1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help! CPU Clogged!

Discussion in 'Windows XP' started by Paquadez, Jan 27, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Paquadez

    Paquadez Thread Starter

    Joined:
    Jun 9, 2003
    Messages:
    8,765
    I am running Win 200 pro SP 4. Amd Athlon XP 1,700, 640 Meg of Ram.

    CPU keeps running at 99-100% of capability.

    System idle process hogging CPU at 99% when nothing happening! Sometimes this swops to System, when this will also hog CPU capability.

    And it is increasingly difficult to run any applications.

    Any ideas please?

    Paq :cool:
     
  2. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    The system idle process "hogging" the time is normal. :D That's the time that the system is idle, 99% is proper when nothing is happening.

    The SYSTEM process taking all the time, OTOH, is not normal.

    How about posting a HijackThis log for our security experts to take a look at?
     
  3. Paquadez

    Paquadez Thread Starter

    Joined:
    Jun 9, 2003
    Messages:
    8,765
    Many thanks, John. Herewith.

    Logfile of HijackThis v1.99.1
    Scan saved at 18:41:48, on 27/01/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\ups.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\1stDialer\1stdialer.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Network Associates\PGPNT\PGPTray.exe
    C:\Program Files\PIXELA\PTP Manager\PixePtpManager.exe
    C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [1stDialer] C:\Program Files\1stDialer\1stdialer.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    O4 - Global Startup: PGPtray.lnk = C:\Program Files\Network Associates\PGPNT\PGPTray.exe
    O4 - Global Startup: PTP Manager.lnk = C:\Program Files\PIXELA\PTP Manager\PixePtpManager.exe
    O9 - Extra button: FreshDownload - {B2E4C8ED-3C17-4041-8753-26D951B79EA8} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B34550ED-6F5B-435E-9206-B52A1507F33D}: NameServer = 194.72.9.34 194.74.65.68
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
     
  4. Paquadez

    Paquadez Thread Starter

    Joined:
    Jun 9, 2003
    Messages:
    8,765
    And here is the Start Up List.

    Sorry for its length! :eek:
    StartupList report, 27/01/2007, 18:43:26
    StartupList version: 1.52.2
    Started from : C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\HijackThis.EXE
    Detected: Windows 2000 SP4 (WinNT 5.00.2195)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\ups.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\1stDialer\1stdialer.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Network Associates\PGPNT\PGPTray.exe
    C:\Program Files\PIXELA\PTP Manager\PixePtpManager.exe
    C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\HijackThis.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Michael C Feltham\Start Menu\Programs\Startup]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    PGPtray.lnk = C:\Program Files\Network Associates\PGPNT\PGPTray.exe
    PTP Manager.lnk = C:\Program Files\PIXELA\PTP Manager\PixePtpManager.exe

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINNT\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Synchronization Manager = mobsync.exe /logon
    1stDialer = C:\Program Files\1stDialer\1stdialer.exe
    MMTray = C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    NeroFilterCheck = C:\WINNT\system32\NeroCheck.exe
    Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    *No values found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    --------------------------------------------------

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINNT\System32\mshta.exe "%1" %*

    --------------------------------------------------

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\System32\NOTEPAD.EXE %1

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINNT\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
    StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\System32\ie4uinit.exe

    [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
    StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

    --------------------------------------------------

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    --------------------------------------------------

    Load/Run keys from C:\WINNT\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    --------------------------------------------------

    Shell & screensaver key from C:\WINNT\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINNT\system32\ssmarque.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINNT\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINNT\Explorer\Explorer.exe: not present
    C:\WINNT\System\Explorer.exe: not present
    C:\WINNT\System32\Explorer.exe: not present
    C:\WINNT\Command\Explorer.exe: not present
    C:\WINNT\Fonts\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINNT
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Registry Editor'

    Registry check passed

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    New scan (2).job
    New scan.job
    UPS System Shutdown Program.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [DirectAnimation Java Classes]
    CODEBASE = file://C:\WINNT\Java\classes\dajava.cab
    OSD = C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd

