Tech Problem Aggregator

# lots of IEXPLORE.EXE without any IE window open and cmd.exe eats up lots of memory

Q: lots of IEXPLORE.EXE without any IE window open and cmd.exe eats up lots of memory

Hi all,

I need some help fixing my computer and getting rid of a malware/spyware/trojan/virus.

When I start my computer I see lots of IEXPLORE.EXE process being run (by the user) under the processes in task bar.

Then i also see cmd.exe using 99% of my CPU.

i have attached the HijackThis log and the ComboFix log with this.

Thanks
Kamal

**********HIJACKTHIS LOG**********

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:25 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Teddy\Desktop\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sify.com/
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CDMA1X CARD] "C:\Program Files\ZTE CDMA1X CARD\Startup.exe"
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1200259030090
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6A8A477-E149-4E97-B35D-A14A966A6222}: NameServer = 202.144.13.50,202.144.66.6
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OESH (Office Source Engine Help) - Unknown owner - C:\Program.exe (file missing)

--
End of file - 6230 bytes

**********HIJACKTHIS LOG**********

**********COMBOFIX LOG**********

ComboFix 08-01-23.1C - Teddy 2008-01-28 0:36:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.79 [GMT 5.5:30]
Running from: C:\Documents and Settings\Teddy\Desktop\HijackThis\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\mydelm.bat
C:\WINDOWS\mywinsys.ini
C:\WINDOWS\system\svchest.exe
C:\WINDOWS\system\svchest.reg
C:\WINDOWS\system32\AlxRes061230.exe
C:\WINDOWS\system32\dd.exe
C:\WINDOWS\system32\mywebhit.ini
C:\WINDOWS\system32\mywebhit.ini.tmp
C:\WINDOWS\system32\scrsys061230.scr
C:\WINDOWS\system32\scrsys16_061230.scr
C:\WINDOWS\system32\winsys16_061230.dll
C:\WINDOWS\system32\winsys32_061230.dll
C:\WINDOWS\system32\xydzyh.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\Indexingbox

((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-28 00:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-28 00:07 . 2008-01-28 00:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-25 14:58 . 2008-01-25 14:57 28,224 --a------ C:\WINDOWS\system32\XIfk37iq.exe
2008-01-25 14:58 . 2008-01-25 14:58 166 --a------ C:\key.shm
2008-01-17 21:11 . 2008-01-23 13:34 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-01-17 18:05 . 2008-01-18 09:37 <DIR> d-------- C:\Program Files\Hidden Secrets The Nightmare
2008-01-17 18:04 . 2008-01-17 18:04 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-01-16 14:34 . 2008-01-16 14:34 36,352 --a------ C:\WINDOWS\quit.exe
2008-01-15 21:25 . 2008-01-15 21:25 <DIR> d-------- C:\Program Files\YSIGet
2008-01-15 21:25 . 2008-01-17 16:16 9,327 --a------ C:\Documents
2008-01-14 13:36 . 2008-01-14 13:36 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-14 13:25 . 2008-01-14 13:37 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-14 12:11 . 2008-01-14 12:11 <DIR> d-------- C:\Program Files\PowerArchiver
2008-01-14 11:14 . 2008-01-14 11:14 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-14 10:33 . 2008-01-14 11:15 <DIR> d-------- C:\Program Files\MSN Messenger
2008-01-14 10:20 . 2008-01-14 11:01 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-14 10:16 . 2008-01-14 10:17 <DIR> d-------- C:\Program Files\Sify Broadband
2008-01-14 10:16 . 2008-01-14 10:16 35 --a------ C:\bberror1.sbl
2008-01-14 10:12 . 2008-01-25 18:27 <DIR> d-------- C:\movies
2008-01-14 03:06 . 2008-01-14 03:11 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-14 03:05 . 2008-01-14 03:05 <DIR> d-------- C:\Program Files\Windows Live
2008-01-14 02:54 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-01-14 02:54 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-14 02:54 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-14 02:54 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-14 02:54 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-14 02:28 . 2008-01-14 02:28 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-14 01:58 . 2008-01-14 01:59 <DIR> d-------- C:\WINDOWS\nview
2008-01-14 01:58 . 2008-01-14 03:34 <DIR> d-------- C:\Drivers
2008-01-14 00:22 . 2008-01-14 00:22 <DIR> d-------- C:\Program Files\uTorrent
2008-01-13 17:38 . 2008-01-13 17:38 <DIR> d-------- C:\Program Files\Toshiba
2008-01-13 17:36 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-13 17:33 . 2008-01-14 03:36 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-01-13 17:32 . 2008-01-14 02:05 <DIR> d-------- C:\Program Files\ZTE CDMA1X CARD
2008-01-13 17:32 . 2005-05-23 09:35 94,208 --a------ C:\WINDOWS\system32\oxui.dll
2008-01-13 17:32 . 2005-05-23 09:35 49,792 --a------ C:\WINDOWS\system32\drivers\oxser.sys
2008-01-13 17:04 . 2008-01-13 17:04 <DIR> d--h----- C:\Program Files\Uninstall Information

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 15:51 --------- d-----w C:\Program Files\Google
2008-01-13 15:41 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-13 11:13 --------- d-----w C:\Program Files\microsoft frontpage
.

.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 20:04 127085]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 17:13 3810544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CDMA1X CARD"="C:\Program Files\ZTE CDMA1X CARD\Startup.exe" [2007-08-01 14:59 110592]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2002-04-15 18:35 249856]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [2002-04-18 17:13 364544 C:\WINDOWS\system32\nwiz.exe]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-01-14 13:36:09 295606]

R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\system32\DRIVERS\TVALG.SYS [2001-09-13 19:53]
S1 oxser;OX16C95x Serial port driver;C:\WINDOWS\system32\DRIVERS\oxser.sys [2005-05-23 09:35]
S2 Office Source Engine Help;OESH;C:\Program Files\NetMeeting\msmsgs [2008-01-16 14:45]

.
Contents of the 'Scheduled Tasks' folder
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
- C:\WINDOWS\system32\XIfk37iq.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 00:42:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-28 0:44:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 19:14:02

**********COMBOFIX LOG**********

A: lots of IEXPLORE.EXE without any IE window open and cmd.exe eats up lots of memory

Hello,

ComboFix is frequently updated.

This machine does not have the Windows XP Recovery Console installed.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

---------------------------------------------------------------------------------------------

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

* IMPORTANT !!! Place combofix.exe on your Desktop

Go to Microsoft's website => http://support.microsoft.com/kb/310994

For you, it would be:

Microsoft Windows XP Professional Service Pack 2

Download the file & save it as it's originally named, next to ComboFix.exe.
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it as indicated in the image below.

Follow the prompts to start ComboFix (type 1 and press Enter) and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.
When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

1 more replies

Environment:
Windows 7 64 bit (all latest windows updates)
IE 11

From time to time I'll find in task manager a bunch of iexplore.exe processes (the startup ones, i.e. the ones without the SCODEF command line).  After watching the behavior for a couple of months the processes correlate with the opening of internet
explorer (not a new tab) when no internet explorer window is currently open.  Then close internet explorer and the SCODEF processes for each tab go away but the main iexplore process does not always terminate.  Sometimes it does and other times it
doesn't.  Of course after several days a bunch of iexplore.exe processes sit in task manager.
Does that behavior ring a bell with anyone?  Or know how to determine what is going on with the iexplore process that isn't allowing it to know or complete its termination sometimes?

May we all make money in the sequel.

More replies

Hi guys!
by looking at previous problems with 2 iexplore.exe's and seeing how they are solved (which doesn't work for me) i decided to ask you guys so u can please help with this monstrosity that hijacked my computer while i was playing a stem game.

-it started with an internet explorer advertisement popping up randomly, then a component not working.
-Then every time i told the computer to shut down/open the internet, it would just pixelate on the screen and not respond, requiring a force shutdown(i have a memory leak problem im getting to fixing that is known for causing this problem if the computer's memory is too high)
-when it turns on, i get the blue screen of death, and it restarts into startup repair
-startup repair identifies the problem as:"Unspecified changes to the system configuration may of caused this problem" and then i can boot
-every logon there is 2 iexeplore.exe(lowercase) chewing up memory, a svchost.exe process that its description says: "svchost.exe 4" which has never been there before, an "sqlbrowser"(its location includes allot of variations, like sql????.exe where ???? could be random words)
-I checked both autorunexec.bat and config.sys and they were both blank/had a few random characters in it.(i think this causes the bad start)
-i have NO access to vista install disks, but i do to XP boot cd's which return the blue screen of death when trying to bo... Read more

A:[SOLVED] 2 iexplore.exe, lots of memory used, Startup repair constantly needed for bo

*Bump*

didn't want this to become inactive when its still a major problem :)

11 more replies

Hi there guys, I appreciate I am new, but Google led me here and I would really appreciate some help. I actually have my dissertation coming up in 3 weeks time and now is the most crucial time I could ever need my laptop, and it's got infected! As it stands, I cannot close the Internet Explorer window that I have up, while there are 9 iexplore.exe's running in my task manager, none of which can be ended (pressing End Process simply does nothing). There are also random audio adverts playing in the background as well, which I have never encountered before.

I did Google the problem first, and it appears that many people have had the problem, though I think it manifests itself differently on a case-by-case basis. I cannot understand any of the logs that people have been asked to post on forums myself, so I cannot look into my own laptop, hence my post here. Any help would be massively appreciated.

I have followed all instructions in your stickied post, and the relevant files are attached. I have done computer programming, but the information contained in these files is complete gibberish to me, so I am none the wiser. If you consider the appropriate action to just be a complete re-install of Windows, this is obviously not preferred but it is fine by me.

Thank you very much.

