A Few Processes Hogging Memory BAD - VERY FRUSTRATED!!!!!

**evilfantasy** · #11 18th Feb 2009, 13:24

We don't help by PM. That would defeat the need for the forum. And many replies are way too big for PM's.

You need an AV or this will just keep happening. There are a few that take little resources. We will do that in a minute. First...

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {59873547-2606-4ADD-BB86-A6F873EDBD89} - (no file)
O18 - Filter hijack: text/html - {1a1acda2-78bb-4380-8730-65be7d3c53df} - (no file)
O20 - AppInit_DLLs: elorkp.dll
O20 - Winlogon Notify: xxyxVoOE - xxyxVoOE.dll (file missing)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

blakeaf96 · #12 18th Feb 2009, 13:47

I tried running ComboFix, but it was saying that I had an active Anti-Virus, so I tried uninstalling AVG, and it's having problems uninstalling, so I'm trying to get it removed so can run ComboFix. I should be back on here in the next 15-20 minutes with the log if I can ever get AVG removed. I tried using AVG's uninstaller, but it got to the end of the uninstall and said there was 1 error during uninstall, so it wouldn't uninstall. I even ended the task in taskman of AVG, and tried running ComboFix, but it still says it's running... ugh! Be back shortly!!! Don't go anywhere =)

**evilfantasy** · #13 18th Feb 2009, 13:58

Quote:

Originally Posted by evilfantasy

We will do that in a minute.

That's why I was going to wait...

If you run the AVG installer there will be an option to uninstall instead of install. Sometimes that's the only way to remove AVG.

blakeaf96 · #14 18th Feb 2009, 14:15

ComboFix 09-02-17.02 - Owner 2009-02-18 16:10:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1919.1458 [GMT -5:00]
Running from: c:\documents and settings\Owner.BlakeOffice\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common\helper.sig
c:\windows\system32\_000006_.tmp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 )))))))))))))))))))))))))))))))
.

