Computer is slow and shuts down explorer

  1. 11-05-2009  #21
    maria1019
    maria1019 is offline Newbie

    Re: Computer is slow and shuts down explorer

    Ok. I set initial size and maximum size to 750 MB.
    the computer is restarting now. I will let you know how it behaves once I starting working on it tonight.

    Thank you

  3. 11-05-2009  #22
    broni
    broni is offline Senior Member
    I'll be around
  4. 12-05-2009  #23
    maria1019
    maria1019 is offline Newbie
    Unfortunately I got the same message while working on my computer... I did not have too many windows open, just the usual as I always used to have (at least 3 tabs of IE open)

    I got the message "your system is low in virtual memory" or "minimum virtual memory too low"
    ... after about two of those messages I got an alert prior to my browser IE shutting down by itself. It said
    "Microsoft Visual C++ Runtime LIbrary (title)" -- and the message
    "Runtime Error! Program C:\Program Files\Internet Explorer\iexplore.exe
    abnormal program termination"
    Right after I closed that alert my browser closed by itself and could not open IE again until after a reboot.

    Any other thing I could do?

    Thank you
  5. 12-05-2009  #24
    broni
    broni is offline Senior Member
    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  6. 12-05-2009  #25
    maria1019
    maria1019 is offline Newbie
    Here is the combofix log

    ComboFix 09-05-12.02 - Owner 05/12/2009 16:02.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.298 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: Norton Internet Security *On-access scanning disabled* (Updated)
    FW: Norton Internet Security *enabled*
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\Owner\LOCALS~1\Temp\IadHide4.dll
    c:\documents and settings\Owner\Local Settings\Temp\IadHide4.dll
    c:\windows\IE4 Error Log.txt
    c:\windows\system32\dcbeg.bak2
    c:\windows\system32\dcbeg.tmp
    c:\windows\system32\iAlmcoin.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
    .

    2009-05-11 21:21 . 2009-05-11 22:10 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2009-05-11 03:07 . 2009-05-11 03:07 -------- d-----w c:\windows\system32\scripting
    2009-05-11 03:07 . 2009-05-11 03:07 -------- d-----w c:\windows\l2schemas
    2009-05-11 03:07 . 2009-05-11 03:07 -------- d-----w c:\windows\system32\en
    2009-05-11 02:19 . 2009-05-11 02:19 -------- d-----w c:\program files\WOT
    2009-05-10 03:22 . 2009-05-10 03:22 -------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2009-05-10 03:10 . 2009-05-10 03:10 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-05-10 03:10 . 2009-05-10 03:10 -------- d-----w c:\program files\SUPERAntiSpyware
    2009-05-10 03:10 . 2009-05-10 03:10 -------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
    2009-05-10 03:09 . 2009-05-10 03:09 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2009-05-09 20:36 . 2009-05-09 20:36 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
    2009-05-09 20:36 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-09 20:36 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-09 20:36 . 2009-05-09 20:36 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-09 20:36 . 2009-05-10 12:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-04-16 19:43 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
    2009-04-16 19:43 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
    2009-04-16 19:43 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
    2009-04-16 19:43 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
    2009-04-16 19:43 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-16 19:43 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-16 19:43 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
    2009-04-16 19:43 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
    2009-04-16 19:43 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
    2009-04-16 19:43 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-04-16 19:42 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
    2009-04-16 19:42 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
    2009-04-16 19:38 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
    2009-04-16 19:38 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2009-05-12 20:02 . 2003-10-14 13:31 -------- d-----w c:\program files\Common Files\Symantec Shared
    2009-05-11 19:14 . 2003-10-11 12:03 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-05-11 19:14 . 2003-10-11 10:51 -------- d-----w c:\program files\Java
    2009-05-11 03:13 . 2003-10-11 10:15 80795 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
    2009-05-11 03:10 . 2009-05-11 03:10 213089 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\ plugin\bin\jsharpde\motive.zip
    2009-05-11 03:10 . 2009-05-11 03:10 77824 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\ plugin\bin\FDIWrapper.dll
    2009-05-11 03:10 . 2009-05-11 03:10 212992 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\ plugin\bin\jsharpde\jsharpinterp.dll
    2009-05-11 03:10 . 2009-05-11 03:10 315392 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\ plugin\bin\jsharpde\pchmsxml.dll
    2009-05-11 03:10 . 2009-05-11 03:10 49152 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\ plugin\bin\PCHI18N.dll
    2009-05-11 03:10 . 2009-05-11 03:10 155877 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\ plugin\bin\jsharpde\js.zip
    2009-05-11 03:10 . 2009-05-11 03:10 114688 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARP4EN\ plugin\bin\jsharpde\asst_ui.dll
    2009-05-09 17:33 . 2005-11-08 00:04 -------- d-----w c:\program files\Trend Micro
    2009-04-21 18:52 . 2006-11-03 18:32 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-21 18:52 . 2006-11-03 18:32 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-21 18:52 . 2003-10-14 13:31 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-21 18:52 . 2003-10-14 13:31 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
    2009-04-21 18:52 . 2003-10-14 13:31 -------- d-----w c:\program files\Symantec
    2009-03-25 20:55 . 2009-03-25 20:45 -------- d-----w c:\program files\eFax Messenger 4.4
    2009-03-25 20:52 . 2006-09-11 04:11 -------- d-----w c:\program files\eFax Messenger 4.2
    2009-03-18 04:26 . 2008-07-03 22:31 -------- d-----w c:\program files\Microsoft SQL Server
    2009-03-06 14:22 . 2003-11-17 11:21 284160 ----a-w c:\windows\system32\pdh.dll
    2009-03-03 00:18 . 2005-06-18 03:49 826368 ----a-w c:\windows\system32\wininet.dll
    2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-02-19 18:03 . 2009-02-19 18:03 579464 ----a-w c:\windows\system32\SymNeti.dll
    2009-02-19 18:03 . 2009-02-19 18:03 207240 ----a-w c:\windows\system32\SymRedir.dll
    2009-02-19 17:31 . 2009-02-19 17:31 31280 ----a-w c:\windows\system32\drivers\SymIM.sys
    2009-02-19 17:31 . 2009-02-19 17:31 41008 ----a-w c:\windows\system32\drivers\symndisv.sys
    2009-02-19 17:31 . 2009-02-19 17:31 96560 ----a-w c:\windows\system32\drivers\symfw.sys
    2009-02-19 17:31 . 2009-02-19 17:31 38576 ----a-w c:\windows\system32\drivers\symids.sys
    2009-02-19 17:31 . 2009-02-19 17:31 37424 ----a-w c:\windows\system32\drivers\symndis.sys
    2009-02-19 17:31 . 2009-02-19 17:31 22320 ----a-w c:\windows\system32\drivers\symredrv.sys
    2009-02-19 17:31 . 2009-02-19 17:31 184496 ----a-w c:\windows\system32\drivers\symtdi.sys
    2009-02-19 17:31 . 2009-02-19 17:31 13616 ----a-w c:\windows\system32\drivers\symdns.sys
    2004-02-01 20:19 . 2004-02-01 20:19 0 ----a-w c:\program files\GeacInterealtyDS_SEF_657049172_20040201_2019 20.sql
    2007-08-25 03:52 . 2007-10-14 07:00 300400 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
    2008-11-20 15:43 . 2008-11-19 03:46 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-04-03 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]