More replies

My computer has two main issues:1) it takes forever to shut down2) sometimes I get a severe slowdown, typically for only 20 seconds or so--this appears to be coincident with services.exe ramping up, it uses up to 30% of my CPU, which seems way too high. In general services.exe is around 0-2% of CPU, but it does bounce around a lot and it's often around 30%, which as I said before is often coincident with the slowdown, but doesn't always appear to cause a slowdown.Any help would be greatly appreciatedJustinLogfile of HijackThis v1.99.1Scan saved at 11:52:35 AM, on 5/10/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Symantec AntiVirus\DefWatch.e... Read more

A:Services.exe is spastic -- eats up lots of cpu at times

Hello jruby19 and welcome to the BC forums. After reviewing your log I see no signs of viruses or malware at this time. Your log is clean.Let's do one other check for the possibility of some hidden files that would not show up in a HijackThis log.Download rkfiles.zip and unzip it to its own permanent folder.Important! Reboot in SAFE MODE !!Start in Safe Mode Using the F8 method:Restart the computer in Safe Mode.As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Locate the rkfiles.bat file and double-click it to run it. It will start scanning your computer and could take a little while so be patient. When the DOS window closes, reboot back to normal mode.Post the contents of C:\log.txt back here and I will review it when it comes in.OT

5 more replies

Here is my main.txt from DSS. Extra.txt is attached.
*Note: AVPE brought up TR/Crypt.Morphine.Gen and TR/Crypt.CFI.Gen. Not sure if they are still both there. Also Spybot S&D brought up Virtumondo 2 Trojans in registry key.

Deckard's System Scanner v20071014.68
Run by andrew on 2008-08-05 13:06:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-08-05 01:13:47 UTC - RP374 - Configured Microsoft Office Home and Student 2007
1: 2008-08-04 19:18:52 UTC - RP372 - Last known good configuration

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1022 MiB (1024 MiB recommended).

-- HijackThis (run as andrew.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:26 PM, on 8/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

A:Slow, Window Explorer using lots of memory - Virtumondo 2 trojans

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by Right-Click >>> Run As Administrator

------------------------------------------------------

The reason your Vista system got infected is likely due to the fact that the UAC has been disabled.

Before you go any further, protect this... Read more

19 more replies

I just had my computer fixed in another thread not too long ago. However, I have a new problem and I don't know the cause or root of it. Lots and lots of pop up ad windows open at once randomly. Please help.

Thank you.

A:lots and lots of pop up ad windows open at once

Have each fix whatever problems they may find.

Download CWShredder at http://www.greyknight17.com/spy/CWShredder.sfx.exe and run it. Uncompress the file and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Run a scan using Panda ActiveScan . Be sure to select any AutoClean Feature. Post the log from the Panda scan here.

Then get HijackThis . This program will help us determine if there are any spyware/malware on your computer. Run the scan, save the log, but do not fix anything yet. Many files it finds are harmless, and required for your system to operate.

19 more replies

Hi
I am pretty sure dis problem is due to some spyware/virus etc. I've tried searching the registry with only a stubpath(in MICROSOFT/Active Setup/Installed Components) and tried scanning my system with spybot and trend micro office scan but couldn't fix the problem.I ran HIJACKTHIS with changed name and am pasting the log here:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:49 AM, on 9/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\TEMP\TYD6E6.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\RealVNC\VNC4\vncviewer.exe

A:Solved: Internet explorer always open and eating lots of memory

Do you not have an IT Department who can handle this?

1 more replies

Hi!
My computer has started running a bit slow recently, and once I finally looked at the processes, I found about 10 iexplore.exe processes running, all with about 20,000k.

THing is, I never use internet explorer, I only use firefox. COuld this be a virus?

A:Lots of iexplore.exe processes

4 more replies

Just recently my browsers began to crash without notice, mainly firefox and internet explorer. As soon as I start them up, they give me "Not Responding". The only way I can browse with firefox is if I uninstall the program and reinstall it with the installer I still have in my downloads. It only responds the first time I bring up firefox, after if it crashes or I close it, have to reinstall to get it to work again.

Also, a lot of iexplore.exe and svchost.exe have been constantly eating up my physical memory and cpu usage. I don't know why so many of them keep popping up.

photo's:

http://i.imgur.com/yxqss.png
http://i.imgur.com/6gZtH.png

A:Lots of iexplore.exe/Constant browser crashing

You have a topic open in malware removal forum: http://www.bleepingcomputer.com/forums/topic434560.html/page__p__2524819__fromsearch__1#entry2524819

2 more replies

Lately I've been having a lot of problems with my computer. iexplorer.exe comes up a lot in my task manager, but the one that hogs all the resources. I also get a lot of popups with both Internet Explorer and Firefox. Lastly, I'm not sure if it's part of the same issue, but my computer has been randomly rebooting on me quite a bit lately. Any help is greatly appreciated.

Quote:

Deckard's System Scanner v20070711.54
Run by Glen on 2007-07-19 at 03:02:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
21: 2007-07-19 07:03:05 UTC - RP145 - Deckard's System Scanner Restore Point
20: 2007-07-11 07:03:33 UTC - RP144 - Software Distribution Service 3.0
19: 2007-06-17 21:32:02 UTC - RP143 - Configured EA Link
18: 2007-06-13 07:01:20 UTC - RP142 - Software Distribution Service 3.0
17: 2007-06-10 02:13:45 UTC - RP141 - Installed iTunes

-- First Restore Point --
1: 2007-04-10 11:54:43 UTC - RP125 - Installed SWAT 4 - The Stetchkov Syndicate

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Glen.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:13:01 AM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)

A:Having lots of problems lately (iexplore.exe, random reboots, etc)

2. Double click on combofix.exe & follow the prompts.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

12 more replies

Hi, my name's Katie and I'm having major virus/spyware,adware,malware removal issues! I

have a lot of different things going on here, and can't make any sense of it. I tried

following other people's solved threads, but they didn't solve my issues, so I guess I need

personalized help. I have Windows security running (well, I usually do when it's working

properly,) and I run Ad-Aware and Spybot regularly, but it appears that they cannot solve

my issue. Anyway, here's a list of things that have been happening to my computer since the

virus happened...

1. I KNOW the virus was contracted in AIM. An IM came in from a friend with only a link. It

didn't look suspicious to me, so I clicked it, and all of a sudden I had IMEd everyone in

them before My Computer's virtual memory ran out and crashed AIM on me.

2.When the computer starts up, sometimes a default background appears before the logon

screen with the user accounts appears.

3.After logon, the same thing in general happens every time. Spybot comes up with a bunch

of messages saying that there is a registry change to my homepage or something else

happening. I deny it, and it denies it over and over again to seemingly no avail. A .txt

file appears on the desktop. I have never opened this file, don't know what it is, and

delete it every time. My homepage is con... Read more

A:Solved: LOTS OF PROBLEMS WITH SPYWARE/MALWARE VIRUS! HELP HELP HELP! Lots of details!

16 more replies

Hi!
Have used BC over the years, and always found you guys to be extremely helpful, knowledgeable, and efficient.  Always happy to recommend you to others. Uninstalle the ASPCA we-care virus with revo uninstaller.

My Norton is down, I know; my dad gave me the box with his Norton, but the code was cut out.  Working on getting Norton up and running again.
I paste dds and attach the attach, as requested.
---Mark Miner

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.71.2
Run by mark miner at 13:35:13 on 2014-10-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2934.1428 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe

A:slow; lots of "program not responding,"lots of "this page can not be displayed."

10 more replies

Hello everyone

I've been getting this error again and again, and my computer is hungup or BSOD after awail...

Do you know what can I do to fix it? Or what the problem is??
Thank you!!

Asrock X58 Supercomputer bios 3.10
i7 920 (bloomfield) @2.67ghz -1.128vol.
Corsair 12GB (6X2GB) @1333
1st PCIE - Nvidia GeForce 9800GT
2nd PCIE - Nvidia GeForce 9500GT
3rd PCIE - Nvidia GeForce 8800GS
4th PCIE - Nvidia GeForce 8800GS

RAid5 4X 500GB Seagate ST3500410AS
1X 500GB WD500AAKS
TSST Corp CDDVDW SH-S203p

Realtek PCI-e GBE (onboard)
Realtek PCI GBE (1st PCI)

==========================================================================================
if the 2nd onboard Realtek Pcie gbe is Active I get this error
Driver PCI returned invalid ID for a child device (01000000684CE00000)
and after a will I get BSOD

The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa800d488038, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\071410-48359-01.dmp. Report Id: 071410-48359-01.

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>

A:Lots of BSOD & Hungup - Lots of Event17 WHEA-Logger

Hi,

Btw, have you seriously got 4 graphics cards in your computer!

Regards,
Reventon

3 more replies

dell inspiron 6000
running xp pro
here is HiJackthis list
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:20 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

More replies

Summary:

Lots of errors in Windows XP immediately after fresh install following a format.

PC Spec

AMD Athlon 3200+ XP
Radeon x800 XT PE VPU 256 mb
1024mb DDR 400 3200 RAM
2x 160gb HDD, 7200 rpm blah blah
Audigy 2 ZS Sound Card, Creative SB
Wireless Internet Connection (D-Link Wireless Router, 2.2mbps connection)
2x Optical Drives, DVDRW 4x, CDRW 50x

Problems Encountered

1) Windows Installation : Various files cannot be copied and/or not copied correctly. Giving blue screen of [enter] retry, [esc] skip or F3 to abort installation. Files constantly failing to copy : cyycoins or something, lots of .chm files, too many to mention. Curious thing is, same problems for both optical drives and both HDDs, varying both for many installations.

Eventually I held down [enter] and the files went in, well some didn't but Windows booted fine.

2) Warhammer Dawn of War : Winter Assault. wh40k.cab is corrupt. Changed optical drives during installtion, installed fine. Could be hardware issue with my cdrom?

3) Same game, when playing will crash to desktop. No error message sometimes, no indication of crash (no freezing or warning sounds or stuttering, just flat out BOOM, .exe gone. Sometimes error message appears to send error report, sometimes doesn't. Occurs while under load (heavy gameplay) and while idle (like leaving it in menu for ages. Go away to get food, come back game gone, only desktop)
I thought this could again be CDROM issue, with the copy protection not keeping th... Read more

A:Lots and lots of XP errors : Random program crashes etc etc.... >:¦

6 more replies

Im getting a rediculous amount of popups!Logfile of HijackThis v1.99.1Scan saved at 12:05:58 AM, on 20/06/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exeC:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exeC:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exeC:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXEC:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\COMMON~... Read more

A:Hi Guys, Getting Lots And Lots Of Popups, Driving Me Insane

4 more replies

A:Infected By Lots Of Spyware. Get Lots Of Popup Windows!

