Tech Support Forum - View Single Post - svchost using memory, low virtual memory warning

DJslim09 · 08-31-2006, 07:19 PM

Michael - 06-08-31 20:48:15.53
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\Michael\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-07-31 to 2006-08-31 ))))))))))))))))))))))))))))))))))

2006-08-03 10:52 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL
2006-07-31 19:30 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2006-07-31 19:30 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2006-07-31 19:30 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2006-07-31 19:30 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2006-07-31 19:30 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2006-07-31 19:30 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2006-07-31 19:30 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2006-07-31 19:30 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2006-07-31 19:30 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-31 20:44 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-31 20:02 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-08-31 19:58 -------- d-------- C:\Program Files\Norton Internet Security
2006-08-28 21:44 -------- d-------- C:\Program Files\DivX
2006-08-28 21:36 -------- d-------- C:\Program Files\Microsoft Games
2006-08-27 10:24 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-23 23:11 3932 --a------ C:\Documents and Settings\Michael\Application Data\LMLayout.dat
2006-08-23 23:11 268 --a------ C:\Documents and Settings\Michael\Application Data\LMCPaper.dat
2006-08-19 08:50 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-15 21:11 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-15 21:11 -------- d-------- C:\Program Files\iPod
2006-08-15 21:02 -------- d-------- C:\Program Files\Google
2006-08-12 15:34 -------- d-------- C:\Program Files\Internet Explorer
2006-08-10 12:43 -------- d-------- C:\Program Files\Winamp
2006-08-10 12:42 -------- d-------- C:\Program Files\Symantec
2006-08-10 12:41 -------- d-------- C:\Program Files\QuickTime
2006-08-10 12:22 -------- d-------- C:\Program Files\Messenger
2006-08-10 12:21 -------- d-------- C:\Program Files\iTunes
2006-08-10 12:06 -------- d-------- C:\Documents and Settings\Michael\Application Data\Symantec
2006-08-09 22:37 -------- d-------- C:\Program Files\CleanUp!
2006-08-09 22:32 -------- d-------- C:\Documents and Settings\Michael\Application Data\Talkback
2006-08-09 22:28 -------- d-------- C:\Documents and Settings\Michael\Application Data\Thunderbird
2006-08-09 22:28 -------- d-------- C:\Documents and Settings\Michael\Application Data\Mozilla
2006-08-03 10:52 -------- d-------- C:\Program Files\Registry Mechanic
2006-07-27 16:46 -------- d-------- C:\Documents and Settings\Michael\Application Data\Lavasoft
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-24 21:34 -------- d-------- C:\Program Files\Common Files
2006-07-24 13:49 -------- d-------- C:\Program Files\New Folder
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-07 16:41 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-07-07 16:41 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-07-07 16:41 13824 --a------ C:\WINDOWS\system32\drivers\SSFS041A.sys
2006-07-07 16:41 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-06-14 13:49 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-06-08 12:08 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-06-08 12:08 161472 --a------ C:\WINDOWS\system32\SymRedir.dll
2006-06-02 21:29 6 --a------ C:\WINDOWS\glhvt.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"BCMSMMSG"="BCMSMMSG.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"LMPDPSRV"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LMPDPSRV.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"RegistryMechanic"=""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"tunebite.exe"="C:\\Program Files\\tunebite\\tunebite.exe -hidden"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,c0
"OriginalStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,c4,02,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,c4,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Startup"="voltio.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Startup"="voltio.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Karen.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

