MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: MEMORY BEING USED???
October 15, 2019, 01:47:19 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
October 15, 2019, 01:47:19 AM

Login with username, password and session length
 
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: MEMORY BEING USED???  (Read 1258 times)
TurboLung
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« on: March 04, 2005, 03:26:18 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: XP PRO
Problem Application Name & Version: TASK MANAGER, ADD REMOVE PROGRAMS
Problem Hardware Make & Model:
Error Messages:



hello cactus (are you the only mod in this section?),

i think something is screwing around with my memory because for the last week, after using the pc for a little while, things won't open, like explorer (firefox seems to run okay), task manager (the little green box shows in the task section on the right) and now 'add remove function'.

i have tried every virus/spyware program (avg, nortons 2004, antispyware, bug cleaner, spybot, adaware, pc bug doctor, spyhunter and more) but nothing helps. You know, that sitebar keeps coming back every now and again - i just don't know where it is hiding. anyway, can you please advise me what shouldn't be here in hijackthis:



here is my log:


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Preview AdService\PrevAdServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Preview AdService\PrevAdKeep.exe
C:\WINDOWS\System32\rant.exe
C:\WINDOWS\System32\egty0.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\AVDirChk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\aadam\Desktop\Stuff\Security\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=1000489
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=1000489
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tpg.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=1000489
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=1000489
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1000489
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1000489
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Dns Resolver] dnsrslve.exe
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [rant] rant.exe
O4 - HKLM\..\Run: [amtur3vb] egty0.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [AVDirChk] AVDirChk.exe
O4 - HKLM\..\RunServices: [Dns Resolver] dnsrslve.exe
O4 - HKLM\..\RunServices: [amtur3vb] egty0.exe
O4 - HKLM\..\RunServices: [rant] rant.exe
O4 - HKLM\..\RunServices: [AVDirChk] AVDirChk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dns Resolver] dnsrslve.exe
O4 - HKCU\..\Run: [rant] rant.exe
O4 - HKCU\..\Run: [amtur3vb] egty0.exe
O4 - HKCU\..\RunServices: [amtur3vb] egty0.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{555931C3-7CCA-4B5C-8588-3435889E69A4}: NameServer = 203.12.160.35 203.12.160.36
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


thanks for your time and help Smiley

tl
Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #1 on: March 26, 2005, 11:30:14 PM »

Hello and Welcome to TSF

Sorry for the delay, if you are still needing assistance please follow these instructions.

Download / Install / Update / and Run:
Adaware SE check for any updates before running it.
Get the plug-in for fixing VX2 variants. You can download it at this SITE
 To run this tool, install to the hard drive, then open Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection.

Download and install Spybot S&D . Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

You did not post your complete HJT log. Your missing the header.
Download and install:  HiJackThis 1.99.1.
Copy/Paste the info from your saved Hijackthis log file in this thread.
Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
TurboLung
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 10


Bookmark and Share

View Profile
« Reply #2 on: March 28, 2005, 05:47:27 AM »

thanks, i fixed the problem by using 'kill disc' on my hdd.

a virus was hiding on the 'master boot record'

thanks anyway - going for a surf - the waves are perfect today Huh?

tl
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page November 26, 2018, 10:05:33 PM