Hello,We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1 for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.Click here to get Service Pack 1Warning: You must only update to Service Pack 1, and not Service Pack 2. Doing this before your computer is clean can cause Windows to become unstable. We will update to SP2 after the log is clean.After you have updated your computer to SP1, please restart your computer and post a new HJT log.

10 more replies

since a week I have been getting the following spybot alerts whenever I boot up my computer. I keep denying the change, but not sure what to make of it. I don't think it's any good.

Spybot Search & Destroy
Category: winlogon
change: value deleted
entry: Shell
old data: c:\recycler\s-1-5-21-0644449550-96420434940812783143-2613\yv8g67.exe, c:\windoes\system32\lmssspr.exe, c:\windows\system32\iomssls.exe, explorer.exe, c:\windows\system32\velplsme.exe
new data: (blank)

Spybot Search & Destroy
Category: Winlogon
Change: Value Change
Old data: c:\recycler\s-1-5-21-0644449550-9642043494-812783143-2613\pv8g67.exe
New data: C:\RECYCLER\S-1-5-21-9516793152-0396749843-580062649-1820\pv8g67.exe

Spybot Search & Destroy
Category: System Statup user entry
Entry: qplsec
Old data: (blank)
New data: c:\windows\system32\qwmmmse.exe

Spybot Search & Destroy
Category: Winlogon
Change: value changed
Entry: Shell
old data: c:\recycler\s\1-5-21-0644449550-96420434940812783143-2613\yv8g67.exe, c:\windows\system32\lmssspr.exe, c:\windows\system32\iomssls.exe, explorer.exe, c:\windows\system32,velplsme.exe
new data: c:\recycler\s-1-5-21-9516793152-0396793152-0396749842-580062649-1820\yv8g67.exe, c:\reclycler\1-5-21-0644449550-96420434940812783143-2613\yv8g67.exe, c:\windows\system32\lmssspr.exe, c:\windows\system32\iomssls.exe, explorer.exe, c:\windows\system32\velplsme.exe

Spybot Search & Destroy
Category: winlogon

A:Spybot is detecting changes in Winlogon, lots and lots of blacklist pop ups

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:37 AM, on 10/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dash\4990891\Program\ServiceWrapper-4990891.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\The Sabre Group\Sabre32\Cfgsrvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NAVCOLR.EXE

1 more replies

Bitdefender Total Security 2011, Real Time Protection Disabled (WINDOWS XP >Says I have NO Anti-Virus) I really need help and I can't seem to find any. Its really making me sick..
Watch this
&#x202a;Bit Defender Total Security 2011 Real Time Protection Disabled&#x202c;&rlm; - YouTube

(This is all I know, and I DID A FRESH Install of my OS and formatted my pc well I did the Format then re-installed my OS then installed BD). That my good sir is when I hit a brick wall!!!

Operating System
MS Windows XP Home 32-bit SP3
CPU
AMD Athlon XP
Thoroughbred 0.13um Technology
RAM
2.00 GB DDR @ 133MHz (2.5-2-2-6)
Motherboard
MICRO-STAR INTERNATIONAL CO., LTD MS-6390 (Socket A) 26 ?C
Graphics
COMPAQ FP7317 ([email protected])
S3 Graphics ProSavageDDR
Hard Drives
78GB Seagate ST380011A (PATA) 36 ?C
Optical Drives
HP DVD Writer 1040r USB Device
LITE-ON DVDRW SHW-160P6S
Audio
Realtek AC'97 Audio for VIA ? Audio Controller

Operating System
MS Windows XP Home 32-bit SP3
Windows Security Center
Windows Update
Schedule Frequency Every day
Schedule Time 3 am
Firewall
Firewall Enabled
Company Name BitDefender
Display Name BitDefender Firewall
Product Version 14.0.30.357
Antivirus
Antivirus Enabled
Company Name BitDefender
Display Name BitDefender Antivirus
Product Version 14.0.30.357
TimeZone
TimeZone GMT -8 Hours
Language English
Country United States
Currency \$

A:[SOLVED] Lots and lots of trouble with bitdefender and windows xp..

In Bit Defender, do a Live Update of your virus and software definitions. That should update you to the latest version. Or post to their forum, you will get a better response then in this general Microsoft Forum. or better yet, uninstall it and use Avast Free version and or Microsoft Security Essentials.

15 more replies

Hi,

I sure need help  --- I do not know how to deal with viruses, trojans, spyware, etc.

My husband and I were traveling. We had to use public Wifi places to check our email on our laptop. when we got home and checked our email accounts on our laptops, we found some really weird looking email messages. I 'think' my husband opened one that had his name in the Subject line, but we deleted all he other ones that looked strange. We did not open those emails, just deleted them.

Now all 3 of our computers are doing really weird things. I have run scan after scan after scan, both downloaded one and online ones. Sometimes they find problems and fix them. sometimes the scans find nothing. Yet our problems just seem to be getting worse and worse. I DESPERATELY need a lot of help.

I know it would be very confusing to try to work on all 3 of our computers at once so maybe we can start with my husband's desktop computer.

I am currently running Avast on it and it has been running for hours. It is find TONS of things like these ----

"...is infected by win32:Funweb-K [Pup}"

"...is infected by JS: ScriptIP-inf [Trj}

etc, etc, etc.

I have very little knowledge of how to fix a computer problem and no idea what to do. And I have absolutely NO idea how our desktops became infected from our lap top.

Is anyone willing to help me? I know it is bad and will probably take a long time to fix, but I need help... Read more

A:Used public WiFi - LOTS and LOTS of problems now - Newbie needs help

CORRECTION to my post above -

When I said "when we got home and checked our email accounts on our laptops", i meant to say our deaktops, not laptops.We have 2 desktop computers and 1 laptop. They are all infected badly.

25 more replies

PLEASE HELP ME! my computer is sooo SLOW and i dont know what is wrong with it. So please tell me Wich files i can Delete..
THNK YOU VERY VERY MUCH!
Logfile of HijackThis v1.97.3
Scan saved at 19:54:12, on 14/10/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Archivos de programa\Iomega HotBurn\Autolaunch.exe
C:\Archivos de programa\Winamp\Winampa.exe
C:\ARCHIV~1\NORTON~1\navapw32.exe
C:\Archivos de programa\rb32\rb32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Orbit\update.exe
C:\Archivos de programa\Orbit\view.exe
C:\WINDOWS\webassist.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\rundll16.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe

A:Help PLEASE my computer is slow and i get lots and lots of popups

13 more replies

Ok, I have lots of XP problems:

Can't open My computer from the desktop, the computer just locks up whilst attempting to open it, showing me the animated torch, saying it is looking for files.

The computer is running really slow, locking up and crashing programs for no apparent reason.

Cant access the drop down box (shortcut key F4) in windows explorer/applications/anywhere.

Internet explorer refuses to do anything if I type a web address without the http:// into the address box. It worked before, but now it isn't for some reason.

Finally, when I restart windows, it locks up for anything up to 5 minutes when it comes back up. The windows bar with the start button on, when I pass my mouse over it, the pointer turns to an hourglass and I am unable to do anything unti it sorts itself out.

I have tried running several anti virus programs, including AVG, Mcafee and Norton. Only AVG came up with a virus, 'Dialler'. I cleared this and it didn't make any difference. I alos tried system restore from several points, but each time it told me that it was unable to restore.

If ANYONE can give me any help at all, I would be extremely grateful.

Yours,

Wayne Donnelly.

A:Lots and lots of XP problems - I'm tearing my hair out

6 more replies

good evening:
I went into component services to check how everything is going; in the Event Viewer (local) System category, was I shocked ! What IS all this I am running XP home on a Dell Dimension 8200 w/384 mb I don't have any problems surfing or doing anything online, but am I missing stuff? heres what is happening

The IPv6 Internet Connection Firewall service terminated with service-specific error 2147952447 (0x8007273F).
===============================
The Portable Media Serial Number Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.
================================
The Human Interface Device Access service terminated with the following error:
The specified module could not be found.
============================
The Application Management service terminated with the following error:
The specified module could not be found.
================================
The IPv6 Internet Connection Firewall service was unable to find support for IPv6. This may indicate that the IPv6 protocol suite is not installed or it failed to start. The data is the error code. (Ive a few of these)
==========================================

this one here was a warning sign next to it:

Unable to contact a DHCP server. The Automatic Private IP Address 169.254.193.99 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

More replies

My Dell Inspiron 530S running Vista (32-bit) Ultima has the very annoying habit of having a problem loadingb my user profile after it have been left logged into any other user (wife, or one of several daughters) Before I understood what the problem was I would simply shutdown and re-boot and I would seem to be back to normal. However, as I was trying to clean up the hard drive the other day, I noticed that the User director have 30+ extra profiles in it! They are in the form of TEMP.%computername%.000 thru TEMP.%computername%.030 - plus a few others that relate to a 'repair' of one my daughter's directory. I suspect that repair was faulty/incomplete but she seems happy with the directories she can access.
Questions:
1.) Why is it doing this? I have read other logon failure threads and have looked at the profile entries in REGEDIT
2.) Why doesn't takeown command allow me to get rid of all the excess USERS directory entries?

A:Lots and lots of user profiles

8 more replies

good evening:
I went into component services to check how everything is going; in the Event Viewer (local) System category, was I shocked ! What IS all this I am running XP home on a Dell Dimension 8200 w/384 mb I don't have any problems surfing or doing anything online, but am I missing stuff? heres what is happening

The IPv6 Internet Connection Firewall service terminated with service-specific error 2147952447 (0x8007273F).
===============================
The Portable Media Serial Number Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.
================================
The Human Interface Device Access service terminated with the following error:
The specified module could not be found.
============================
The Application Management service terminated with the following error:
The specified module could not be found.
================================
The IPv6 Internet Connection Firewall service was unable to find support for IPv6. This may indicate that the IPv6 protocol suite is not installed or it failed to start. The data is the error code. (Ive a few of these)
==========================================

this one here was a warning sign next to it:

Unable to contact a DHCP server. The Automatic Private IP Address 169.254.193.99 will be assigned to dial-in clients. Clients may be unable to access resources on the network.

