1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

virus filling up memory

Discussion in 'Virus & Other Malware Removal' started by Ramphonic, Jun 26, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. Ramphonic

    Ramphonic Thread Starter

    Joined:
    Apr 30, 2007
    Messages:
    45
    Im trying to help my friend with his vista computer. He says its been acting weird for weeks. The memory is showing full but there are hardly any progams on there. He did a backup and it helped for a little bit. I tried helping by running malbytes but now it will not start back up. It showed several adwares and listed 2 trojans. It kept coming up with an error but finally went to restart. It comes up startup repair but wont do anything.

    Any help on what direction I should go in??

    Thanks
     
  2. Ramphonic

    Ramphonic Thread Starter

    Joined:
    Apr 30, 2007
    Messages:
    45
    I ran superantispyware on friday and it came back with nothing. It is still showing that no memory is available. I am going to try and run a hijackthis tonight and post that up. Any other suggestions???
     
  3. Ramphonic

    Ramphonic Thread Starter

    Joined:
    Apr 30, 2007
    Messages:
    45
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:54:48 PM, on 6/29/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18248)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dealer.toyota.com/login.asp?TYPE=33554433&REALMOID=06-000845d0-03e7-1f0b-840f-80f79e010000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$3avwEkwuc/460YK4oHZM8/VmkXpfSzmNXW560V31kCCeIWXsHXeYYA==&TARGET=$SM$http://dealer.toyota.com/ (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.imgsv01
    O15 - Trusted Zone: *.lexus.com
    O15 - Trusted Zone: http://ddcc.toyota.com
    O15 - Trusted Zone: http://dealer.toyota.com
    O15 - Trusted Zone: *.toyota.com
    O15 - Trusted Zone: *.toyotaworkout.com
    O15 - Trusted Zone: *.uotdealereducation.com
    O15 - Trusted IP range: http://206.180.1.95
    O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - http://ddcc.toyota.com/edealer/20420/applets/SiebelAx_Desktop_Integration.cab
    O16 - DPF: {CD9C0F1B-D8F9-4229-B76C-5EF6B14372E4} (Siebel High Interactivity Framework) - http://ddcc.toyota.com/edealer/20420/applets/SiebelAx_HI_Client.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E4B845EF-0509-47CA-84B7-7C32DD8C9136}: NameServer = 198.6.1.3,198.6.1.4
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: DMS Communications Manager - MenuVantage - C:\Program Files\MenuVantage\DMS Communications Manager 8.0\CommManager.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: SQServer - SelectQu - C:\selectqu\SQServer.exe
    O23 - Service: sqserver3 - SelectQu - c:\DataCube3\sqserver3.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 8468 bytes
     
  4. Ramphonic

    Ramphonic Thread Starter

    Joined:
    Apr 30, 2007
    Messages:
    45
    right off the bat O13 - Gopher Prefix: worries me

    what do you think?
     
  5. Ramphonic

    Ramphonic Thread Starter

    Joined:
    Apr 30, 2007
    Messages:
    45
    I am stumped. Malwarebytes and Superantispyware are not finding anything now. So i wonder what else it could be??

    Any ideas??
     
  6. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,446
    Gopher Prefix is normal in Vista.

    Is this a workplace machine or personally owned machine?
     
  7. Ramphonic

    Ramphonic Thread Starter

    Joined:
    Apr 30, 2007
    Messages:
    45
    Both I believe
     
  8. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,446
    We prefer not to work on machines that are used for business purposes. It is likely we may damage something that is needed.
     
  9. Ramphonic

    Ramphonic Thread Starter

    Joined:
    Apr 30, 2007
    Messages:
    45
    Ok I understand
     
  10. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,446
    I notice SQServer running that can use a lot of RAM.
     
  11. Ramphonic

    Ramphonic Thread Starter

    Joined:
    Apr 30, 2007
    Messages:
    45
    What is a sqserver??
     
  12. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,446
    It's used to manage databases, typically large ones that a program like Access can't handle efficiently.
     
  13. Ramphonic

    Ramphonic Thread Starter

    Joined:
    Apr 30, 2007
    Messages:
    45
    Ok Ill have to look into that one

    Thank You
     
  14. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,446
    You're welcome!
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/838465