1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

running application or process

Discussion in 'General Security' started by vladmosiac, Apr 22, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. vladmosiac

    vladmosiac Thread Starter

    Joined:
    Jun 8, 2007
    Messages:
    58
    Hi, I have WinCTF running all the time in my applications/process list. I have tried to search for it but no results. Only 1 site found which states its a virus (alias for paradox.exe)

    Can anyone tell me what it is and why its running all the time?
    Or if its something unwanted how can I remove it?
     
  2. Sponsor

  3. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,605
    Please download and install HijackThis.

    Run it and select Do a system scan and save a logfile.

    The log will be saved in Notepad. Copy and paste the log in your next post.

    Do not fix anything.​
     
  4. vladmosiac

    vladmosiac Thread Starter

    Joined:
    Jun 8, 2007
    Messages:
    58
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:53:13 PM, on 4/22/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\winctf.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Wakoopa\Wakoopa.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Orbitdownloader\orbitdm.exe
    C:\Program Files\Orbitdownloader\orbitnet.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [CTFHelper] "C:\WINDOWS\winctf.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Wakoopa] C:\Program Files\Wakoopa\Wakoopa.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

    --
    End of file - 6148 bytes
     
  5. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,605
    It's related to CTFHelper, an add-on for the game "World of Warcraft".

    O4 - HKLM\..\Run: [CTFHelper] "C:\WINDOWS\winctf.exe"
     
  6. vladmosiac

    vladmosiac Thread Starter

    Joined:
    Jun 8, 2007
    Messages:
    58
    oh yeah. thanks. I never knew it. actually never played that game. thx anyway!
     
  7. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,605
    It might also be used on another game you played. Anyway, nothing to worry about.

    You're welcome!
     
  8. ketsueki13

    ketsueki13

    Joined:
    Jun 13, 2004
    Messages:
    358
    I don't mean to be contradictory, but I play WoW, and I can't find a mention of this Helper anywhere on any type of gaming site.
    I've seen a few Capture the Flag addons for Quake and CoD and others, but I can't imagine they would run from the Windows directory or set up an autorun. Most addons would start when the game file does, and the while there are a few that would use/need an autorun a capture the flag helper wouldn't be one.
    Could we possibly ask what games, if any they play? This just seems suspicious to me...
     
  9. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,605
    http://tw.thewow.cn/soft/436.html

    http://www.elitepvpers.de/forum/wow-addons/41355-leave-battleground-bei-ctfhelper-implemetieren.html

    http://dl.qj.net/World-of-Warcraft-...-of-Warcraft-UI-Mods/pg/12/fid/3009/catid/313

    http://wow.curseforge.com/projects/project-872/

    http://wowui.incgamers.com/?p=mod&m=942

    http://core.myfreeforum.org/about60.html&view=next

    http://www.elitepvpers.de/forum/wow-addons/41355-leave-battleground-bei-ctfhelper-implemetieren.html

    CTFhelper

    http://www.curse-gaming.com/mod.php?addid=1529

    Features

    # Autojoin the battleground after 5 seconds when the box pop up.
    # Autorelease when you die.
    # Autoaccept the spirit healer resurrection.
    # Display the flag carrier in both teams.
    # Display all the ennemies, their guild, their class, their pvp rank and finally their name.
    # Allow you to click on the class/rank to target them.
    # Spam the channel when someone pickup the flag with his name, class, guild.
     
  10. ketsueki13

    ketsueki13

    Joined:
    Jun 13, 2004
    Messages:
    358
    There is no ctfhelper.exe in that package. Most WoW packages don't use an exe file, and they would not be usable with any other game. Only WoW.

    Also, since he doesn't play WoW, that's worrisome anyway. I'm going to report this post to have it looked closer at.
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    108,027
    Go to the following link and upload the following file(s) for analysis and let me know what the results are please:

    http://virusscan.jotti.org/

    C:\WINDOWS\winctf.exe
     
  12. ketsueki13

    ketsueki13

    Joined:
    Jun 13, 2004
    Messages:
    358
    Thanks for your help cookiegal!
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    108,027
    You're welcome. :)
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/820852