More replies

Hello.... My worst nightmare just happened.... I think I've lost 100gb of data......
Ok here is how it happened: I have a Western Digital 200gb hard drive, on a 1200mhz cpu, so I needed somthing for my disk space barrier. So I got the latest LifeGuard Tools from the official WD homepage.... everything worked fine, untill yesterday, then I started getting the messages of a corrupt file or directory, and windows advised me to use scandisk... Because I have winXP I had to reboot the computer to run scandisk.

Well It looked like scandisk fixed something, but the files were gone... that was just a small problem because these were just 6 mp3's and I had a backup of them....

But this morning I couldn't open my hard drive (its an extra drive, the windows is on another drive so it works fine) so I rebooted again and ran scandisk..... and when it was done I could open the drive, but it was empty...... over 100gb of data gone....
And I don't have bakup for all of it (about 50%)....

Are my files gone, or is it possible to recover them... And is there any solution for this problem, or is this disk not safe?

A:Lots and lots of data lost

10 more replies

I'm getting lots and lots of pop ups from IE not Mozilla.

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:32 AM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0XIC1.EXE

A:Lots and Lots of Popups I think I have a virus

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Select the first option, to run Windows in Safe Mode, then press "Enter".

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the remo... Read more

3 more replies

I am running XP Pro SP2 on a Dell Dimension 4700 with 1.5 GB RAM and a 16 GB of my 40-GB hard disk free, and a Pentium 4 CPU 2.8 Ghz.When running any brand of virus scan or spyware scan or online updates, my Task Manager shows CPU usage of 100% -- which makes it impossible to run anything else for a while -- even though my available RAM often is over 50%.What does this mean? How do I know if the problem is hardware (such as my fan), or do I need a faster processor, more hard drive, or what?BTW, I recently had major system problems in addition to the above problems I'd always had with scans. So I restarted from scratch and reloaded my OS and all my programs and data. Now, other than when running these scans, my computer is running great!Thanks for your help.Edit: Moved topic to the more appropriate forum. ~ Animal

A:Cpu At 100%, Lots Of Memory

Some anti-virus programs are real resource hogs. Norton is one of them. Does anything else show high useage at the same time? What's your page file set at?http://www.serverwatch.comMark

8 more replies

Whenever I have Chrome open, there's like 15 other instances of Chrome also open, each taking up a little bit less memory then the previous.

Why is this?

http://geoffreymapplebeck.me/images/chrome.jpg

Thanks.

A:Lots of instances of chrome.. but only one browser window

Each add-on or extension also runs in its own instantiation as a security measure. Having many of them is quite normal.

2 more replies

I have been getting quite a few errors on my server 2003 like this
The instruction at 0x03f0415b referenced memory at 0x00000000. The memory could not be written.
Click on Ok to terminate the program
Click on CANCEL to debug the program. Does this mean my memory is not functioning correctly or is a program problem. The above error happens everytime I try to do something with nero.
Thanks,
Jerry

A:Lots of memory errors

This happened today while importing songs into itunes.

3 more replies

I have been having this problem for a while and posted before but the thread was locked before I could follow up. I am more dedicated to get this fixed so please help.

A:svchost using lots of memory

23 more replies

my IE is eating lots of memory, its gets unstable after sometimes. im attaching a log from hijackthisLogfile of Trend Micro HijackThis v2.0.2Scan saved at 05:42:27 AM, on 12/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exeC:\Program Files\Nero\Nero8\Nero B... Read more

A:IE eating up lots of memory

2 more replies

Ok when I bought my computer it had 512 meg of DDR ram in it. And all I had were problems. I was getting Blue Screens all over the place even when I tried Win 2000.

I had it back to the shop loads of times and they kept testing it and saying nothing was wrong and it must be the software i was using. So I ended up reformating and installing windows about 5 or 6 times to no avail.

One day I decided to remove one of the 256mb sticks...Lo and behold no Blue Screens. Now I know both sticks are fine but I do remember reading somewhere that windows can have problems with large amounts of memory...is this true and is it fixable because I would love to have 512 meg as opposed to 265 meg?

My setup is thus :-

Athlon Tbird 1.4 ghz
Gigabyte GA7-DXR mobo
Geforce 2 64mb MX 400
256mb DDR Ram

A:Problem with lots of memory

12 more replies

I'm having an issue with my laptop running extremely slowly. I think I've tracked down the issue to one of the svchost.exe processes eating up pretty much all of the available memory. Here's the symptoms:

Windows 7 machine:
* Out of 2 GB memory, 1.80 to 1.85 GB of memory is constantly in use (per Task Manager); Physical Memory available is typically 80 MB (give or take a few)
* One of the svchost.exe processes is using between 300 and 500 MB of memory consistently. It is the one that runs Windows Update (which I've heard sometimes causes issues)
* This machine has only been up for about 4 hours.

In comparison, my Windows XP machine consistently has approximately 1 GB of memory available at any time (out of 4 GB), and the svchost.exe processes use around 150 MB of memory. This machine has been up for several days.

Am I on the right track? I'm not sure I'm infected with anything; if not, I'd like some thoughts on what we can get rid of so that the computer will respond better.

Thanks in advance for any help.

Nick

More replies

Hello, I noticed my memory usage was at 42%, when it is usually 25-30%. I opened task manager and found 12 different processes of svchost.exe running. One of then was using 149,156 k of memory, from which I understand is a whole lot.

Is this normal? And if it isn't how do I fix it?

A:svchost.exe using lots of memory

It's normal.

Windows 7 Service Configurations by Black Viper

I'd get rid of the 2 instances of jusched starting with Windows. Also set Punkbuster services to manual.

6 more replies

Hi,
I have read many posts on memory space and addressing, but haven't found anything that answers my question....
I have 8Gb fitted, but on checking it's useage, it appears that the max I have seen in use is less than 3Gb.
The swapspace and paging file are being used - why ? when I have plenty of memory left unused ?
Is there a way I can force Vista to use more physical memory (which is faster), rather than perform swapping.

Thanks & regards,

MB - ASUS P5B Premium (skt 775)
CPU - Intel Quad Extreme X9650
Mem - 8Gb GeIL
OS - Vista x64 Ultimate SP1

Screenshot as attachment:

A:Lots of unused Memory - why ?

Originally Posted by Fish-Man

Hi,
I have read many posts on memory space and addressing, but haven't found anything that answers my question....
I have 8Gb fitted, but on checking it's useage, it appears that the max I have seen in use is less than 3Gb.
The swapspace and paging file are being used - why ? when I have plenty of memory left unused ?
Is there a way I can force Vista to use more physical memory (which is faster), rather than perform swapping.

Thanks & regards,

MB - ASUS P5B Premium (skt 775)
CPU - Intel Quad Extreme X9650
Mem - 8Gb GeIL
OS - Vista x64 Ultimate SP1

Screenshot as attachment:

You could try to run more memory-intensive applications (Video editing & rendering, photo editing, etc.), or even more applications at once (it's not uncommon on my system to run out of taskbar space with the number of applications I have open).

The swap file being used even though you still have free memory available is because some parts of the OS that are not being used too much is swapped out to the page file to allow a greater amount of free physical memory.

5 more replies

I had XP Antivirus 2012 on my computer initially, and was able to fix it by following directions. However, then another "Security Protection" virus got onto the computer. I followed all directions from the bleepingcomputer.com tutorial, but it still did not fix the problem. When I start the computer and it loads normally lots and lots of blank windows pop up repeatedly on the desktop. Whenever I try to start any program an error message pops up saying that some part of a file is missing, no matter what program I try to open.

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Run by Tim Kamauf at 11:42:24 on 2011-08-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.576 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim K... Read more

A:security protection, xp antivirus 2012, lots of blank windows open and no programs will open when i start my computer

to BC.We'll begin with thisStep 1.ComboFix:Download ComboFix from one of these locations:Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. Here is a howto for some of the applications.
They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.Step 2.Things I w... Read more

2 more replies

I have windows xp machine. There was some virus found on nero s/w. so i have tried to remove it from
pc. It is not removed by giving access error.

1) Now everytime on startup of pc "Incd can not start" Message is coming.

2) When working with two or more programs, it gives message "virtual memory too low". And application
closes abnormally.
here is some error screenshottttttttt

More replies

I was trying to listen to a radio station through windows media player, and when I click the station, ( which worked before), I get an out of memory error popup, and get forwarded to this page, http://www.microsoft.com/windows/wi...&id=C00D11C6&contextid=83&originalid=8007000E

I am running a pentium dual core, windows Vista home premium, with 2 gigs Ram, and a 1 gig video card. and a 500GB hard drive, thats only 1/4 the way full.

I had other programs running, but I closed them out.
( I use process explorer, so I know there is enough free memory).

Wondering if its virtual memory or some setting? If not its probably related to the actual radio station that I am trying to listen to, as I tried a different one, ( music that I am not really that into, ), and it works fine..

More replies

It's really frustrating searching for a document I need for school in the Window's search in the start menu and it not being found. But I know for a fact I made the files and where it is, in my Documents. Window's index is just really annoying it basically doesn't index any of my created documents, most of my application/programs I use are not being index.

How do I choose to index what I want, and make sure the documents etc. are being indexed!?!!?

----

Windows 7 : Home Premium 32-bit

A:Lots of files/application are not being indexed in Window's Search!!!!

Hi michaelsp9

Type "indexing options" into the start menu.All the options your looking for are there to choose what is indexed.

Attachment 170024

Although I think documents are usually selected by default but have a look yourself

Danny

1 more replies

My PC just started getting slow out of the blue. I decided to look at the task manager and see what was using all my memory. I found that one of the Svchost.exe (netsvcs) is using a ton on memory and sometimes a lot of CPU. I'm looking for any help on fixing this problem. I have attached a photo to show you what i'm talking about.

A:Svchost using lots of memory on windows 7.

There are usually multiple svchosts, they are parent processes of many different services. Chances are you have a rouge service (malware) running underneath one of these svchosts.

Could you take a better screenshot of all the services running under that specific svchos process? Id would help to see all of them.

14 more replies

Hi, this is my first post here so please bear with me. I have followed the 5 steps in the sticky thread and got a log, but I've got a few questions and things that should outline my problem:

1) Will that Spyware Blaster program interfere with my AVG Internet Security program?