    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 557056]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-10-11 16384]
    Microsoft Broadband Networking.lnk - c:\windows\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [2005-8-15 25214]

    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
    "c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
    "c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
    "c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/21/2009 3:08 PM 101936]
    S2 mrtRate;mrtRate; [x]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mo n.sys [5/29/2007 4:55 PM 23888]
    S3 DVC;USB DVC Svc;c:\windows\system32\drivers\DVC.sys [5/17/2004 3:01 AM 38604]
    S3 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\BdHidCom.sys [8/27/2007 1:05 AM 17408]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - COMHOST
    *Deregistered* - ALG
    *Deregistered* - Apple Mobile Device
    *Deregistered* - AudioSrv
    *Deregistered* - Automatic LiveUpdate Scheduler
    *Deregistered* - Bonjour Service
    *Deregistered* - Browser
    *Deregistered* - ccEvtMgr
    *Deregistered* - ccSetMgr
    *Deregistered* - CLTNetCnService
    *Deregistered* - comHost
    *Deregistered* - CryptSvc
    *Deregistered* - DcomLaunch
    *Deregistered* - Dhcp
    *Deregistered* - Dnscache
    *Deregistered* - ERSvc
    *Deregistered* - EventSystem
    *Deregistered* - FastUserSwitchingCompatibility
    *Deregistered* - gusvc
    *Deregistered* - helpsvc
    *Deregistered* - HTTPFilter
    *Deregistered* - JavaQuickStarterService
    *Deregistered* - lanmanserver
    *Deregistered* - lanmanworkstation
    *Deregistered* - LiveUpdate
    *Deregistered* - LiveUpdate Notice
    *Deregistered* - LmHosts
    *Deregistered* - MDM
    *Deregistered* - MSSQL$MSSMLBIZ
    *Deregistered* - Netman
    *Deregistered* - Nla
    *Deregistered* - NVSvc
    *Deregistered* - PolicyAgent
    *Deregistered* - ProtectedStorage
    *Deregistered* - RasMan
    *Deregistered* - RDPCDD
    *Deregistered* - RpcSs
    *Deregistered* - SamSs
    *Deregistered* - SASDIFSV
    *Deregistered* - SASKUTIL
    *Deregistered* - Schedule
    *Deregistered* - seclogon
    *Deregistered* - SENS
    *Deregistered* - SharedAccess
    *Deregistered* - ShellHWDetection
    *Deregistered* - SISAGP
    *Deregistered* - SPBBCDrv
    *Deregistered* - Spooler
    *Deregistered* - SQLBrowser
    *Deregistered* - SQLWriter
    *Deregistered* - sr
    *Deregistered* - srservice
    *Deregistered* - SRTSP
    *Deregistered* - SRTSPX
    *Deregistered* - Srv
    *Deregistered* - SSDPSRV
    *Deregistered* - swenum
    *Deregistered* - SYMDNS
    *Deregistered* - SymEvent
    *Deregistered* - SYMFW
    *Deregistered* - SYMIDS
    *Deregistered* - SYMIDSCO
    *Deregistered* - SymIMMP
    *Deregistered* - symlcbrd
    *Deregistered* - SYMNDIS
    *Deregistered* - SYMREDRV
    *Deregistered* - SYMTDI
    *Deregistered* - TapiSrv
    *Deregistered* - Tcpip
    *Deregistered* - TermDD
    *Deregistered* - TermService
    *Deregistered* - Themes
    *Deregistered* - TrkWks
    *Deregistered* - UDFReadr
    *Deregistered* - UMWdf
    *Deregistered* - Update
    *Deregistered* - VgaSave
    *Deregistered* - viaagp1
    *Deregistered* - VolSnap
    *Deregistered* - W32Time
    *Deregistered* - Wanarp
    *Deregistered* - WebClient
    *Deregistered* - WinDriver6
    *Deregistered* - winmgmt
    *Deregistered* - WS2IFSL
    *Deregistered* - wscsvc
    *Deregistered* - wuauserv
    *Deregistered* - WZCSVC
    .
    Contents of the 'Scheduled Tasks' folder

