Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: virus filling up memory


(!)

Ramphonic's Avatar
Ramphonic Ramphonic is offline
Member with 45 posts.
THREAD STARTER
 
Join Date: Apr 2007
Experience: Beginner
26-Jun-2009, 02:33 PM #1
virus filling up memory
Im trying to help my friend with his vista computer. He says its been acting weird for weeks. The memory is showing full but there are hardly any progams on there. He did a backup and it helped for a little bit. I tried helping by running malbytes but now it will not start back up. It showed several adwares and listed 2 trojans. It kept coming up with an error but finally went to restart. It comes up startup repair but wont do anything.

Any help on what direction I should go in??

Thanks
Ramphonic's Avatar
Ramphonic Ramphonic is offline
Member with 45 posts.
THREAD STARTER
 
Join Date: Apr 2007
Experience: Beginner
29-Jun-2009, 09:00 AM #2
I ran superantispyware on friday and it came back with nothing. It is still showing that no memory is available. I am going to try and run a hijackthis tonight and post that up. Any other suggestions???
Ramphonic's Avatar
Ramphonic Ramphonic is offline
Member with 45 posts.
THREAD STARTER
 
Join Date: Apr 2007
Experience: Beginner
29-Jun-2009, 06:00 PM #3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:48 PM, on 6/29/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dealer.toyota.com/login.asp?TYPE=33554433&REALMOID=06-000845d0-03e7-1f0b-840f-80f79e010000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$3avwEkwuc/460YK4oHZM8/VmkXpfSzmNXW560V31kCCeIWXsHXeYYA==&TARGET=$SM$http://dealer.toyota.com/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.imgsv01
O15 - Trusted Zone: *.lexus.com
O15 - Trusted Zone: http://ddcc.toyota.com
O15 - Trusted Zone: http://dealer.toyota.com
O15 - Trusted Zone: *.toyota.com
O15 - Trusted Zone: *.toyotaworkout.com
O15 - Trusted Zone: *.uotdealereducation.com
O15 - Trusted IP range: http://206.180.1.95
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - http://ddcc.toyota.com/edealer/20420...ntegration.cab
O16 - DPF: {CD9C0F1B-D8F9-4229-B76C-5EF6B14372E4} (Siebel High Interactivity Framework) - http://ddcc.toyota.com/edealer/20420..._HI_Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4B845EF-0509-47CA-84B7-7C32DD8C9136}: NameServer = 198.6.1.3,198.6.1.4
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DMS Communications Manager - MenuVantage - C:\Program Files\MenuVantage\DMS Communications Manager 8.0\CommManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SQServer - SelectQu - C:\selectqu\SQServer.exe
O23 - Service: sqserver3 - SelectQu - c:\DataCube3\sqserver3.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8468 bytes
Ramphonic's Avatar
Ramphonic Ramphonic is offline
Member with 45 posts.
THREAD STARTER
 
Join Date: Apr 2007
Experience: Beginner
30-Jun-2009, 07:41 AM #4
right off the bat O13 - Gopher Prefix: worries me

what do you think?
Ramphonic's Avatar
Ramphonic Ramphonic is offline
Member with 45 posts.
THREAD STARTER
 
Join Date: Apr 2007
Experience: Beginner
03-Jul-2009, 10:01 AM #5
I am stumped. Malwarebytes and Superantispyware are not finding anything now. So i wonder what else it could be??

Any ideas??
cybertech's Avatar
Moderator with 69,375 posts.
 
Join Date: Apr 2002
Location: USA
03-Jul-2009, 10:09 AM #6
Gopher Prefix is normal in Vista.

Is this a workplace machine or personally owned machine?
Ramphonic's Avatar
Ramphonic Ramphonic is offline
Member with 45 posts.
THREAD STARTER
 
Join Date: Apr 2007
Experience: Beginner
03-Jul-2009, 10:13 AM #7
Both I believe
cybertech's Avatar
Moderator with 69,375 posts.
 
Join Date: Apr 2002
Location: USA
03-Jul-2009, 10:15 AM #8
We prefer not to work on machines that are used for business purposes. It is likely we may damage something that is needed.
Ramphonic's Avatar
Ramphonic Ramphonic is offline
Member with 45 posts.
THREAD STARTER
 
Join Date: Apr 2007
Experience: Beginner
03-Jul-2009, 10:18 AM #9
Ok I understand
cybertech's Avatar
Moderator with 69,375 posts.
 
Join Date: Apr 2002
Location: USA
03-Jul-2009, 10:42 AM #10
I notice SQServer running that can use a lot of RAM.
Ramphonic's Avatar
Ramphonic Ramphonic is offline
Member with 45 posts.
THREAD STARTER
 
Join Date: Apr 2007
Experience: Beginner
03-Jul-2009, 10:48 AM #11
What is a sqserver??
cybertech's Avatar
Moderator with 69,375 posts.
 
Join Date: Apr 2002
Location: USA
03-Jul-2009, 10:57 AM #12
It's used to manage databases, typically large ones that a program like Access can't handle efficiently.
Ramphonic's Avatar
Ramphonic Ramphonic is offline
Member with 45 posts.
THREAD STARTER
 
Join Date: Apr 2007
Experience: Beginner
03-Jul-2009, 11:00 AM #13
Ok Ill have to look into that one

Thank You
cybertech's Avatar
Moderator with 69,375 posts.
 
Join Date: Apr 2002
Location: USA
03-Jul-2009, 11:20 AM #14
You're welcome!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