2) One of the things that prompted me to do these logs was that when I start my computer up before going on the internet or anything it seems to be eating 400MB of memory. I'm not sure if this is normal or not, but it does seem as though AVG is taking up a lot of memory.

3) One of the other reasons that prompted me to this was because recently when I've started my computer, in the Task Manager an application called "spoolsv.exe" has the status listed as "Not Responding". I Googled it and found out that the process is something to do with printers, but it could also be spyware. I think it might be spyware because there are two instances of the process in Task Manager and one of them says "Not Responding" on startup/

4) I'm always looking for ways to make my computer a bit faster and more efficient, so even if there are harmless things in the log that could be disabled because they're not needed most of the time I'd appreciate being told.

Thanks.

Deckard's System Scanner v20070807.62
Run by Michael on 2007-08-09 at 22:30:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

A:Lots of memory being used + strange processes

bump.

2 more replies

Hi!!
Recently I have been experiencing a lot of problems with the virtual memory. In many cases my computer will just shut down all programs that i am running. I have already increased the virtual paging size and am not really sure what else to do. In addition to the low virtual memory message i also get a message that says "error loading c:\WINNT\Downloaded Program Files\bridge.dll The specified module could not be found"

Logfile of HijackThis v1.97.7
Scan saved at 10:50:40 AM, on 7/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\mgabg.exe
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\WINNT\System32\PDesk\PDesk.exe

A:low virtual memory and LOTS of popups!!!!

10 more replies

On my recently reinstalled Windows 7 machine, I find myself often running out of memory--a problem I've never met before--despite having added an additional gigabyte of RAM to the machine so that the laptop now has 4 GB of RAM. Windows occasionally closes my web browser, saying that there's not enough RAM. The most memory-hogging Svchost process can take up around 100,000 K of memory.

Is my computer infected?

A:Svchost taking up lots of memory

Use these programs to find and remove both adware and malware.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing... Read more

1 more replies

Recently My computer has been crashing alot. I mean i havent downloaded anything. Its been the same since i can remember but now i get lots of errors. When i extract a file with WinRAR i later get a memory error, When running a setup.exe i get a refrenced memory error.

The instruction at "0x6a9e05be" referenced memory at "0x6a9e05be". The memory could not be "read".

Click OK to terminate the program
Click on CANCEL to debug the program
Click to expand...

If anyone can help it'll be greatly appreciated.
Ps. I did not yet Install Sp2.

Also i have 512 ram.

A:Lots of problems regarding Refrenced Memory.

well i dont know if anything specific is causing you trouble or not. right click my computer>properties>advanced and then check the setting for virtual memory. it should be twice the size of the RAM. Also i use a cool piece of freeware called HARE ( http://www.dachshundsoftware.com ) which made my computer faster. you can try that

2 more replies

since i loaded ff 3.6, memory usage shoots up to 200k in and freezes firefox. olny way to fix is to end process in task manager. Tried to switch back to 3.5, issue stays. then uninstall all of firefox and reinstall ff 3.6 again, so far i havent found a fix, searched the forum but didnt find the fix im looking for. i have 3 gigs of ram, possibly i have my ram going bad but its only in firefox this happens, i dont want to go back to internet explorer. help please.

A:firefox useing lots of memory

Check this out at: http://kb.mozillazine.org/Reducing_m..._%28Firefox%29

2 more replies

All these times, I've never had Firefox use this much memory. I checked Firefox.exe process in Windows Task Manager and saw it use a smashing 136,524K of memory. Is this right? I use Windows Vista. I don't know if this helps, but recently my Antivirus [ESET NOD32] found few spyware, but it's in quarantine now. Please help me fix this crazy thing. Thanks a lot!

A:Solved: Firefox uses LOTS of memory!!

14 more replies

Since I reinstalled windows about a month ago, I have been noticing a severe decrease in available C: drive space. This morning I went from 8 GB free to 4 without installing or adding any files. I checked previous forums that suggested I try to hunt the issue down in my Documents and Settings and found 93 GB used in my D and S, of which 57 are in My Documents and 28 are in Local Settings. The bulk of memory used in Local Settings seems to be in a Temp folder.

Before I go deleting everything in my temp folder (D and S/user/Local Settings/Temp) I was hoping to get some advice. Much of the 28 GB are being held by files named ADA___.tmp. The ___ is some number. I'm afraid that by deleting these files (A) I will only be treating the symptom and not the root of the problem and (B) I may screw up something in my computer. Any thoughts?

A:Lots of memory used in temp folder

This should not mess up anything and can be set to clean system upon startup.

How much total space is on your hard drive?

1 more replies

Because of this I decided to run sfc/scannow and some errors were fixed and some not. I do not understand the CBS folder I pulled up so am uploading to here and see if anyone can make something of it for me. I do see some errors but still do not understand what to do about them. Guess I am unable to upload it as it is too big.

A:Lots of hesitations when I try to open anything

Hi,
Run sfc three times in a row booting between runs see if the other error will be fixed.

5 more replies

My laptop has been acting a little funny recently and I'm wondering why.

On Monday when I booted up my laptop (Samsung using Windows 8), I suddenly had a BSOD due to an error called "PAGE_FAULT_IN_NONPAGED_AREA." As soon as my computer restarted, it was fine. I did notice that there were two new notification icons in the lower right-hand area of my taskbar: the little Windows action centre flag with a red X, and AVG's icon, also with a red X.

Yesterday I noticed that my laptop had been warmer than usual and the fan's noise was more noticeable than usual. I shut down the laptop to give it time to cool down. However, when it went to shut down, the screen was black but the power light stayed on and the fan was still running. I had to press the power button to make it shut down.

Once it booted back up, I checked Task Manager for anything unusual. AVG had been taking up about 5% disk usage and various Service Host: Local Systems were occasionally using ~25% CPU. I ran a MalwareBytes scan, which came back clean, so I uninstalled AVG (since I never use it anyway) and shut down for the night.

Today, my laptop is still warmer/louder than usual and every now and then, a service host will hog 25% of my CPU and 59.3 MB of memory. I did some Googling and found a few threads on here from people who have had the same problem. They were directed to use some antiviruses and other prog... Read more

A:Service Host suddenly using 25% CPU/lots of memory

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/618680 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

0 more replies

svchost process using lots of ram.  DCOM service launcher and termina services are the two services having issues.  I've scanned the computer with MBAM, MBAR, Tdsskiller, combofix.  MBAM & MBAR found malware and removed it.  Don't know what else I can do.

A:DCOM service launcher using lots of memory

10 more replies

I just noticed today that in Windows Task Manager, I see 'svchost.exe' consuming lots of memory (Task Manager reports 265,376K). I look at Task Manager a lot in order to manage memory in general (there's only 1GB on this box), and I've never seen a 'svchost.exe' consuming this much before. It grows until available memory [under 'Physical Memory (K)' in the Performance tab] gets down to under 10000, and the machine slows to a crawl while it furiously swaps.

I fired up "Process Explorer" (Sysinternals), and I can see the offending 'svchost.exe' hanging underneath 'services.exe' (along with plenty of other services). Sometimes, the offender has 'AcroRd32.exe' or 'wuauclt.exe' hanging off of it (but the child processes don't consume anywhere near as much memory as 'svchost.exe').

When I mouse over the 'svchost.exe', it shows...

Command Line:
C:\WINDOWS\System32\svchost.exe -k netsvcs
Path:
C:\WINDOWS\SYSTEM32\svchost.exe (netsvcs)
Services:
COM+ Event System [EventSystem]
Help and Support [helpsvc]
Network Location Awareness (NLA) [Nla]
Remote Access Connection Manager [RasMan]
Telephony [TapiSrv]
Windows Management Instrumentation [winmgmt]
Windows Time [w32time]

The system is Microsoft Windows XP, Home Edition, Version 2002, Service Pack 3. It's got a Pentium® 4 CP... Read more

A:"svchost.exe -k netsvcs" consuming lots of memory

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:

8 more replies

I read somewhere else on this site about large memory usage by svchost, and noted that I should run a Hijackthis test. Though the results are overwhelming:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:03:11 PM, on 4/24/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

More replies

I'm not sure if this belongs in this forum or the Vista one, feel free to move it .

So I had a problem with my defragmenter. I use Diskeeper, since it came with the laptop I purchased. The problem I had was when I clicked defragment, it wouldn't even analyze my drive . I also had some corrupt files I couldn't delete.

I fixed that using the Vista repair disk at the Help Center at my college. I was able to delete the corrupted folder after using the disk, and defragment. The only problem is that after defragmenting, I have a huge amount of fragmented things .

Attached is a picture of Diskeeper's analysis of my hard drive.

The real reason I am posting this is because chkdsk will not work, so I can't check for corrupted files... and my free space keeps rapidly changing! Yesterday I had 1 GB free, today I have 27 GB free.

How do I fix this, or run check disk?

Here is the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:53 AM, on 11/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe

A:Lots of Memory Used-- corrupt files/folders?

To solve this problem I ended up taking it to the computer center at my college and reimaging the computer.

If you find a different way, post it please to help anyone else that looks

1 more replies

My windows explorer is taking up way too much memory.  Based on previous forums, I downloaded the Malware Software, and have included the logs from that scan, I have not cleaned the malware yet..Any help would be appreciated...
mbar-log-2015-04-20 (11-02-47).txt   2.83KB
system-log.txt   24.72KB

A:Windows Explorer taking up lots of memory

5 more replies

The problem is svchost.exe (localservice). I have posted an image which contains all services under that process.

A:Svchost.exe constantly taking up about 50% CPU and lots of memory.

Is this happening every boot? Open a resource monitor and switch to CPU tab, sort by CPU. See if you can get additional info, take a screenshot if you can and post here.

9 more replies

My windows explorer started using a lot of memory for 1 week - I cant remember loading any software in last 2 weeks. Ones it reached over 1 GB on my laptop.
I am running XP and have 2GB mem.
2 days ago IE started pop-up ads no matter which site I go to. These ads are for either pc security or adult sites.

I loaded Ad Aware, but that found nothing wrong on the pc after a scan.

Reading some posts from before, I changed a reg entry to disallow add-on dlls to be loaded with explorer. The explorer seemed to look stable for 10 min and after that started gathering memory again.

