Thread: System idle process high CPU usage, error protector popup,
View Single Post
Old 10-16-2007, 11:01 AM   #4 (permalink)
leshma
Registered User
 
Join Date: Oct 2007
Posts: 8
OS: Win XP


Re: System idle process high CPU usage, error protector popup,
Tnx for ur time sUBs...I appreciate it

Logfile of HijackThis v1.99.1
Scan saved at 18:55:55, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.b92.net/sport/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - C:\Program Files\VirtualCamera\VirtualCameraMenu.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {102629F9-F9F2-428C-9E2E-F5E435EB8594} - (no file)
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe


ComboFix 07-10-16.1 - ManUtd 2007-10-16 18:41:23.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.64 [GMT 2:00]
Running from: C:\Documents and Settings\ManUtd\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Program Files\Common Files\{35784~1
C:\Program Files\Common Files\{45784~1
C:\WINNT\cookies.ini
C:\WINNT\rs.txt
C:\WINNT\system32\fkfdteuo.dll
C:\WINNT\system32\gquhrenp.dll
C:\WINNT\system32\jkklm.dll
C:\WINNT\system32\lbhbsxyv.dll
C:\WINNT\system32\lcsttmwt.dll
C:\WINNT\system32\mlkkj.bak2
C:\WINNT\system32\mlkkj.bak2
C:\WINNT\system32\mlkkj.ini
C:\WINNT\system32\mlkkj.ini
C:\WINNT\system32\mlkkj.ini2
C:\WINNT\system32\mlkkj.ini2
C:\WINNT\system32\ouetdfkf.ini
C:\WINNT\system32\pnerhuqg.ini
C:\WINNT\system32\stlxefkt.dll
C:\WINNT\system32\twmttscl.ini

.
((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.

2007-10-16 18:32 51,200 --a------ C:\WINNT\NirCmd.exe
2007-10-13 14:57 <DIR> d--hs---- C:\FOUND.003
2007-10-13 00:45 <DIR> d-------- C:\Documents and Settings\ManUtd\Application Data\mIRC
2007-10-13 00:44 <DIR> d-------- C:\Program Files\mIRC
2007-10-12 12:22 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Spybot - Search & Destroy
2007-10-11 19:16 <DIR> d-------- C:\Deckard
2007-10-09 13:13 <DIR> d--hs---- C:\FOUND.002
2007-10-08 14:03 <DIR> d-------- C:\My Recordings
2007-10-08 13:56 <DIR> d-------- C:\Program Files\FREE Hi-Q Recorder
2007-10-08 13:39 339,968 --a------ C:\WINNT\system32\MP3EncX.dll
2007-10-05 18:31 <DIR> d--hs---- C:\FOUND.001
2007-10-02 19:09 <DIR> d--hs---- C:\FOUND.000
2007-09-23 13:30 <DIR> d-------- C:\Program Files\DScaler
2007-09-23 12:23 1,089,536 --a------ C:\WINNT\system32\gear81sd.DLL
2007-09-23 12:23 69,632 --a------ C:\WINNT\PCTV.dll
2007-09-23 12:22 <DIR> d-------- C:\Program Files\Pinnacle
2007-09-21 20:46 626,688 --a------ C:\WINNT\system32\msvcr80.dll
2007-09-19 12:36 <DIR> d-------- C:\Programi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-15 21:38 --------- d-----w C:\Program Files\Valve
2007-09-10 16:57 --------- d-----w C:\Program Files\CCleaner
2007-09-06 13:42 73,216 ----a-w C:\WINNT\ST6UNST.EXE
2007-09-06 13:42 249,856 ------w C:\WINNT\Setup1.exe
2007-09-06 13:42 --------- d-----w C:\Program Files\Guitar Calculator Pro
2007-08-25 13:06 --------- d-----w C:\Program Files\VPHoldem
2007-08-22 17:59 --------- d-----w C:\Program Files\PokerStars
2006-12-07 15:47 271 --sh--w C:\Program Files\desktop.ini
2006-12-07 15:47 21,952 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{102629F9-F9F2-428C-9E2E-F5E435EB8594}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-03 22:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\ManUtd\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R2 ROB_A;Pinnacle WDM PCTV Audio Capture;C:\WINNT\system32\DRIVERS\rob_a.sys
R2 ROB_V;Pinnacle WDM PCTV Video Capture;C:\WINNT\system32\drivers\rob_v.sys
R2 VCAM;Webcam Simulator;C:\WINNT\system32\DRIVERS\vcam.sys
R3 actser;actser;C:\WINNT\system32\drivers\actser.sys
R3 vsbus;Virtual Serial Bus Enumerator;C:\WINNT\system32\DRIVERS\vsb.sys
S3 HWIONT;HWIONT;\??\C:\Documents and Settings\ManUtd\My Documents\kabl\HWIONT.sys
S3 susbser;Siemens Mobile Phone;C:\WINNT\system32\DRIVERS\susbser.sys
S3 vserial;ELTIMA Virtual Serial Ports Driver;C:\WINNT\system32\DRIVERS\vserial.sys
S4 Wuafrtmg;Wuafrtmg;C:\WINNT\system32\drivers\tcpip6.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e62335f2-d480-11db-95a9-000f21d03a10}]
AutoRun\command - C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command - G:\Recycled\ctfmon.exe

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 18:47:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-16 18:49:11 - machine was rebooted
.
--- E O F ---
Attached Files
File Type: txt log.txt (5.6 KB, 1 views)
Last edited by sUBs; 10-16-2007 at 11:17 AM.
leshma is offline