Jump to content

Memory hog process, link redirects?


Recommended Posts

This process is using quite a bit of memory, and I'm not pinging anyone. Also, random links I click on the internet will sometimes cycle through a bunch of different video/game websites in a matter of seconds before stopping on one. Possibly related, my internet has been cutting out periodically since this has started happening.

Here's the log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Run by scott at 21:37:11 on 2011-12-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.82 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\VIA\RAID\raid_tool.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\V0510Mon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Pidgin\pidgin.exe

E:\D Drive\Program Files (x86)\irc\mIRC-\mirc.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\System32\ping.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background

mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [V0510Mon.exe] c:\windows\V0510Mon.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Cm108Sound] RunDll32 cm108.cpl,CMICtrlWnd

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\scott\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - e:\program files\aim\aim.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274548559000

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{579AD0F0-E5BF-42B1-B341-574680D241EE} : DhcpNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\scott\application data\mozilla\firefox\profiles\bjybphpj.default\

FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\scott\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-12-15 64512]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-4 1361288]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-12 2152152]

R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2009-7-17 3576320]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-12 15232]

R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2011-1-17 1511936]

R3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2010-5-22 254080]

R3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2010-5-22 7424]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-28 136176]

S3 cpuz132;cpuz132;\??\c:\docume~1\scott\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\scott\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 dxdiag;dxdiag;c:\docume~1\scott\locals~1\temp\dxdiag.sys [2010-6-5 43508]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-28 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-7-19 155344]

.

=============== Created Last 30 ================

.

2011-12-16 04:26:48 388096 ----a-r- c:\documents and settings\scott\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-12-16 04:26:47 -------- d-----w- c:\program files\Trend Micro

2011-12-16 03:36:52 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-12-16 03:36:42 3196 ---ha-w- C:\aaw7boot.cmd

2011-12-16 00:03:30 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-12-16 00:03:20 -------- d-----w- c:\program files\Lavasoft

2011-12-15 06:52:34 -------- d-----w- c:\documents and settings\scott\application data\Malwarebytes

2011-12-15 06:52:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-12-15 06:52:16 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-15 06:52:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-12-16 00:19:21 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-01 20:35:20 81920 ------w- c:\windows\system32\ieencode.dll

2011-11-01 20:35:20 667136 ----a-w- c:\windows\system32\wininet.dll

2011-11-01 20:35:20 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-11-01 15:02:49 369664 ------w- c:\windows\system32\html.iec

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2005-04-01 04:17:42 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

============= FINISH: 21:38:23.04 ===============

Attach.zip

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (AVG and Lavasoft). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.