More replies

Just when things are going good, one day you wake up to a computer nightmare! I am using Windows XP home edition.
I keep getting a low virtual memory error and "windows is increasing the size of virtual memory paging file. For more see Help." I can't go to Help!
Also: Microsoft Visual c++Runtime Library! from c:\ProgramFiles\InternetExplorer\iexplore.exe

I ran hijackthis and posted on the forum and have not recieved an answer, so I did more searching on my computer. There is another "Recycle Bin" showing when I go into desktop. One says "empty" the other icon says "full". I cannot get to the one that says full?!
I have SystemMechanic, Spybot, Housecall installed with other email scanners, etc.
And yes, sometimes something as simple as re-booting will correct it for a while, but then it returns with a vengance! I have been having this problem for about 2 months now and have done all I know to do.
Any suggestions would be welcome and I will be glad to run Highjackthis again and send the report on.

I just cannot find a reason for having low virtual memory. Today, on Task Manager, under processes, the top three are: ekrn.exe - 10,864 K; explorer.exe - 10,308 K; and MsMpEng.exe - 8,028 K.

A:Low virtual memory, lots of run time errors

12 more replies

This could be what is slowing my system down?

More replies

Internet explorer is talking up lots of memory, even when im not running the program and ads keep poping up about different things for no reason, sometimes when not even running internet explorer. I think i may have some kind of infection. Please help, attached logs you asked for,
Thanks
Anthony

DDS (Ver_09-10-26.01) - NTFSx86
Run by Ant at 1808.06 on 13/11/2009
Internet Explorer: 7.0.6002.18005
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2037.728 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService

A:Help, IE talking up lots of memory when not running and ads keep poping up!

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

2 more replies

I know there are other posts very well explaining how to get out of the terrible situation that is Open Cloud AV. I've dealt with a VERY similar malicious program before. I dealt with it my running Rkill and then Malwarebyte's Anti-Malware. I have recently been infected with Open Cloud AV. I looked up how to remove it, and seeing as the steps were the same, I did the same. Rkill terminated the process, but MBAM would close unexpectedly. I tried to open it with some 'Inherit.exe' but that didn't work. I download Anvira, which I was told worked as well, and that program didn't find Open Cloud on a full scan. I restarted my computer and tried it all again, still to no avail.
I still can't open MBAM, and Rkill doesn't find/doesn't terminate Open Cloud AV.
Also, when trying to create a gmer.exe log, this process was terminated after a few seconds as well.

I'm pretty desperate, and I'm not great with computers.

-Dylan

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_25
Run by Dylan at 18:29:54 on 2011-10-04
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2813.844 [GMT -6:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.

A:LOTS of problems with Open Cloud AV

UPDATE: After a few hours, Open Cloud AV seems to have stopped working. Perhaps I was impatient with Rkill.
But Alas, MBAM still crashes as soon as it starts scanning!
I'd much appreciate any help.

97 more replies

I know there are other posts very well explaining how to get out of the terrible situation that is Open Cloud AV. I've dealt with a VERY similar malicious program before. I dealt with it my running Rkill and then Malwarebyte's Anti-Malware. I have recently been infected with Open Cloud AV. I looked up how to remove it, and seeing as the steps were the same, I did the same. Rkill terminated the process, but MBAM would not open. I tried to open it with some 'Inherit.exe' but that didn't work. I download Anvira, which I was told worked as well, and that program didn't find Open Cloud on a full scan. I restarted my computer and tried it all again, still to no avail.
I still can't open MBAM, and Rkill doesn't find/doesn't terminate Open Cloud AV.

I'm pretty desperate, and I'm not great with computers.

-Dylan

A:LOTS of problems with Open Cloud AV

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

4 more replies

Hello, I recently built my own PC and installed an OEM version of Windows 7 on it, everything was fine after the first boot up, but the hard drive was very noisy when writing data. Then I got a BSOD one day, and ever since then it's been an almost daily occurence. I'd be so thankful if someone could help me figure out my problem.

I've already tried reseating the RAM/Swapping the modules around on the mobo since I assume from the error names it's an issue with my RAM, if worst comes to worst I might wipe and reinstall windows, possibly even replacing this noisy hard drive in the process, although that might not fix it still.

I've also attached the documents asked for in the BSOD submitting instructions sticky.

A:[SOLVED] Lots of BSOD's with a range of memory errors

There are a couple of drivers to update
cbfs.sys Sat Mar 21 09:58:26 2009
If you use the program update it if you don't use it uninstall it.

Since one named the USB subsystem check Intel update for any updated drivers.
Intel? Driver Update Utility

Check the ram
D/L Memtest+ burn it to a CD using a free program like Imgburn if you need one then boot from the CD to test the ram, let it run for at least 6 passes or until you see an error.

Looks like a Seagate hard drive, use Seatools for DOS(cd) to test the hard drive.
SeaTools | Seagate

Code:
BSOD BUGCHECK SUMMARY

Code:

Debug session time: Wed Oct 10 16:00:00.994 2012 (UTC - 4:00)
System Uptime: 0 days 0:07:25.868
BugCheck 19, {21, fffffa800e9ba000, 1220, c300000000001220}
Probably caused by : USBPORT.SYS ( USBPORT!USBPORT_Core_iCompleteDoneTransfer+45f )
Bugcheck code 00000019
Arguments 0000000000000021, the data following the pool block being freed is corrupt. Typically this means the consumer (call stack ) has overrun the block. fffffa800e9ba000, The pool pointer being freed. 0000000000001220, The number of bytes allocated for the pool block. c300000000001220, The corrupted value found following the pool block.
BUGCHECK_STR: 0x19_21
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: Dropbox.exe

13 more replies

Hello all!
Since a week I have a problem in my computer, he becomes slower and some processes in task manager appeared and I've never seen them before, some of them are also duplicate.
Like: ati2evxx.exe - 2 times
avp.exe - 2 times
CLI.exe - 2 times
svchost.exe - 7 times

The memory usage and CPU is always at high levels. The problem born after a game of Counter strike I think, but I am not sure if it was that the problem.
I started the Hijackthis and I can post the log if you want. It gave me problems in:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sg...
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/ver...

I have Kaspersky 6.0 and NoAdware, that cleaned all they found, but the PC goes slow like before.

Hope someone can help me!

A:Slow pc, big memory usage, lots and duplicated processes!

Welcome to the Tech Support Forums. Please post the two text files, main.txt and extra.txt produced by theDeckard's System Scanner (formerly Comboscan) as instructed in IMPORTANT - Read This Before Posting A Log.

Deckard's System Scanner gives us additional information. Thank you for your patience.

We are aware that users sometimes seek help from several Forums at the same time. Unfortunately, this can cause confusion and actually wastes time and resources, both yours and ours. Every Analyst will work in a different way. If you have already posted at another Forum, please advise us, or them, and choose just one.

During the cleaning process, if any other issues appear, please let us know.

2 more replies

hi,
was wondering if it is normal to have 3 iexplorer.exe in my task processors even when i have no pages open it is using alot of memory on my computer. if i try to end process tree it just automatically comes back. Also i ran hijack on my computer but that doesn't even show or explain the multiple iexplorer in my task bar so confused could u look at that also pleaseLogfile of HijackThis v1.98.1
Scan saved at 9:31:27 AM, on 6/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-au\msnappau.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\WINDOWS\webshots.scr
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Program Files\MXMoni128Eb\MXMoniE.exe
C:\Program Files\WinMX\WinMX.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.ex... Read more

More replies

For the past week or so, something's been on my computer and wreaking havoc. I'm running Windows XP.

Symptoms:

1) Lots of pop-ups (mostly for registry cleaners or spyware software). This seems to get worse with each day that goes by.
2) A number of large websites have stopped working for me (www.mlb.com, www.sears.com, www.walmart.com)
3) I can download, but cannot install any anti-spyware software (Spybot S&D, Malwarebytes, Superantispyware, Ad-Aware). When I attempt to run the .exe file I downloaded, I get one of two error messages: (1) "The setup files are corrupted. Please obtain a new copy of the program.", or (2) "C:\xxxxxx is not a valid Win32 application." I have tried downloading each of these files from multiple sources, but the result is always the same when I go to install.
4) The computer is running extremely slow (especially the internet)

I have noticed two files using HJT that, through google, I noticed were common problems for others. (C:\Windows\system32\gutodayo.dll, and C:\Windows\system32\moyomego.dll (there are a few instances of this last file)).

I was able to download and install Spyware Terminator (had good reviews on download.cnet.com, though not sure how effective it really is) and run it's scan, but it didn't find any real threats, and the small things it had me fix didn't solve any problems. I haven't been able to find any other scan or spyware remover that ... Read more

A:Lots of pop-ups, can't open many .exe files, comp slow

20 more replies

Hey everyone. Now instead of my friend having a problem, I'm crrently the one having a problem! I got a bit worried, because my virus scanner picked up a trojan. It was removed, but just to make sure I did a netstat -a check to look for secutiry problems... And it came up wit this:

TCP MainComputer:3001 MainComputer:0 LISTENING
TCP MainComputer:3002 MainComputer:0 LISTENING
TCP MainComputer:3003 MainComputer:0 LISTENING
TCP MainComputer:3006 MainComputer:0 LISTENING
TCP MainComputer:3006 MainComputer:3007 ESTABLISHED
TCP MainComputer:3007 MainComputer:3006 ESTABLISHED
TCP MainComputer:4044 MainComputer:31595 TIME_WAIT
TCP MainComputer:4047 MainComputer:31595 TIME_WAIT
TCP MainComputer:4050 MainComputer:31595 TIME_WAIT
TCP MainComputer:4143 MainComputer:31595 TIME_WAIT
TCP MainComputer:4146 MainComputer:31595 TIME_WAIT
TCP MainComputer:4191 MainComputer:31595 TIME_WAIT
TCP MainComputer:4194 MainComputer:31595 TIME_WAIT
TCP MainComputer:4197 MainComputer:31595 TIME_WAIT
TCP MainComputer:4200 MainComputer:31595 TIME_WAIT
TCP MainComputer:4206 MainComputer:31595 ESTABLISHED
TCP MainComputer:4263 MainComputer:31595 TIME_WAIT
TCP MainComputer:4264 MainComputer:31595 TIME_WAIT
TCP MainComputer:4271 MainComputer:31595 TIME_WAIT
TCP MainComputer:4276 MainComputer:31595 TIME_WAIT
TCP MainComputer:4298 MainComputer:31595 TIME_WAIT
TCP MainComputer:4310 MainComputer:31595 TIME_WAIT
TCP MainComputer:5180 MainComputer:0 LISTENING
TCP MainComputer:10110 MainComputer:0 LISTENING

A:Lots of open ports... Security risk?