2009-02-18 07:38 . 2009-02-18 14:44 <DIR> d-------- c:\program files\AIM95
2009-02-17 21:23 . 2009-02-17 21:23 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-17 21:23 . 2009-02-17 21:23 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-17 21:23 . 2009-02-17 21:23 <DIR> d-------- c:\documents and settings\Owner.BlakeOffice\Application Data\SUPERAntiSpyware.com
2009-02-17 21:23 . 2009-02-17 21:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-17 21:13 . 2009-02-17 21:13 <DIR> d-------- c:\program files\CCleaner
2009-02-17 18:42 . 2009-02-17 18:42 <DIR> d-------- c:\program files\NCH Swift Sound
2009-02-17 18:18 . 2009-02-17 18:18 <DIR> d-------- c:\program files\MozBackup
2009-02-17 16:41 . 2009-02-17 17:53 <DIR> d-------- c:\program files\a-squared Free
2009-02-17 16:06 . 2009-02-17 16:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 16:06 . 2009-02-17 16:06 <DIR> d-------- c:\documents and settings\Owner.BlakeOffice\Application Data\Malwarebytes
2009-02-17 16:06 . 2009-02-17 16:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-17 16:06 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 16:06 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-17 09:14 . 2009-02-17 10:50 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-17 09:12 . 2009-02-17 15:24 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-17 09:12 . 2009-02-17 09:12 <DIR> d-------- c:\program files\AVG
2009-02-17 09:12 . 2009-02-18 16:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-17 09:12 . 2009-02-17 09:12 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-17 09:12 . 2009-02-17 09:12 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-17 09:12 . 2009-02-17 09:12 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-17 08:55 . 2009-02-17 08:55 <DIR> d-------- c:\program files\Trend Micro
2009-02-17 08:47 . 2009-02-17 15:44 153 --a------ c:\windows\wininit.ini
2009-02-17 08:07 . 2009-02-17 08:07 <DIR> d-------- C:\Users
2009-02-16 21:39 . 2009-02-17 17:55 <DIR> d-------- c:\program files\Audio CD Copier
2009-02-16 21:39 . 2000-05-27 04:10 1,388,544 --a------ c:\windows\system32\msvbvm60.dll
2009-02-16 21:39 . 2002-07-30 10:38 647,168 --a------ c:\windows\system32\CDWriterXP.ocx
2009-02-16 21:39 . 2002-03-25 02:03 380,928 --a------ c:\windows\system32\CDRipperX.ocx
2009-02-15 21:17 . 2009-02-15 21:17 <DIR> d-------- c:\documents and settings\Owner.BlakeOffice\Application Data\GARMIN
2009-02-15 21:13 . 2006-09-06 10:54 11,520 -ra------ c:\windows\system32\drivers\WDMSTUB.sys
2009-02-15 21:07 . 2009-02-17 22:19 <DIR> d-------- C:\Garmin
2009-02-15 21:07 . 2007-03-08 16:18 18,432 --a------ c:\windows\system32\drivers\grmngen.sys
2009-02-15 21:07 . 2006-07-14 17:10 17,536 --a------ c:\windows\system32\drivers\grmn0200.sys
2009-02-15 21:07 . 2006-07-14 17:12 16,512 --a------ c:\windows\system32\drivers\grmn0400.sys
2009-02-15 21:07 . 2006-07-11 14:50 11,776 --a------ c:\windows\system32\drivers\grmn1200.sys
2009-02-15 21:07 . 2007-03-08 16:18 8,320 --a------ c:\windows\system32\drivers\grmnusb.sys
2009-02-10 14:05 . 2009-02-10 14:05 <DIR> d-------- c:\program files\MSECache
2009-02-02 19:27 . 2009-02-02 19:26 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-02 19:27 . 2009-02-02 19:26 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-01 21:21 . 2009-02-01 21:21 <DIR> d-------- c:\program files\iTunes
2009-02-01 21:21 . 2009-02-01 21:21 <DIR> d-------- c:\program files\iPod
2009-02-01 21:21 . 2009-02-01 21:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-01 21:19 . 2009-02-01 21:20 <DIR> d-------- c:\program files\QuickTime
2009-01-28 21:42 . 2009-02-03 08:52 <DIR> d-------- c:\program files\BitLord
2009-01-28 16:20 . 2009-01-28 16:20 <DIR> d-------- c:\windows\system32\gs
2009-01-28 16:20 . 2009-02-03 08:54 <DIR> d-------- c:\program files\GreetingCardStudio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-18 21:10 --------- d-----w c:\program files\Common
2009-02-18 21:06 --------- d-----w c:\documents and settings\Owner.BlakeOffice\Application Data\HPAppData
2009-02-18 20:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-18 20:56 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-18 20:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 20:21 --------- d-----w c:\program files\Full Tilt Poker
2009-02-18 20:20 --------- d-----w c:\program files\Common Files\Apple
2009-02-18 19:54 --------- d-----w c:\documents and settings\Owner.BlakeOffice\Application Data\uTorrent
2009-02-18 03:20 --------- d-----w c:\program files\LimeWire
2009-02-17 13:17 --------- d-----w c:\documents and settings\Owner.BlakeOffice\Application Data\Move Networks
2009-02-17 13:08 --------- d-----w c:\documents and settings\Owner.BlakeOffice\Application Data\LimeWire
2009-02-16 02:16 --------- d-----w c:\program files\DIFX
2009-02-03 13:54 --------- d-----w c:\program files\Scriptocean
2009-02-03 13:54 --------- d-----w c:\program files\QuoteTracker
2009-02-03 00:26 --------- d-----w c:\program files\Java
2009-01-05 18:56 --------- d-----w c:\documents and settings\Owner.BlakeOffice\Application Data\scriptocean
2009-01-02 08:00 --------- d-----w c:\program files\MSXML 4.0
2009-01-01 18:48 --------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-01-01 18:16 --------- d-----w c:\program files\Hewlett-Packard
2009-01-01 18:15 --------- d-----w c:\program files\HP
2009-01-01 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-01-01 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-12-27 01:49 --------- d-----w c:\program files\Safari
2008-12-27 01:29 --------- d-----w c:\program files\McAfee
2008-12-27 01:29 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
.

