|
| |||||||
 |
 |
| | Thread Tools |
|
#1
17th Feb 2009, 19:11
| |||
| |||
| I started having the problems today. I don't know if I was on a site that infected me and then it was a domino affect from there - Anyways, I have ran AVG, Malware scanners, Spybot, HiJackThis, a-Squared, deleted everything that popped up (quite a few things on each) - I restarted after each... All of the popups stopped, but everytime I open Firefox, or Safari, or IE or something, the memory usage gets well over 100kb for each of them. A few minutes ago, I snapped a Screenshot for yall to look at. I only had 1 thing open, but yet look at the memory usages for this stuff. I'm attaching it. This is very frustrating. I've already backed up my entire computer. I don't want to format, but I feel it's my only choice. I got on this forum to see if there is anything else that I can do to fix it before I do reformat. I have ran every program imaginable, quarantined/deleted everything it found - VERY FRUSTRATED!!!  |
|
#2
17th Feb 2009, 19:18
| ||||||||||||
| ||||||||||||
|
__________________
My System: Hybr!d
|
|
#3
17th Feb 2009, 20:17
| |||
| |||
| Here is my superantispyware log... SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/17/2009 at 09:54 PM Application Version : 4.25.1012 Core Rules Database Version : 3764 Trace Rules Database Version: 1725 Scan type : Complete Scan Total Scan Time : 00:29:36 Memory items scanned : 473 Memory threats detected : 0 Registry items scanned : 5814 Registry threats detected : 11 File items scanned : 22365 File threats detected : 4 Trojan.Dropper/Gen-123 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SysTray HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153} HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153} HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\WIEXCORIP.DLL Rogue.Component/Trace HKLM\Software\Microsoft\C8F764FE HKLM\Software\Microsoft\C8F764FE#c8f764fe HKLM\Software\Microsoft\C8F764FE#Version HKLM\Software\Microsoft\C8F764FE#c8f7c97e HKLM\Software\Microsoft\C8F764FE#c8f7a09b HKU\S-1-5-21-2013295415-410409442-2096312683-1006\Software\Microsoft\FIAS4018 Adware.Vundo/Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP652\A0037055.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP652\A0037081.DLL Trojan.Unclassified C:\WINDOWS\SYSTEM32\MPFSERVICEFAILURECOUNT.TXT |
|
#4
18th Feb 2009, 05:11
| |||
| |||
| Here's the Malwarebytes Anti Malware log.... Malwarebytes' Anti-Malware 1.34 Database version: 1771 Windows 5.1.2600 Service Pack 2 2/18/2009 7:09:33 AM mbam-log-2009-02-18 (07-09-31).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 192398 Time elapsed: 48 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP652\A0037074.dll (Adware.BHO) -> Removed. C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP652\A0037098.dll (Trojan.Vundo) -> Removed. |
|
#5
18th Feb 2009, 05:48
| |||
| |||
| The process "SYSTEM" constantly stays at 61,780K, even if I reboot several times, etc |
|
#6
18th Feb 2009, 13:04
| |||
| |||
| Posting all of the logs would help us help you...
__________________  |
|
#7
18th Feb 2009, 13:07
| |||
| |||
| Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:07:05 PM, on 2/18/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL O2 - BHO: (no name) - {59873547-2606-4ADD-BB86-A6F873EDBD89} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Filter hijack: text/html - {1a1acda2-78bb-4380-8730-65be7d3c53df} - (no file) O20 - AppInit_DLLs: elorkp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: xxyxVoOE - xxyxVoOE.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- End of file - 5284 bytes |
|
#8
18th Feb 2009, 13:08
| |||
| |||
| There, I have posted all 3 logs for those 3 programs. |
|
#9
18th Feb 2009, 13:15
| |||
| |||
| Looking at the logs now. In the mean time. Why are you not running an antivirus?
__________________ |
|
#10
18th Feb 2009, 13:17
| |||
| |||
| I just don't like them running in the background, but I guess I need to start doing that. Thanks so much for the help! Do you have AIM or anything by chance? |
|
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Computer won't turn on... getting frustrated | RSteph49 | General Hardware Chat | 3 | 25th Oct 2008 13:07 |
| Cheese is very frustrated | cheesewheels99 | General Hardware Chat | 8 | 12th Feb 2008 22:46 |
| How do I stop these processes from running? | paulabear | Windows Operating Systems | 9 | 27th Jan 2008 10:25 |
| Stumped and Frustrated. | Macmac508 | Graphics Cards & Monitors | 3 | 31st Dec 2007 07:59 |
| Too many processes?? | jordanio4 | Windows Operating Systems | 1 | 1st Oct 2007 10:25 |
| Thread Tools | |
| |