6 more replies

I am trying to fix my sister-in-law's laptop. There are many problems with this computer and it took me about a year to talk my SIL into letting me work on it so these problems have been around for awhile. The laptop is a Dell Inspiron B130, running Windows XP with SP2.

Here are the current problems:
*no sound
*battery does not work (not sure if that's a computer error or if it's just dead)
*firefox has errors every 5 minutes or so and needs to close
*black screen comes up every once in awhile and says something to the effect of beginning to dump physical memory
*slow startup and shutdown (5+ minutes)

This computer has Zone Alarm Security Suite, AVG 7.5 Anti-Spyware, and Ad-Aware.

My SIL told me that she wants to save all of her personal files if at all possible but if a clean install is needed, we do have the Dell Windows XP reinstall disk. I am also willing to put the personal files on disks, if needed.

A:No sound, lots of Firefox errors, dumping physical memory?!?

Welcome back to TSF

The best thing to do is to format the drive and reinstall. Pull off your SIL information either on a thumb drive or burn to cd then reinstall. She has way too many issues to just start trying to repair each one individually.

5 more replies

A few days ago I removed a virus from my computer and after some work I thought I had restored the computer back to normal. Everything seems to be running fine but now everytime I start my computer there are about 20 windows that open up. Almost seems like it is a brand new computer. Some of them are windows programs that are starting i.e. fax/scan etc that have never opened before as well as about 15 windows that open folders that say: windows-startmenu-programs-startup-then a myriad of various HP, lightscribe, games etc. It appears it is openeing every file.

How do I keep them from opening like before? Any help would be much appreciated.

A:Solved: LOTS of windows open when I start computer

Go to start/all programs,right click the startup folder and click open.
Everything in there runs at startup.
Delete everything in there that you don't want to run at startup.
See if that helps the problem any.

2 more replies

Hi, there.
This is the log for my hijackthis last run
Please help, I installed several programs, and can never be sure there is not going to be porn in my children's computer.

thanks

*****************************************
Logfile of HijackThis v1.98.2
Scan saved at 3:29:17 PM, on 9/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MSCRON.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\winlogon.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\WINDOWS\EliteBar\EliteBar version 50.dll
O3 - Toolbar: &EliteBar - {825CF5BD-88... Read more

A:unable to open regedit, lots of popups and adware

Hi ariedia

Welcome to TSG!

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php

R3 - Default URLSearchHook is missing

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\WINDOWS\EliteBar\EliteBar version 50.dll

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\WINDOWS\EliteBar\EliteBar version 50.dll

O4 - HKLM\..\Run: [SysA] C:\windows\system32\winpbr32.exe

O4 - HKLM\..\Run: [Microsoft CronD Service] MSCRON.EXE

O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winabh32.exe

O4 - HKCU\..\RunOnce: [Microsoft CronD Service] MSCRON.EXE

Restart to safe mode.

How to start your computer in safe mode

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click ... Read more

1 more replies

First off, please forgive me. I can only supply my HijackThis log as it is the only program I had installed prior to this problem.

It started a week or so ago when I had the stupid Security System Pro problem. I downloaded HijackThis, Malware Bytes and AVG at that time and it took care of it. Or so I thought. After that all of my searches on Google started to be redirected unless if I opened the cached version.

Today I could not open any of my .exe files. It would open the "open with" dialogue box and I would have to go to the C drive, find the program file and click on the program there to get it to open. Basically telling it to open with itself.

I tried to download ComboFix as it was suggested for this problem. I cannot open or download any new programs. They won't open period. When I tried to download all the required stuff to post here, I am getting the message "Internet Explorer has encountered a problem and needs to close" and it won't even let me get to the page.

I also cannot boot in ANY safe mode. It just restarts over and over when I try to boot in safe mode.

AVG found and removed Manson\liser.exe but that's the only Trojan it's found other than some tracking cookies.

Can anyone help? My HijackThis log is below. As I stated earlier in the post, I can't even download the other programs to provide the additional logs.

Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:18 AM, on 7/3/2009

A:Lots of issues - Google Redirect, Can't open .EXE files, etc

I have also run Malware Bytes and the log is empty if that helps anyone.

8 more replies

Hello,
I have a rather big problem. NT 4.0 Server with 6 XP Pro wrkstns. All XP Pro systems open a network share in 30-45 seconds where the shared folder has 4,000+ files.

All replaced Windows98 systems could open the folders in a fraction of a second.

There are still 2 Win98 systems and they open the shares fine (really fast). The XP systems have the flashlight browsing back and forth. Any other folder on the same share opens quick (because of lower number of files). It seems like XP is scanning every file looking for the end of the folder before it displays.

Replaced the switch - same behavior
Stopped Indexing (was never running) - same behavior
Stopped Web Client - same behavior
Stopped DNS Client - same behavior
Edited "NameSpace" in the registry - same behavior

Actually, the closest I came to getting it was under "My Computer/Tools/Folder Options/Uncheck "Enable Offline Folders" - it worked fast for 2 openings, then went back to flashlight again.

Also, I can disable "Allow Indexing Service to index this drive..." from My Computer for the local C: drive, but how do you uncheck the greyed out "Allow Indexing Service..." on a network folder (Found under Properties/Advanced on the network folder).

Any help is appreciated.
Stephen

More replies

I have 99.6 GB available and only 5.23GB used. Its a Compaq computer system that runs real slow here and there when task manager has two pages up or when loading pictures. A low memory warning comes up and says that some programs might not operate normally. Do I need to buy a new memory thing and what is it called lol. Kind of annoying to have task manager freeze up or close down every few minutes. Thank you kindly.

A:Low Memory and lots of space on my computer? But Task Manager runs slow?

When you say, "I have 99.6 GB available ..." I assume you are talking about hard drive storage space. The low memory warning has to do with the amount of RAM or hardware system memory that is on the motherboard. If you right click on "My Computer" and select properties, the information screen should show how much you now have installed.

When Windows and all of the programs you have running at the same time require more memory than what is installed, Windows starts to copy the chunks RAM content to and from the hard drive as needed. This constant transferring can bring the fastest computer to a dead crawl.

Most motherboards let you install more RAM Modules or replace smaller capacity modules with larger ones.

EDIT: The support section of the Compaq web site should be able to tell you exactly how much RAM was installed on the computer when it left their factory based on the model number and sometimes the serial number. The site would probably also list exactly what kinds of RAM modules are needed for expansion.

3 more replies

The IEXPLORE.EXE still reside im my PC memory after I close the IE window.

With task mamanger, I can see there are many IEXPLORE.EXE running. But, I already close all of them.

I ran 3 ad-ware, spybot, MS antispyware. Removed all the spyware by those 3 spyware detector.

The problem still exist. Anyone knows why?

Thanks

David

A:IEXPLORE.EXE reside in memory after I close IE window. And this take all my PC memory

13 more replies

Hey, I have a problem. I have my two sata hard drives partitioned into 3 parts. On One part (Drive E), theres a couple of files that have been there for a while (from previous windows installations), and I can't access them anymore. It's been like this for a while.

If I try to move or copy them, Vista says "You need permission to perform this action. Try Again. Cancel". If I use CMD to do it, it says Access Denied. If I try opening the videos files that are like that, the video player says File not Found.

I've tried botting in safe mode, enabling and logging in as the administrator (both in regular windows and safe mode), tried loading the vista installation cd, and using command prompt to copy the files.... but it says "Access Denied".

I've tried taking ownership using takeown or cacls, NO LUCK! I've also tried right clicking, properties, and messing with the security settings, still.. NO LUCK.

I've been at this for about a month, trying different things.
---
Anyone have any suggestions or a solution to how I can access those files?

ps: Running Vista 32bit, Ultimate Ed.

A:Access Denied/Need Permission for LOTS of my files. Can't open. HELP!! Vista.

someone pm'd me the info. Turns out it was a certificate I was missing, fixed.

2 more replies

I'm running Win7, with Trend Micro Maximum.
the CPU usage is not steady as I would expect it to be.
It's running quite a bit slower than it ever has.
at start many windows open and close very quickly, too fast to read. One of them looks like a "copy, delete or move" system window, and the rest look like DOS prompt windows.

A:CPU usage pulsing, lots of lag, many windows open and close at start

10 more replies

Spyware galore, ultra pop ups. never got this thing to run right since we got it back from Geek Squad in September. This has been about a week, and I was trying to take care of it myself but am running out of options. Would someone be able to take a quick peek at the logs? Very appreciated.

Ran the HJT, DDS, and GMER:

ASUST, Desktop CM1730 series, Windows 7 Home Premium, Service pack 1, AMD Athlon II X2 220 2.80 GHz, 6.00GB memory, 64-bit Operating system Processor.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:43:35 AM, on 12/8/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Pag... Read more

A:Lots and Lots of Spyware pop ups.

16 more replies

Can anyone help? I feel bad I messed up a friends computer

Logfile of HijackThis v1.97.7
Scan saved at 12:15:58 AM, on 10/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HAVIDC.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\MY DAILY HOROSCOPE\MYDAILYHOROSCOPE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\SYSTEM\MSCB.DLL
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no... Read more

A:lots and lots of problems...

That's not so bad, elf. I would check it for a virus though at Trend Micro.
Also, will not address WeatherBug or Daily Horoscope here, but they can cause other spyware issues and probably should be uninstalled.

Let's see what we can do......

below.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure
that the System Files and Folders are showing/visible also.

Reboot into Safe Mode (hit F8 key until menu shows up).

Hopefully Adaware has removed some entries for you already. So if you see that something doesn't exist anymore, Adaware probably
fixed/deleted it already. Just continue on with the other fixes/deletions.