    [Microsoft XML Parser for Java]
    CODEBASE = file://C:\WINNT\Java\classes\xmldso.cab
    OSD = C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd

    [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
    InProcServer32 = C:\WINNT\system32\macromed\download\Download.dll
    CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINNT\System32\rnr20.dll
    NameSpace #2: C:\WINNT\System32\winrnr.dll
    Protocol #1: C:\WINNT\system32\msafd.dll
    Protocol #2: C:\WINNT\system32\msafd.dll
    Protocol #3: C:\WINNT\system32\msafd.dll
    Protocol #4: C:\WINNT\system32\rsvpsp.dll
    Protocol #5: C:\WINNT\system32\rsvpsp.dll
    Protocol #6: C:\WINNT\system32\msafd.dll
    Protocol #7: C:\WINNT\system32\msafd.dll
    Protocol #8: C:\WINNT\system32\msafd.dll
    Protocol #9: C:\WINNT\system32\msafd.dll
    Protocol #10: C:\WINNT\system32\msafd.dll
    Protocol #11: C:\WINNT\system32\msafd.dll
    Protocol #12: C:\WINNT\system32\msafd.dll
    Protocol #13: C:\WINNT\system32\msafd.dll

    --------------------------------------------------

    Enumerating Windows NT/2000/XP services

    Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
    AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
    Alerter: %SystemRoot%\System32\services.exe (manual start)
    AmosNT: System32\DRIVERS\amosnt.sys (autostart)
    Application Management: %SystemRoot%\system32\services.exe (manual start)
    RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
    Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
    ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
    Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
    basic2: System32\DRIVERS\basic2.sys (autostart)
    Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k BITSgroup (manual start)
    Computer Browser: %SystemRoot%\System32\services.exe (autostart)
    Closed Caption Decoder: system32\drivers\ccdecode.sys (manual start)
    CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
    Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
    DHCP Client: %SystemRoot%\System32\services.exe (autostart)
    Disk Driver: System32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    Logical Disk Manager Driver: System32\DRIVERS\dmio.sys (system)
    Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
    Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\System32\services.exe (manual start)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+ Event System: C:\WINNT\System32\svchost.exe -k netsvcs (manual start)
    Fallback: System32\DRIVERS\fallback.sys (autostart)
    Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
    Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
    Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
    FltMgr: system32\drivers\fltmgr.sys (system)
    FreshIO: \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys (manual start)
    Fsks: System32\DRIVERS\fsksnt.sys (autostart)
    Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
    FTDVR: \SystemRoot\system32\drivers\ftdvr.sys (system)
    Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
    Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
    i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
    IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
    RIP Listener: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    IPSEC driver: System32\DRIVERS\ipsec.sys (manual start)
    IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
    K56: System32\DRIVERS\k56nt.sys (autostart)
    Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
    Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\System32\services.exe (autostart)
    Workstation: %SystemRoot%\System32\services.exe (autostart)
    TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (autostart)
    Messenger: %SystemRoot%\System32\services.exe (disabled)
    NetMeeting Remote Desktop Sharing: C:\WINNT\System32\mnmsrvc.exe (manual start)
    Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
    Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
    BDA MPE Filter: System32\DRIVERS\MPE.sys (manual start)
    MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINNT\System32\msdtc.exe (manual start)
    Windows Installer: C:\WINNT\System32\MsiExec.exe /V (manual start)
    Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
    Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
    Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
    NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
    Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
    NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
    Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
    NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
    NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
    Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
    Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
    NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
    Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
    Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
    Pacific Image Comm. Fax Server: C:\SUPERVOC\PROGRAM\PICPMON.EXE (disabled)
    Parallel class driver: System32\DRIVERS\parallel.sys (manual start)
    Parallel port driver: System32\DRIVERS\parport.sys (system)
    PCI Bus Driver: System32\DRIVERS\pci.sys (system)
    PGPmemlock: \??\C:\WINNT\System32\drivers\PGPmemlock.sys (autostart)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
    WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
    Protected Storage: %SystemRoot%\system32\services.exe (autostart)
    PTDVR: \SystemRoot\system32\drivers\ptdvr.sys (system)
    Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
    W2K Pctel Serial Device Driver: System32\DRIVERS\ptserial.sys (manual start)
    Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
    Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
    Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
    Rdbss: System32\DRIVERS\rdbss.sys (system)
    Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
    Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Remote Registry Service: %SystemRoot%\system32\regsvc.exe (autostart)
    Rksample: System32\DRIVERS\rksample.sys (autostart)
    Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)
    S3Psddr: System32\DRIVERS\s3gnbm.sys (manual start)
    e+ 48U Scanner: System32\DRIVERS\Artec48.sys (autostart)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    Sophos Anti-Virus status reporter: C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (autostart)
    SAVOnAccess Control: system32\DRIVERS\savonaccesscontrol.sys (system)
    SAVOnAccess Filter: system32\DRIVERS\savonaccessfilter.sys (system)
    Sophos Anti-Virus: C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (autostart)
    Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
    RunAs Service: %SystemRoot%\system32\services.exe (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
    Serial port driver: System32\DRIVERS\serial.sys (system)
    Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Simple TCP/IP Services: %SystemRoot%\System32\tcpsvcs.exe (autostart)
    BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
    SNMP Service: %SystemRoot%\System32\snmp.exe (autostart)
    SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start)
    SoftFax: System32\DRIVERS\faxnt.sys (autostart)
    SONYPVP2: system32\drivers\sonypvp2.sys (manual start)
    Sophos AutoUpdate Service: C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (autostart)
    SpeakerPhone: System32\DRIVERS\spkpnt.sys (autostart)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    srescan: system32\ZoneLabs\srescan.sys (system)
    Srv: System32\DRIVERS\srv.sys (manual start)
    Still Serial Digital Camera Driver: System32\DRIVERS\serscan.sys (manual start)
    Still Image Service: %systemroot%\system32\stisvc.exe (autostart)
    BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
    Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
    Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
    Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)
    Tones: System32\DRIVERS\tonesnt.sys (autostart)
    Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart)
    Microsoft USB Universal Host Controller Driver: System32\DRIVERS\uhcd.sys (manual start)
    Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (autostart)
    Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
    Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
    V124: System32\DRIVERS\v124nt.sys (autostart)
    VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
    VIA AGP Bus Filter: System32\DRIVERS\viaagp.sys (system)
    VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)
    VIA USB Filter: \SystemRoot\System32\Drivers\viausb.sys (manual start)
    viaide: System32\DRIVERS\viaide.sys (system)
    VIAPFD: \SystemRoot\System32\Drivers\VIAPFD.SYS (system)
    VIA AC'97 Audio Controller (WDM): system32\drivers\viaudio.sys (manual start)
    W2k Vmodem: System32\DRIVERS\vmodem.sys (system)
    W2k Vpctcom: System32\DRIVERS\vpctcom.sys (system)
    vsdatant: System32\vsdatant.sys (system)
    TrueVector Internet Monitor: C:\WINNT\system32\ZoneLabs\vsmon.exe -service (autostart)
    VIA USB Host Controller Lower Filter: \SystemRoot\System32\Drivers\vulfnth.sys (manual start)
    VIA USB Roothub Lower Filter: \SystemRoot\System32\Drivers\vulfntr.sys (manual start)
    W2k Vvoice: System32\DRIVERS\vvoice.sys (system)
    Windows Time: %SystemRoot%\System32\services.exe (manual start)
    Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
    Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
    winachsf: System32\DRIVERS\winachsf.sys (manual start)
    Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
    Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
    Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
    World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
    Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
    Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\_iu14D2N.tmp|||C

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
    SysTray: stobject.dll
    WebCheck: C:\WINNT\System32\webcheck.dll

    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *No values found*

    --------------------------------------------------

    End of report, 29,508 bytes
    Report generated in 0.080 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  5. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    I'll ask one of the security folks to take a look at this, I don't know about 1stdialer.exe, that doesn't look right. :)
     
  6. Paquadez

    Paquadez Thread Starter

    Joined:
    Jun 9, 2003
    Messages:
    8,765
    Ist Dialer is my "Smart" dialler prog, John.