Completion time: Thu 08/31/2006 20:58:56.43
ComboFix.txt

08-31-2006, 07:19 PM	#13 (permalink)
DJslim09 Registered User Join Date: Jul 2006 Location: Cleveland, OH Posts: 37 OS: Vista 64-bit SP1	combofix log Michael - 06-08-31 20:48:15.53 ComboFix 06.08.30BT - Running from: C:\Documents and Settings\Michael\Desktop ((((((((((((((((((((((((((((((( Files Created from 2006-07-31 to 2006-08-31 )))))))))))))))))))))))))))))))))) 2006-08-03 10:52 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL 2006-07-31 19:30 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2006-07-31 19:30 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2006-07-31 19:30 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2006-07-31 19:30 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2006-07-31 19:30 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2006-07-31 19:30 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2006-07-31 19:30 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2006-07-31 19:30 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2006-07-31 19:30 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-31 20:44 -------- d-------- C:\Program Files\Mozilla Firefox 2006-08-31 20:02 -------- d-------- C:\Program Files\Mozilla Thunderbird 2006-08-31 19:58 -------- d-------- C:\Program Files\Norton Internet Security 2006-08-28 21:44 -------- d-------- C:\Program Files\DivX 2006-08-28 21:36 -------- d-------- C:\Program Files\Microsoft Games 2006-08-27 10:24 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-08-23 23:11 3932 --a------ C:\Documents and Settings\Michael\Application Data\LMLayout.dat 2006-08-23 23:11 268 --a------ C:\Documents and Settings\Michael\Application Data\LMCPaper.dat 2006-08-19 08:50 -------- d-------- C:\Program Files\ewido anti-spyware 4.0 2006-08-15 21:11 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-08-15 21:11 -------- d-------- C:\Program Files\iPod 2006-08-15 21:02 -------- d-------- C:\Program Files\Google 2006-08-12 15:34 -------- d-------- C:\Program Files\Internet Explorer 2006-08-10 12:43 -------- d-------- C:\Program Files\Winamp 2006-08-10 12:42 -------- d-------- C:\Program Files\Symantec 2006-08-10 12:41 -------- d-------- C:\Program Files\QuickTime 2006-08-10 12:22 -------- d-------- C:\Program Files\Messenger 2006-08-10 12:21 -------- d-------- C:\Program Files\iTunes 2006-08-10 12:06 -------- d-------- C:\Documents and Settings\Michael\Application Data\Symantec 2006-08-09 22:37 -------- d-------- C:\Program Files\CleanUp! 2006-08-09 22:32 -------- d-------- C:\Documents and Settings\Michael\Application Data\Talkback 2006-08-09 22:28 -------- d-------- C:\Documents and Settings\Michael\Application Data\Thunderbird 2006-08-09 22:28 -------- d-------- C:\Documents and Settings\Michael\Application Data\Mozilla 2006-08-03 10:52 -------- d-------- C:\Program Files\Registry Mechanic 2006-07-27 16:46 -------- d-------- C:\Documents and Settings\Michael\Application Data\Lavasoft 2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-24 21:34 -------- d-------- C:\Program Files\Common Files 2006-07-24 13:49 -------- d-------- C:\Program Files\New Folder 2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-07 16:41 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2006-07-07 16:41 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2006-07-07 16:41 13824 --a------ C:\WINDOWS\system32\drivers\SSFS041A.sys 2006-07-07 16:41 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2006-06-14 13:49 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2006-06-08 12:08 534208 --a------ C:\WINDOWS\system32\SymNeti.dll 2006-06-08 12:08 161472 --a------ C:\WINDOWS\system32\SymRedir.dll 2006-06-02 21:29 6 --a------ C:\WINDOWS\glhvt.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "BCMSMMSG"="BCMSMMSG.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe" "LMPDPSRV"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LMPDPSRV.EXE" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\"" "KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k" "RegistryMechanic"="" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "tunebite.exe"="C:\\Program Files\\tunebite\\tunebite.exe -hidden" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "AllowLegacyWebView"=dword:00000001 "AllowUnhashedWebView"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,c0 "OriginalStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,c4,02,\ 00,00,04,00,00,c0 "RestoredStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,c4,02,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "System Startup"="voltio.exe" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "System Startup"="voltio.exe" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Karen.job C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job Completion time: Thu 08/31/2006 20:58:56.43 ComboFix.txt