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click
Kill process for each one if they are still listed (they shouldn't be - but double check it):

C:\WINDOWS\SYSTEM\HAVIDC.EXE <<<If you recognize this file, then ignore instruction.

Check and fix the following in HijackThis if they still exist (make sure not to miss any):

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E1... Read more

1 more replies

Ok, Here goes...

I have a windows XP Home computer which i got about mid 2006 and basically ever since I got it I have been having problems starting up. It originally worked properly for a few months then the problems began.....

First it would not do anything whilst on the windows loading screen (progress bar etc worked but it got stuck on that screen and wouldn't advance), the HDD light would blink for a while and then it would just sit there. Usually i would restart until quite a while later I discovered that if i left it for long enough (about 5-10 minutes) it would eventually load. I have also performed several reformats in this time and the problem would disappear for a while then show its ugly face again. It wouldn't do this every time but a large majority of the time it would.

Now however, it does not do this, instead, it would go through the loading screen, finish that, and the screen would go blank (no signal detected etc) and then it wouldn't do anything at all, I have left it sitting there for about an hour once to see if eventually would work but it didn't. So to fix this I have to restart the computer and it would come up with the screen asking me if i want to use safe mode and usually i would either choose the Last known good configuration or start up windows normally, occasionally i would go in safe mode and restart from there and it would usually work but not always. I usually have to repeat this process several times for it to work. Whi... Read more

A:Lots and lots of problems which I cant seem to fix.

7 more replies

I am helping a freind and he is really infected with loads and loads of stuff and his browser is been hijacked by a URL named www.neccasaryupdates.com and he really need to clean this up. Thanks In advance!I ran CWShredder and HiJackThis on this computer:Logfile of HijackThis v1.99.1Scan saved at 4:01:38 PM, on 3/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEc:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Java\jre1.5.0_03\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC: ... Read more

A:Lots And Lots Of Infections!

8 more replies

Hi! I've had a really bad BSOD problem for a week or two now. I was hoping I would be able to figure it out on my own but I cannot :|. So I was hoping I could post some information and a few minidumps and possibly receive some help?

Ok here goes... the BSODs are random, they can happen even when my pc is idle, though under stress(movies/games) they will happen most frequently. The problem is always 'DRIVER_IRQL_NOT_LESS_OR_EQUAL' and each crash is 'probably caused' by usually a different driver each time.

System info:
Motherboard Name Asus K8N8X-LA PES(nforce3 150)
CPU Type AMD Athlon 64, 2200 MHz (10 x 220) 3400+
512 DDR SDRAM PC2700
Geforce FX 5200 128
Dynex 400W PS

Attaching a few minidumps in case anyone wants to look at them. Any help would be greatly appreciated. Thank you.

A:Lots and lots of BSODs

Hello romulox

I think this could be faulty RAM

If you have more than one stick of RAM (256MB or more) swap them over or take one out and try again with only stick #1. If it does not help or makes things worse swap the sticks and try again with only stick #2. This will identify if you have a bad stick.

OR
You can put either of these free programs on a floppy and test the RAM. Let them run for hours to do many passes if you can

memtest86
http://www.memtest86.com/

Windows Memory Diagnostic http://oca.microsoft.com/en/windiag.asp

Memtest on CD

.

19 more replies

I think someone may be controling and changing my computer and is gathering information on the sites I visit and possibly getting info from my web and computer history and distributing it. Also, I have my internet set to delete my history upon exit and it won't do that anymore... It also adds places I visit on my computer to my web history tab when I'm online. My event sounds have been changed by someone other than myself. When I try to roll back my OS to a previous restore point it can't locate any of the many restore points. I have provided some thumbnails of netstat and the "can't find restore point" event, also included is the tcpview thing.

A:netstat brings up 007guard and lots of listening ports open when offline

TCPView is not showing anything unfortunately. Have you performed some antivirus scans on your computer?

1 more replies

I frequently have problems while using Internet Explorer 7 (IE7), and the severity is getting worse. I beleive my computer has been infected with something. After using IE for a short period, it becomes unresponsive i.e. I cannot open new window or new tab. It will also not allow me to right-click on anything in the existing open windows i.e. when I right-click, no menu pops up... there is no response to the right-click. Other programs also then become unresponsive, such as MS Word, and Windows in general.Also, after experiencing these problems, many programs will not open, and if i try to open HijackThis, i get an error message 'No Memory'. But, if after closing all the open windows, I open the task manager, I find the process iexplore.exe is still running and using a lot of memory! If I terminate the process, and then re-open IE, it will operate normally, however it will shortly get corrupted again.... It's and endless cycle, driving me insane! I am hoping you can help me by identifying anything suspicious in the log files, and advice on how to get rid of it.Please note that I have included 2 log files, the DDS file, and a log file that was obtained from directly running HijackThis.DDS (Version 1.1.0) - NTFSx86 Run by ADMIN at 20:31:29.65 on 04/01/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1348 [GMT 0:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunch... Read more

A:Problems (possible hijack?) with IE7 etc- Unresponsive, freezes, process does not close in task manager, lots of memory being u...

2 more replies

Windows 7 Pro x64
original installed OS
OEM

hardware is 2.5 years old
original installation of OS

A:BSOD error ntoskrnl.exe+7f1c0 - lots of Chrome browser tabs open

Running the last 3 memory dumps (May and June 2012)

Do you have any idea of what this is (it's from your startups):

Quote:
MEI_Startup c:\script_temp\startup.cmd Public HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

If not, please run several of these free anti-malware scans to see if you're infected (and if your current protection is compromised): Free Online AntiMalware Resources

If the above doesn't solve your BSOD problems, please post back so we can suggest some further diagnostics.

Good luck!

The following info is just FYI, I've already addressed the issues that I saw in the above paragraphs

- Further info on BSOD error messages available at: http://www.carrona.org/bsodindx.html
- Info on how to troubleshoot BSOD's (DRAFT): http://www.carrona.org/userbsod.html
- How I do it: http://www.carrona.org/howidoit.html

3RD PARTY DRIVERS PRESENT IN THE DUMP FILES

Code:

L8042Kbd.sys Tue Aug 24 13:23:11 2010 (4C73FFFF)
MpFilter.sys Fri Mar 09 06:05:26 2012 (4F59E3F6)
SCDEmu.SYS Mon Apr 12 04:52:25 2010 (4BC2DF49)
amdxata.sys Fri Mar 19 12:18:18 2010 (4BA3A3CA)
dump_iaStorV.sys Thu Jun 10 20:46:19 2010 (4C11875B)
e1y62x64.sys Fri Jun 12 21:16:42 2009 (4A32FDFA)
iaStorV.sys Thu Jun 10 20:46:19 2010 (4C11875B)
igdkmd64.sys Fri Feb 11 14:16:32 2011 (4D558B10)
psi_mf.sys Wed Sep 01 03:53:14 2010 (4C7E066A)
sbmount.SYS Fri Jun 24... Read more

5 more replies

whenever i try to open control panel or add or remove programs, i get this popup: "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system adminstrator."

This just happened today, and i have no idea what to do.

Theres also a lot of pop-ups from Ultimate Cleaner and Ultimate Defender (personal security center), and this windows alert thing that seems fake, since it says "windows allert."

Also, there are pop ups that come up once a while, saying

Should i post a HiJackThis log?

A:Solved: cant open control panel; lots of ultimate defender/cleaner popups

16 more replies

Is everyone's task manager showing it like this? Why 2 processes? 1 just to have it open and another for each webpage being displayed? Is this faster/better or something? Anyone know of a reason behind this?

A:2 iexplore.exe processes with 1 window open?

Hello AGlobalThreatsK,

This is normal in IE8. You will have one process for IE8 itself, then another process for each tab opened in IE8. This is part of the built-in tab recovery feature in IE8 so that if one tab crashes in IE8, it's not suppose to crash all of IE8 and allow you to still use IE8 and the other opened tabs.

Hope this helps,
Shawn

6 more replies

When using IE I got a strange error message that said "Internet Explorer cannot open page www.*.cl". I immediately believed myself to be infected with something so I ran an F-Protect Online Scan, an AVG scan, a scan with SpyBot and I am at this moment running a scan with Trend Micro HouseCall 6.5. So far, none of them have detected anything. When I open my Task Manager even when no IE windows are open, the process iexplore.exe is using 40 megabytes. For the life of me I can find nothing wrong but I know something's there. Help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:22:56 PM, on 2/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\Program Files\DigitalPersona\Bin\DpHost.exeC:\Program Files\TeamLogic IT\Agen... Read more

A:Iexplore.exe Using Up A Lot Of Resources When No Ie Window Is Open

Hi Raddue, If you still need help please post a new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide for use before posting a HijackThis Log , and I'll be happy to look at it for you.Thanks for your patience.

14 more replies

I have been struggling to fix this with no luck. Need help please! Here's my HijackThis log...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:12:40 PM, on 3/25/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exeC:\ASUS.SYS\config\DVMExportService.exec:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\windows\SysWOW64\rundll32.exeC:\Program Files (x86)\McAfee\MPF\MPFSrv.exeC:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exeC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\McAfee.com\Agent\mcagent.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\PROGRA~2\McAfee\MSC\mcmscsvc.exeC:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exeC:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exeC:\PROGR... Read more

A:iexplore.exe starts with windows but no window open

3 more replies

I've been working for 2 days now trying to fix this problem, but it has been a very resilient trojan (or group of them). I think I have the problem files isolated but I can't figure out how to remove them. The userinit value has been changed, and I can't modify it in Regedit. I've read some other materials suggesting the use of ComboFix, but the program (along with Spybot S&D, Malwarebytes, and SuperAntiSpyware) won't load after I double-click them on my desktop. AVG and Avira do load for some reason and I've completed scans with both of them. Sdra64.exe and lowsec.exe are my main concerns. Thank you in advance for your help!!DDS (Ver_09-03-16.01) - NTFSx86 Run by Sugarbear at 2:26:45.71 on Mon 03/16/2009Internet Explorer: 8.0.6001.18372Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.164 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\System32\svchost.exe -k NetworkServiceC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\Program Files\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ZCfgSvc.exeC:\WINDOWS\Explorer.EXEC: ... Read more

A:iexplore.exe running when no window is open, Userinit value changed