------- Sigcheck -------

2007-04-16 11:07 986112 09f7cb3687f86edaa4ca081f7ab66c03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2004-08-10 14:00 983552 888190e31455fad793312f8d087146eb c:\windows\$NtUninstallKB935839$\kernel32.dll
2008-04-13 19:11 989696 c24b983d211c34da8fcc1ac38477971d c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\kernel32.dll
2007-04-16 10:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\system32\kernel32.dll
2007-04-16 10:52 984576 a01f9ca902a88f7ced06884174d6419d c:\windows\system32\dllcache\kernel32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2005-09-27 169984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-01 7311360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-17 09:12 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.BlakeOffice^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Owner.BlakeOffice\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.BlakeOffice^Start Menu^Programs^Startup^VistaMessage.exe]
path=c:\documents and settings\Owner.BlakeOffice\Start Menu\Programs\Startup\VistaMessage.exe
backup=c:\windows\pss\VistaMessage.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.BlakeOffice^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=c:\documents and settings\Owner.BlakeOffice\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.BlakeOffice^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\Owner.BlakeOffice\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2007-05-11 02:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra--c--- 2007-03-01 09:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-10 14:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a--c--- 2005-08-05 22:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-10-14 21:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2007-08-22 16:31 80896 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 13:06 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a--c--- 2005-08-12 19:16 1121792 c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-12-01 01:02 7311360 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2005-12-01 01:02 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
--a--c--- 2005-12-09 21:44 139264 c:\program files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2002-09-14 02:42 212992 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a--c--- 2005-02-25 21:24 966656 c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-02 19:26 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-15 16:17 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-27 17:39 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2002-04-26 12:53 12288 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a--c--- 2005-05-03 06:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
-----c--- 2005-08-02 19:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a--c--- 2004-12-08 20:57 550912 c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2005-12-01 01:02 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a--c--- 2005-11-09 23:14 15473664 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"AresChatServer"=3 (0x3)
"a2free"=2 (0x2)
"avg8wd"=2 (0x2)
"hpqcxs08"=3 (0x3)
"wuauserv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-17 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-17 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a0c3e25b-abf3-11db-b468-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b4da75db-1a14-11dc-a43f-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2009-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-18 c:\windows\Tasks\User_Feed_Synchronization-{7B51D028-3FCE-44F6-AC93-C2FA897B01B7}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AIM - c:\program files\AIM95\aim.exe
MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-CinemaNowMediaManagerApp - c:\program files\CinemaNow\CinemaNow Media Manager\CinemanowShell.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Google Update - c:\documents and settings\Owner.BlakeOffice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1169604953\EE\AOLHostManager.exe
MSConfigStartUp-McafWelcome - c:\program files\McAfee.com\Agent\mcwelcom.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-McENUI - c:\progra~1\McAfee\MHN\McENUI.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-ProvideSupportOperatorConsole[default] - c:\progra~1\PROVID~1\LIVESU~1\PROVID~1.EXE
MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6261\SiteAdv.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-VirusScan Online - c:\program files\McAfee.com\VSO\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Owner.BlakeOffice\Application Data\Mozilla\Firefox\Profiles\cb3lbdj7.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\documents and settings\Owner.BlakeOffice\Application Data\Mozilla\Firefox\Profiles\cb3lbdj7.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelp er.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 16:10:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-02-18 16:12:50
ComboFix-quarantined-files.txt 2009-02-18 21:12:35

Pre-Run: 213,684,310,016 bytes free
Post-Run: 213,900,996,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windo ws XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

303 --- E O F --- 2009-02-18 08:01:53

**evilfantasy** · #15 18th Feb 2009, 14:43

Do you know what is in this folder?

c:\windows\system32\gs

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Delete the fixme.reg from the Desktop.

----------

Everything else looks OK. How is the computer running now?

blakeaf96 · #16 18th Feb 2009, 14:58

Ok, I did the registry thing...

The /gs folder is Greeting Card Studio that I tried to download and couldn't get it installed correctly.

blakeaf96 · #17 18th Feb 2009, 15:00

It's running a lot better. I just glanced in my Task Manager - Ever since yesterday or so, I've probably restarted ~10 times or so, and the process "SYSTEM" has stayed constant at 61,780 K (memory usage) - It never changes. That seems weird. That's the only other thing I'm worried about right now.

**evilfantasy** · #18 18th Feb 2009, 15:02

We haven't really done a full virus scan yet so it is a good idea since it is still running high.

Use the ESET Online Antivirus Scanner

This scanner requires Internet Explorer

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

blakeaf96 · #19 18th Feb 2009, 15:25

Just letting you know it's still scanning. It's about 1/3 of the way through the scan. It's already found 3 threats. I'll post the log just as soon as if finishes! Thanks! I really do appreciate your help!!

**evilfantasy** · #20 18th Feb 2009, 15:46

Your welcome.

The ESET scan can take over an hour but it's very good.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Computer won't turn on... getting frustrated	RSteph49	General Hardware Chat	3	25th Oct 2008 13:07
Cheese is very frustrated	cheesewheels99	General Hardware Chat	8	12th Feb 2008 22:46
How do I stop these processes from running?	paulabear	Windows Operating Systems	9	27th Jan 2008 10:25
Stumped and Frustrated.	Macmac508	Graphics Cards & Monitors	3	31st Dec 2007 07:59
Too many processes??	jordanio4	Windows Operating Systems	1	1st Oct 2007 10:25