Thread: System idle process high CPU usage, error protector popup,
View Single Post
Old 10-11-2007, 11:51 AM   #1 (permalink)
leshma
Registered User
 
Join Date: Oct 2007
Posts: 8
OS: Win XP


System idle process high CPU usage, error protector popup,
Hi,
i have this problem for some time... Xp is running slower, it shows high cpu usage by System Idle Process (over 70%)... also have trouble with popup witch leads to Error Protector home page... Had some problem with Troyan Virto but i used Symantec FixVirto or something and it shows clean report...Here's my log...and tnx in advance for ur effort

Deckard's System Scanner v20070905.67
Run by ManUtd on 2007-10-11 19:17:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
25: 2007-10-11 17:17:20 UTC - RP288 - Deckard's System Scanner Restore Point
24: 2007-10-11 12:01:39 UTC - RP287 - System Checkpoint
23: 2007-10-10 11:59:35 UTC - RP286 - System Checkpoint
22: 2007-10-08 21:19:39 UTC - RP285 - System Checkpoint
21: 2007-10-07 19:57:20 UTC - RP284 - System Checkpoint


-- First Restore Point --
1: 2007-09-29 15:53:15 UTC - RP264 - Removed Counter-Strike 1.6


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).
System Drive C: has 0.41 GiB (less than 15%) free.


-- HijackThis (run as ManUtd.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-11 19:22:41
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINNT\system32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\SPOOLSV.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINNT\system32\wscntfy.exe
C:\Documents and Settings\ManUtd\Desktop\dss.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.b92.net/sport/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\ntos.exe,
O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - C:\Program Files\VirtualCamera\VirtualCameraMenu.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {3CB70CC2-303F-4A6C-824D-013AE8CFDB6B} - (no file)
O2 - BHO: (no name) - {702ACB2E-336B-4FF9-82B6-FEECF7594160} - C:\WINNT\system32\jkklm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINNT\system32\stlxefkt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [SearchIndexer] rundll32.exe "C:\WINNT\system32\wmbobplx.dll",sitypnow
O4 - HKEY_LOCAL_MACHINE\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra 'Tools' menuitem: (no name) - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINNT\wc98pp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: Macromedia Licensing Service - Unknown owner - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - "C:\Program Files\Eset\nod32krn.exe"


-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 VCAM (Webcam Simulator) - c:\winnt\system32\drivers\vcam.sys <Not Verified; Webcam Simulator; Webcam Simulator>
R2 VirtualCam (VirtualCamera) - c:\winnt\system32\drivers\virtualcam.sys <Not Verified; MorningSound Co., Ltd.; MorningSound VirtualCamera>
R3 actser - c:\winnt\system32\drivers\actser.sys <Not Verified; Siemens AG; Actser Filter Driver>
R3 vsbus (Virtual Serial Bus Enumerator) - c:\winnt\system32\drivers\vsb.sys

S3 DSDrv4 - c:\program files\dscaler\dsdrv4.sys
S3 HWIONT - c:\documents and settings\manutd\my documents\kabl\hwiont.sys (file missing)
S3 susbser (Siemens Mobile Phone) - c:\winnt\system32\drivers\susbser.sys <Not Verified; Siemens AG; Siemens AG USB Modem/Serial Device Driver>
S3 TVICHW32 - c:\winnt\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 vserial (ELTIMA Virtual Serial Ports Driver) - c:\winnt\system32\drivers\vserial.sys
S4 Parallel (Parallel class driver) - c:\winnt\system32\drivers\parallel.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_101A147B&REV_10\4&1A671D0C&0&00F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_101A147B&REV_10\4&1A671D0C&0&00F0
Service: RTL8023xp


