Thread: CPU usage @ 100%
View Single Post
Old 11-04-2008, 12:34 PM   #3 (permalink)
Molmeister
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: XP


Re: CPU usage @ 100%
sUBs -

Here's the log...I've uninstalled ULead as it seemed to be hogging CPU usage plus another symptom of my troubles is...
I am unable to access other users spaces from the initial screen - whoever I click on first icon I can see their desktop but going back to the initial screen, when I click on another users icon it just goes to a blue screen and then reverts back to the screen with the icons. If I log out and go to that user I can enter their desktop but again on switching user on dice.
There are no error messages.


Log Dump is as follows - Many thanks 4 taking the time to review

ComboFix 08-11-03.06 - Tim 2008-11-04 18:11:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.536 [GMT 0:00]
Running from: c:\documents and settings\Tim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tim\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\program files\FunWebProducts
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
L:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 )))))))))))))))))))))))))))))))
.

2008-11-04 15:05 . 2008-11-04 16:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2008-11-04 15:03 . 2008-11-04 15:03 <DIR> d-------- c:\program files\Common Files\iS3
2008-11-04 15:03 . 2008-11-04 17:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2008-11-02 13:51 . 2008-11-02 13:51 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-02 13:47 . 2008-11-02 19:34 <DIR> d-------- c:\program files\NOS
2008-11-02 13:47 . 2008-11-02 19:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-10-31 22:40 . 2008-11-02 13:59 1,750 --a------ c:\windows\system32\%LocalXml%
2008-10-31 19:47 . 2008-10-31 19:47 <DIR> d-------- c:\program files\Lavasoft
2008-10-31 17:25 . 2008-10-31 17:25 250 --a------ c:\windows\gmer.ini
2008-10-31 17:21 . 2008-10-31 17:21 <DIR> d-------- C:\rsit
2008-10-31 17:21 . 2008-10-31 17:21 <DIR> d-------- c:\program files\trend micro
2008-10-31 11:30 . 2008-10-31 11:30 <DIR> d-------- c:\documents and settings\Tim\Application Data\System Tweaker
2008-10-31 11:17 . 2008-10-31 11:19 <DIR> d-------- c:\documents and settings\Sammy
2008-10-29 10:52 . 2008-11-04 17:52 <DIR> d-------- c:\program files\Uniblue
2008-10-27 21:12 . 2004-08-03 22:41 404,990 --a------ c:\windows\system32\drivers\slntamr.sys
2008-10-27 21:12 . 2004-08-03 22:41 404,990 --a--c--- c:\windows\system32\dllcache\slntamr.sys
2008-10-27 21:12 . 2004-08-03 22:41 95,424 --a------ c:\windows\system32\drivers\slnthal.sys
2008-10-27 21:12 . 2004-08-03 22:41 95,424 --a--c--- c:\windows\system32\dllcache\slnthal.sys
2008-10-27 21:12 . 2008-04-14 01:12 73,796 --a------ c:\windows\system32\slserv.exe
2008-10-27 21:12 . 2008-04-14 01:12 73,796 --a--c--- c:\windows\system32\dllcache\slserv.exe
2008-10-27 21:12 . 2008-04-14 01:12 32,866 --a--c--- c:\windows\system32\dllcache\slrundll.exe
2008-10-27 21:12 . 2008-04-14 01:12 32,866 --a------ c:\windows\slrundll.exe
2008-10-24 16:21 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-16 13:52 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 13:52 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 13:52 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 13:52 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 13:52 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-16 13:52 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 19:18 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-04 18:30 950,304 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-04 18:30 4,594,720 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-04 18:30 4,328 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-04 18:30 36,976 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-02 13:49 --------- d-----w c:\program files\Common Files\Adobe
2008-11-02 13:28 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-01 07:51 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-10-31 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-31 19:44 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-27 21:54 --------- d-----w c:\program files\Google
2008-10-27 21:10 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 21:05 --------- d-----w c:\program files\Abacast
2008-10-20 17:56 9,548 ----a-w c:\documents and settings\Toy\Application Data\wklnhst.dat
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-09-05 10:17 --------- d-----w c:\documents and settings\All Users\Application Data\Acronis
2008-09-05 10:13 --------- d-----w c:\documents and settings\Toy\Application Data\Nokia Multimedia Player
2008-04-14 00:11 178,688 ----a-r c:\documents and settings\Sam\Application Data\twext.exe
2008-03-24 10:36 0 ----a-w c:\documents and settings\Charlotte\Application Data\wklnhst.dat
2008-03-16 09:14 19,622 ----a-w c:\documents and settings\Tim\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2006-12-30 28672]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040]

[HKLM\~\startupfolder\C:^Documents and Settings^Tim^Start Menu^Programs^Startup^Sky Alerts.lnk]
path=c:\documents and settings\Tim\Start Menu\Programs\Startup\Sky Alerts.lnk
backup=c:\windows\pss\Sky Alerts.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--------- 2003-06-09 23:11 50688 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 00:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-28 11:51 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2007-04-10 21:46 709992 c:\windows\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-09-16 18:39 69632 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Streamload\\MediaMax XL\\MediaMax XL.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 tdrpman;Acronis Try&Decide and Restore Points filter;c:\windows\system32\DRIVERS\tdrpman.sys [2008-07-21 368480]
R2 TryAndDecideService;Acronis Try And Decide Service;c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-09 492896]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{541241c9-e1ec-11dc-9bef-0016e6949159}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-02 c:\windows\Tasks\AdwareAlert Scheduled Scan.job
- c:\program files\AdwareAlert\AdwareAlert.exe []

2008-11-02 c:\windows\Tasks\AdwareAlert Scheduled Scan.job
- c:\program files\AdwareAlert []

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-11-03 c:\windows\Tasks\User_Feed_Synchronization-{00AF2119-2240-4640-90C9-E2566154122A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\29atcpyr.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-GB.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 19:18:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Streamload\MediaMax XL\StreamloadService.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-04 19:26:54 - machine was rebooted [Tim]
ComboFix-quarantined-files.txt 2008-11-04 19:26:48

Pre-Run: 149,888,507,904 bytes free
Post-Run: 151,337,107,456 bytes free

195 --- E O F --- 2008-10-24 16:35:07
Molmeister is offline