Solved: CPU Drag - Malware or low RAM?

Chris C. · 01-Dec-2008, 10:02 AM #1

hello

my computer seems to be a bit 'draggy' lately, especially when viewing videos on youtube or trying to play webkinz. actually, it's always been slow with flash stuff - which i've been trying to fix for a year, but i'm getting "your system is low on virtual memory" messages sometimes lately on sites like ebay and so forth so i want to get serious about fixing this.

i checked the performance on my task manager and it seems to be using 100% whenever ANY page loads, and even going that high when i use the scroll wheel on my mouse. this happens regardless of whether i'm using firefox or opera (although opera sucks extra bad with flash).

i checked my RAM and i think what i have is considered low: 384MB

my motherboard is an Intel SE440BX-2 so i believe i can double what i have. before i do that, i wanted to find out what other troubleshooting i should try.

hopefully i got a head start by following some instructions on some other threads in this forum and checked for malware (see below). i would be grateful for any feedback on these logs and suggestions for what to check next.

bottom line, do the logs show anything that would account for the high cpu drag? should my next step be to add RAM or is there something else i should do?

i'm a brave novice (meaning i need explicit instructions, but i'll try whatever i need to!) thanks in advance

~chris

***************************************************

1. i ran ATF cleaner
2. i ran malwarebytes (log below - 1 threat removed)
3. i ran kaspersky scanner (log below - threats not removed)
4. i ran hijackthis (log below)

****************************************************

mbam log:

Malwarebytes' Anti-Malware 1.30
Database version: 1439
Windows 5.1.2600 Service Pack 3

11/30/2008 10:51:59 PM
mbam-log-2008-11-30 (22-51-59).txt

Scan type: Quick Scan
Objects scanned: 49422
Time elapsed: 19 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\winzip90.exe (Trojan.Agent) -> Quarantined and deleted successfully.

****************************************************

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 1, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 01, 2008 01:59:36
Records in database: 1428781
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 49686
Threat name: 1
Infected objects: 0
Suspicious objects: 3
Duration of the scan: 04:51:33

File name / Threat name / Threats count
C:\Program Files\Opera\mail\store\account1\2008\02\25\5609.mbs Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Program Files\Opera\mail\store\account1\2008\03\12\5797.mbs Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Program Files\Opera\mail\store\account1\2008\03\12\5802.mbs Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.
****************************************************

hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:16 AM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\stuart\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6977 bytes

**eddie5659** · 07-Dec-2008, 06:10 PM #2

Hiya

Are you still having this problem? If so, can you post a fresh HijackThis log

Regards

eddie

Chris C. · 08-Dec-2008, 09:22 AM #3

hi eddie,

thanks for the reply, and yes, i'm still having problems.

i've done a couple things since posting and it feels a little smoother, but the CPU still goes to 100% while pages load, and i got the "your virtual memory is low - we'll increase the size of your page filing thingy" message again yesterday.

i also get that "a script is causing your computer to run slow do you want to abort the script" message sometimes. my biggest annoyance is the flash stuff running all jumpy and slow.

here's what i've done since my original post:

1. i deleted all the old mail files from the opera folders (where the "suspicious objects" were located by the kaspersky scan)
2. did a de-frag (i was 15% fragmented - i saved the log and can post if it would help)
3. re-ran the malwarebytes and it found 0 infections
4. re-ran kaspersky's scan and it found 0 issues
5. ordered 3 new memory sticks from crucial - i think it's the max my processor can handle: 768MB (this is supposed to arrive today)

here's a fresh log from hijackthis - thanks again for your input!
~chris

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:53 AM, on 12/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Documents and Settings\stuart\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6806 bytes

Chris C. · 08-Dec-2008, 09:37 AM #4

p.s. fwiw.....i took a screen shot of my task manager.

the area in front of the blue line is me using my mouse wheel to scroll up and down the page. the area after the blue line is me dragging the task manager box around the page.

http://i13.photobucket.com/albums/a2...screenshot.jpg

**eddie5659** · 08-Dec-2008, 07:16 PM #5

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

-----------

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Upgrading Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right cklick on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")

========

So, in your next reply, post the contents of the MBAM log, SAS log, online scan log and a fresh HijackThis log

eddie

Chris C. · 08-Dec-2008, 07:19 PM #6

hi eddie - i'm at work and just happened to see your newest post...

i ran the malwarebytes & kaspersky last night before i went to bed, and there was nothing to log because nothing was found.

i'll run the other one when i get home & post the results.

thanks
~chris

**eddie5659** · 08-Dec-2008, 07:34 PM #7

Oki doki

No problem with replying later, its 23.34pm here, and off to bed soon

Chris C. · 09-Dec-2008, 10:08 AM #8

howdy, i'm back with more 'stuff'

btw.........i got the RAM i ordered, but i haven't even opened the package yet. i want to get this cleaned up and verify that i went the correct route in ordering what i did.

here are the logs - and as always, thank you!!
~chris

p.s. let me know if there's a better way to format these logs (i.e. color-coding, bolding, etc) to make them easier to work with.