-- Files created between 2007-09-11 and 2007-10-11 -----------------------------

2007-10-11 18:10:58 84032 --a------ C:\WINNT\system32\wmbobplx.dll
2007-10-09 13:13:26 0 d--hs---- C:\FOUND.002
2007-10-08 14:03:04 0 d-------- C:\My Recordings
2007-10-08 13:56:49 0 d-------- C:\Program Files\FREE Hi-Q Recorder
2007-10-08 13:39:37 339968 --a------ C:\WINNT\system32\MP3EncX.dll <Not Verified; NUGROOVZ; MP3EncoderX Control>
2007-10-07 18:01:37 383866 ---hs---- C:\WINNT\system32\mlkkj.bak2
2007-10-05 20:35:23 76352 --a------ C:\WINNT\system32\stlxefkt.dll
2007-10-05 20:32:12 87104 --a------ C:\WINNT\system32\fkfdteuo.dll
2007-10-05 18:31:34 0 d--hs---- C:\FOUND.001
2007-10-05 10:33:38 393 ---hs---- C:\WINNT\system32\mlkkj.ini2
2007-10-02 19:09:00 0 d--hs---- C:\FOUND.000
2007-09-30 14:48:19 0 dr-h----- C:\Documents and Settings\ManUtd\Recent
2007-09-29 21:16:40 84032 --a------ C:\WINNT\system32\lcsttmwt.dll
2007-09-29 17:49:25 316000 --a------ C:\WINNT\system32\jkklm.dll
2007-09-23 13:30:32 0 d-------- C:\Program Files\DScaler
2007-09-23 12:23:07 69632 --a------ C:\WINNT\PCTV.dll <Not Verified; Pinnacle Systems; Pinnacle Systems UnInstall.DLL>
2007-09-23 12:23:05 1089536 --a------ C:\WINNT\system32\gear81sd.DLL <Not Verified; AccuSoft Corporation; AccuSoft ImageGear>
2007-09-23 12:22:53 81920 --a------ C:\WINNT\system32\vdrmux.dll <Not Verified; Pinnacle Systems; Pinnacle Systems vdrmux>
2007-09-23 12:22:53 46592 --a------ C:\WINNT\system32\vdrcodec.dll <Not Verified; Pinnacle Systems; Studio 600>
2007-09-23 12:22:53 62976 --a------ C:\WINNT\system32\pclepixl.dll <Not Verified; Pinnacle Systems; Microsoft Windows 95>
2007-09-23 12:22:53 32768 --a------ C:\WINNT\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll>
2007-09-23 12:22:53 138752 --a------ C:\WINNT\system32\MASE32.DLL
2007-09-23 12:22:53 57856 --a------ C:\WINNT\system32\MASD32.DLL
2007-09-23 12:22:53 136192 --a------ C:\WINNT\system32\MAMC32.DLL <Not Verified; ; MAMC32 Dynamic Link Library>
2007-09-23 12:22:53 196096 --a------ C:\WINNT\system32\MACD32.DLL <Not Verified; ; MACD32 Dynamic Link Library>
2007-09-23 12:22:53 27648 --a------ C:\WINNT\system32\MA32.DLL
2007-09-23 12:22:46 27648 --a------ C:\WINNT\system32\IR50_LCS.DLL <Not Verified; Intel Corporation.; Intel Indeo® video 5.0 LC>
2007-09-23 12:22:41 32768 --a------ C:\WINNT\system32\pctvuser.dll <Not Verified; Pinnacle Systems; Pinnacle Studio PCTV>
2007-09-23 12:22:41 45056 --a------ C:\WINNT\system32\pclepim1.dll <Not Verified; Pinnacle Systems; Microsoft Windows>
2007-09-23 12:22:41 66048 --a------ C:\WINNT\system32\MIROXL32.DLL <Not Verified; Pinnacle Systems; Microsoft Windows 95/98>
2007-09-23 12:22:41 39392 --a------ C:\WINNT\system32\drivers\pctvnt.sys <Not Verified; Pinnacle Systems; Pinnacle Studio PCTV>
2007-09-23 12:22:40 0 d-------- C:\WINNT\PCTV.DRV
2007-09-23 12:22:39 0 d-------- C:\Program Files\Pinnacle
2007-09-23 12:22:32 47313 --a------ C:\WINNT\system32\PCTVCAP.DLL <Not Verified; Pinnacle Systems; Pinnacle Studio PCTV>
2007-09-23 12:22:31 29408 --a------ C:\WINNT\system32\Mcipctv.dll
2007-09-23 12:22:31 36864 --a------ C:\WINNT\system32\io_pctv.dll <Not Verified; Pinnacle Systems GmbH; Pinnacle Studio PCTV>
2007-09-23 12:22:31 42384 --a------ C:\WINNT\system32\drivers\pctvw2k.sys <Not Verified; Pinnacle Systems; Pinnacle Studio PCTV>
2007-09-23 12:22:31 2145 --a------ C:\WINNT\system32\drivers\PCTVAud.sys <Not Verified; Pinnacle Systems; Pinnacle Studio PCTV>
2007-09-23 12:22:31 306688 --a------ C:\WINNT\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-09-19 12:36:58 0 d-------- C:\Programi
2007-09-15 23:38:01 0 d-------- C:\Program Files\Valve


-- Find3M Report ---------------------------------------------------------------

2007-09-10 19:51:22 1868 --a------ C:\WINNT\system32\tmp.reg
2007-09-10 18:57:18 0 d-------- C:\Program Files\CCleaner
2007-09-06 15:42:54 0 d-------- C:\Program Files\Guitar Calculator Pro
2007-09-06 15:42:44 73216 --a------ C:\WINNT\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-08-25 1500 0 d-------- C:\Program Files\VPHoldem
2007-08-22 19:59:28 0 d-------- C:\Program Files\PokerStars


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CB70CC2-303F-4A6C-824D-013AE8CFDB6B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{702ACB2E-336B-4FF9-82B6-FEECF7594160}]
09/29/2007 17:53 316000 --a------ C:\WINNT\system32\jkklm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]
10/05/2007 20:35 76352 --a------ C:\WINNT\system32\stlxefkt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchIndexer"="C:\WINNT\system32\wmbobplx.dll" [10/11/2007 18:11]
"KernelFaultCheck"="C:\WINNT\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [08/03/2004 22:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [03/12/2007 13:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\ManUtd\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 19:16:50]

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 04:44:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINNT\system32\userinit.exe,C:\WINNT\system32\ntos.exe,"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINNT\\system32\\jkklm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e62335f2-d480-11db-95a9-000f21d03a10}]
AutoRun\command- C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- G:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7696906-8618-11db-9510-00508d4a5117}]
AutoRun\command- C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe




-- End of Deckard's System Scanner: finished at 2007-10-11 19:24:49 ------------
Attached Files
File Type: txt extra.txt (14.4 KB, 1 views)
leshma is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here