    Hoping that the Telco can roll out the broadband circuits next month.

    Prob with leaving on the edge of the sticks!

    Await your kind comments.

    Thanks.

    Paq :cool:
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    If you know 1st dialer is OK then that's fine

    Download Combofix to your desktop:

    * Double-click combofix.exe & follow the prompts.
    * When finished, it shall produce a log for you. Post that log in your next reply.


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
     
  8. Paquadez

    Paquadez Thread Starter

    Joined:
    Jun 9, 2003
    Messages:
    8,765
    Hi Derek

    Thanks for assistance. One prob might be an exe "ALUpdate.exe", seems to be hogging 99%-100% CPU processing capacity. The whole system has become painfully slow: and I have a stack or work to get through, which is all Mission Crit and Time Sensitive!:eek:

    Have also downloaded Advance Windows Care, have scanned and "Fixed" various apparent probs.

    One really annoying problem seems to be with "Spybot Search and Destroy!"

    When I load/re-load known "safe" progs, or indeed try and run corrective scans/software, Spybot pops up and denies any registry changes??:confused:

    The small Pop Up pane doesn't allow me to accept the change: if there is, in fact, an "Accept" function, it's not visible!

    Hope you can assist.

    Combofix log herewith:

    "Paquadez" - Sun 28/01/2007 18:38:04 Service Pack 4
    ComboFix 07-01-25 - Running from: "C:\Downloads\Utilities"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    c:\command.com
    C:\WINNT\system32\components


    ((((((((((((((((((((((((((((((( Files Created from 2006-12-28 to 2007-01-28 ))))))))))))))))))))))))))))))))))


    2007-01-28 13:58 <DIR> d-------- C:\Program Files\IObit
    2007-01-28 10:02 <DIR> d-------- C:\Program Files\RegCure
    2007-01-27 13:23 <DIR> d-------- C:\Program Files\TaxCalc 2006
    2007-01-27 13:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
    2007-01-26 14:57 15,872 --a------ C:\WINNT\system32\SophosBootTasks.exe
    2007-01-26 14:57 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
    2007-01-26 14:56 <DIR> d-------- C:\savxpsa
    2007-01-23 18:21 671,744 --a------ C:\WINNT\is-S74HC.exe
    2007-01-23 18:20 <DIR> d-------- C:\Program Files\Download Express
    2007-01-23 18:20 <DIR> d-------- C:\DOCUME~1\MICHAE~1\Application Data\MetaProducts
    2007-01-23 18:20 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\MetaProducts
    2007-01-12 14:25 <DIR> d-a------ C:\WINNT\system32\ZoneLabs
    2007-01-12 14:25 <DIR> d-a------ C:\WINNT\Internet Logs
    2007-01-12 09:34 <DIR> d-------- C:\Program Files\Sygate
    2007-01-12 06:34 465,176 --a------ C:\WINNT\system32\wuapi.dll
    2007-01-12 06:34 41,240 --a------ C:\WINNT\system32\wups.dll
    2007-01-12 06:34 194,328 --a------ C:\WINNT\system32\wuaueng1.dll
    2007-01-12 06:34 18,200 --a------ C:\WINNT\system32\wups2.dll
    2007-01-12 06:34 172,312 --a------ C:\WINNT\system32\wuauclt1.exe
    2007-01-12 06:34 127,256 --a------ C:\WINNT\system32\wucltui.dll
    2007-01-12 06:28 <DIR> d-------- C:\WINNT\SoftwareDistribution
    2007-01-11 12:06 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-28 18:29 -------- d-------- C:\DOCUME~1\MICHAE~1\Application Data\skype
    2007-01-28 10:08 -------- d-------- C:\Program Files\1stdialer
    2007-01-26 21:38 -------- d-------- C:\DOCUME~1\MICHAE~1\Application Data\adobeum
    2007-01-23 13:57 -------- d-------- C:\Program Files\spywareblaster
    2007-01-12 07:51 -------- d-------- C:\Program Files\Common Files\wise installation wizard
    2006-12-26 09:53 28256 --a------ C:\WINNT\system32\drivers\MxlW2k.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "1stDialer"="C:\\Program Files\\1stDialer\\1stdialer.exe"
    "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "Synchronization Manager"="mobsync.exe /logon"
    "MMTray"="C:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mm_tray.exe"
    "NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "internat.exe"="internat.exe"
    "Start Upping"="taksmgr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=dword:00000000
    "NoResolveSearch"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SAVService