*********************************************

SAS

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/08/2008 at 11:54 PM

Application Version : 4.23.1006

Core Rules Database Version : 3668
Trace Rules Database Version: 1647

Scan type : Complete Scan
Total Scan Time : 02:00:24

Memory items scanned : 392
Memory threats detected : 0
Registry items scanned : 5867
Registry threats detected : 0
File items scanned : 43261
File threats detected : 42

Adware.Tracking Cookie
.specificclick.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.paypal.112.2o7.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.stats.paypal.com [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.buycom.122.2o7.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
traffic.buyservices.com [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.borders.112.2o7.net [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\stuart\Application Data\Mozilla\Firefox\Profiles\2dfuf78l.default\cookies.txt ]

Adware.GloboLook
C:\PROGRAM FILES\OPERA\PROFILE\IMAGES\ELONGATED.ESMARTDESIGN.COM.ICO

************************************************

MBAM

Malwarebytes' Anti-Malware 1.30
Database version: 1439
Windows 5.1.2600 Service Pack 3

12/7/2008 4:52:00 PM
mbam-log-2008-12-07 (16-52-00).txt

Scan type: Quick Scan
Objects scanned: 48556
Time elapsed: 16 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

************************************************

Online scan produced no log (log area was blank - no items detected)

************************************************

Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:08 AM, on 12/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6890 bytes

**eddie5659** · 09-Dec-2008, 07:54 PM #9

Re-open HiJackThis and choose do a system scan only. Check the boxes of all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

Now close all windows other than HiJackThis, then click Fix Checked. Reboot.

Apart from that, there's not much there. I would also run ATF, to clear out any temp files...

Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

As for the actual RAM, what is the motherboard you have?

Chris C. · 11:16 PM

hi eddie

the R0 entries i find on my previous log (and current scan) are different than the ones you listed. are these the ones you meant?

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

**********************************************

according the a Crucial scan, the motherboard i have is: Intel SE440BX-2
but the Everest scan listed it this way:

Motherboard: CPU Type Intel Pentium II, 400 MHz (4 x 100) Motherboard Name Intel Seattle SE440BX (2 ISA, 4 PCI, 1 AGP, 3 DIMM) Motherboard Chipset Intel 82440BX System Memory 384 MB (SDRAM) BIOS Type Phoenix (04/08/98)

Based on Crucial's recommendation, I got three of these:
http://www.crucial.com/store/mpartsp...BCB777A5CA7304

i guess after i do that last clean up, i'll install them - unless you tell me there really is a way my computer can use more than 768MB, in which case i guess i can exchange these?

however, i expect that these are the highest i can go, at which point i'd want to explore any fine-tuning i can do for optimum performance (e.g. is "overclocking" an option for me? are there ways to reallocate space to make things run faster?)

BUT....i'm guessing i should resolve this last log issue and then move my RAM questions to another forum?

cheers,
~chris

edit: updated some motherboard info

**eddie5659** · 10-Dec-2008, 03:18 PM **#11**

A bit different, but no problem. If you can select these two, and do the above, its okay:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

Also, lets do a bit of a cleanup:

Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

======

Please download Runscanner to your desktop and run it.

When the first page comes up select Beginner Mode
On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Rightclick and rename to a .txt file and upload that file here.

-----------

I'll grab someone for the memory stuff

Chris C. · 11-Dec-2008, 04:15 AM **#12**

okay, i ran ATF again (how often should i be doing that?)

i also ran the superantispyware again and it found more of those tracking cookies - do those just keep coming back, and i just have to keep cleaning them up?

hopefully i did the runscanner correctly.

meanwhile.........how did it get so late?!

thanks, and happy thursday!!
~chris

Chris C. · 11-Dec-2008, 09:51 AM **#13**

whoops! i knew that didn't look right......

okay, now i'm trying to upload the .run file. i right-clicked and renamed it but even though the name ends in .txt in actuality it's ending in .txt.run

ah - i just changed my options to show known file extensions, and i replaced .run with .txt - hopefully that's what was supposed to happen....here goes!

**eddie5659** · 11-Dec-2008, 03:10 PM **#14**

Download the attachment at the end of this post (this will be your runscanner file fixed by me)

Save it to your desktop, then right-click on it and select Rename. Rename to runscanner.run. Then double click the runscanner icon this will run the program.
You will notice several entries in red and in blue.
Click the button at the top called Fix selected items
Accept the warning(s) and repeat until they are all gone.
Reboot your PC

Then post a fresh HijackThis log

eddie

Chris C. · 11-Dec-2008, 06:21 PM **#15**

eddie, thanks for sticking with me on this. i'll 'fix' the issues in the runscan file when i get home.

just in case i don't catch you again before the weekend i wanted to ask now: do you think there would be any problem with adding that RAM i bought? or should i just hold tight on that and clear up this other stuff first?

i'm anxious to see what the RAM might do, but i also understand the importance of being patient in cases like this.

have a great weekend!
~chris

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard mouse network printer problem ram registry repair router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!