    2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]

    2009-05-12 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-19 04:15]

    2009-05-12 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
    - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.sciencedaily.com/
    uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
    mStart Page = hxxp://qus10.hpwis.com/
    mSearch Bar = hxxp://srch-qus10.hpwis.com/
    uInternet Settings,ProxyOverride = localhost
    IE: &Search
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    LSP: SpSubLSP.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} - hxxp://sef.mlxchange.com/Control/SISC.cab
    DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://sef.mlxchange.com/Control/MultiSelectComboBox.cab
    DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://sef.mlxchange.com/Control/MLXClientUtils.cab
    DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://sef.mlxchange.com/5.0.05.46/Control/IRCSharc.cab
    FF - ProfilePath -
    .

    ************************************************** ************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2009-05-12 16:16
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(812)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    - - - - - - - > 'lsass.exe'(872)
    c:\windows\system32\SpSubLSP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE
    c:\program files\Microsoft Broadband Networking\MSBNTray.exe
    c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
    c:\program files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    .
    ************************************************** ************************
    .
    Completion time: 2009-05-12 16:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-05-12 20:32

    Pre-Run: 36,443,377,664 bytes free
    Post-Run: 37,126,221,824 bytes free

    289 --- E O F --- 2009-05-12 05:44
  7. 12-05-2009  #26
    maria1019
    maria1019 is offline Newbie
    HijackThis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:46:20 PM, on 5/12/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
    C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Advertising Your Business with Yahoo! Search Marketing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Science Daily: News & Articles in Science, Health, Environment & Technology
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Advertising Your Business with Yahoo! Search Marketing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\6mxws9b8.slt\prefs.j s)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
    O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://sef.mlxchange.com/Control/FileCruiser.cab
    O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://sef.mlxchange.com/Control/Specfile.cab
    O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://sef.mlxchange.com/Control/SISC.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
    O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://sef.mlxchange.com/Control/Mul...ctComboBox.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - https://valuemanager.iasreo.com/BPO/ImageUploader5.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133755383468
    O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
    O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://sef.mlxchange.com/Control/MLXClientUtils.cab
    O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://sef.mlxchange.com/Control/LiteGrid.cab
    O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sef.mlxchange.com/5.0.05.46/Control/IRCSharc.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://names1.viewnetcam.com:50000/SysCamInst.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - https://web11.farvv.com/sn/ImageUploader4.cab
    O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://sef.mlxchange.com/Control/AspCustomCtrls.cab
    O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O24 - Desktop Component 0: (no name) - http://www.mlxchange.com/Images/fadedBackground.jpg

    --
    End of file - 11758 bytes
  8. 13-05-2009  #27
    broni
    broni is offline Senior Member
    Uninstall Combofix:

    Go Start > Run
    Type in:
    combofix /u
    Note the space between the "combofix" and the "/u"
    Restart computer.

    Any improvement?
    Does the error happen only, when you use IE?
  9. 13-05-2009  #28
    maria1019
    maria1019 is offline Newbie
    I did notice my computer working faster now and have not seen the message again.

    The error only occured when using IE, but then again... I only use my computer to get in the internet (w/ IE)...
    I will need to use my computer again tomorrow afternoon and will let you know how it behaves.

    Thank you for all your help.
  10. 13-05-2009  #29
    broni
    broni is offline Senior Member
    Very good
    Keep us posted...
  11. 17-05-2009  #30
    maria1019
    maria1019 is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    unfortunately it is still giving me the message "virtual memory minimum set too low" and IE shuts down.
+ Reply to Thread
Page 3 of 4 FirstFirst 1 2 3 4 LastLast
« I have a Win32/Hidrag virus and looking for help | slow computer »