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    rpcss REG_MULTI_SZ RpcSs\0\0
    wugroup REG_MULTI_SZ wuauserv\0\0
    BITSgroup REG_MULTI_SZ BITS\0\0

    HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
    WmdmPmSN

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CPUZ


    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis entries SET to ignore ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [sys] regedit -s sys.reg
    O4 - HKLM\..\Run: [1on1] C:\WINNT\1on1.exe -n

    Contents of the 'Scheduled Tasks' folder
    C:\WINNT\tasks\New scan (2).job
    C:\WINNT\tasks\New scan.job
    C:\WINNT\tasks\RegCure.job
    C:\WINNT\tasks\UPS System Shutdown Program.job

    Completion time: Sun 2007-01-28 18:40:23
     
  9. bbearren

    bbearren

    Joined:
    Jul 14, 2006
    Messages:
    3,775
    RE: the Spybot issue, do you have your preferences in TeaTimer set to "Block" or "Prompt for action"?
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    I can see a couple of possibilities

    download filesearch.bat to your desktop from http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item11

    double click it and it will make a list of ALL files and folders in both C:\winnt & c:\winnt\system32 and a list of all folders in C:\program files so we can plough through them and spot anything dodgy, hopefully

    it will only pop up for a quick flash

    a file search.txt should pop up, save it to desktop as it makes it easier to find
    If it doesn't pop up then a copy will be in C:\filesearch.txt

    It will be too big to upload here so go to http://www.thespykiller.co.uk/forum/index.php?board=1.0 and upload there
    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the file on your computer, when the file is listed in the windows press send to upload the files
     
  11. Paquadez

    Paquadez Thread Starter

    Joined:
    Jun 9, 2003
    Messages:
    8,765
    Loaded and ran batch file.

    Cannot find any trace of the filesearch.txt result?

    Tried search in Win Explorer. Zero result.

    When I launch the batch file, the screen flashed, momentarily and that's all.

    Hmmm...........

    Paq :cool:
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    lets see if this will show what I'm looking for

    • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!

    Reboot into Safe Mode
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Doubleclick WinPFind.exe
    • Click " Configure Scan Options"
    • Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
    • Now Click "Start Scan"
    • It will scan the entire System, so please be patient!
    • Once the Scan is Complete
      • Reboot back to Normal Mode!
      • Go to the WinPFind folder
      • Locate WinPFind.txt
      • Place those results in the next post!. It will be too big to post so you will need to attach it to your reply
     
  13. Paquadez

    Paquadez Thread Starter

    Joined:
    Jun 9, 2003
    Messages:
    8,765
    This just keeps getting better and better, Derek!

    The link to Bleeping Computer gives n Error 404 Not Found error!

    Also tried other freeware sites; they all direct back to the same URL, which is blind!

    Help!

    Paq :cool:
     
  14. Paquadez

    Paquadez Thread Starter

    Joined:
    Jun 9, 2003
    Messages:
    8,765
    Looked everywhere for mirror servers to download WinPFind: no success.

    Any other ideas, please?

    Still have core problems.

    Paq :cool:
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    It appears that version of wpfind has been removed temporarily while a few bugs are fixed

    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
    • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
      • In the Files Created Within group click 30 days
      • In the Files Modified Within group select 30 days
      • In the File String Search group select Non-Microsoft
    • Now click the Run Scan button on the toolbar.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Help Clogged
  1. mag777
    Replies:
    18
    Views:
    694
  2. aamberdawn35
    Replies:
    1
    Views:
    297
  3. Robertico22
    Replies:
    8
    Views:
    460
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/538827

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice