17:11:58 0 d-------- C:\Program Files\Java
2007-07-23 22:26:46 0 d-------- C:\Program Files\Plus!


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [27/08/2004 10:01]
"POINTER"="C:\Program Files\Microsoft Hardware\Mouse\point32.exe" [23/08/2001 18:37]
"NvCplDaemon"="RUNDLL32.exe" [04/08/2004 06:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [30/07/2002 14:50 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [15/08/2002 11:46 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/09/2006 04:04]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [05/09/2006 22:22]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/09/2007 16:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [28/07/2007 18:53]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
broadband medic.lnk - C:\Program Files\ntl\broadband medic\bin\matcli.exe [11/10/2005 18:15:29]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [14/03/2007 12:02:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\mlljk

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c318e20-6461-11dc-8cc3-444553544200}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7efff2aa-b231-11db-8ba4-444553544200}]
AutoRun\command- G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]
C:\WINDOWS\system32\winupdate.exe s



-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost


-- End of Deckard's System Scanner: finished at 2007-09-19 09:46:35 ------------

Attached Files

	extra.txt (31.6 KB, 1 views)
	Activescan.txt (14.7 KB, 2 views)
	hijackthis.txt (9.8 KB, 0 views)

RedNaPP

Bump!

RedNaPP

Anyone...Any help or advice will be extremely appreciated.

RedNaPP

Bump !